Subscribe to our daily newsletter.
Subscribe

Streamlining aid delivery: Lessons from SBA’s digital modernization journey

America’s more than 32 million small businesses play an indispensable role in driving the U.S. economy. Small businesses account for 43.5% of gross domestic product, employ 61.7 million workers and generate payrolls topping $2.9 trillion, according to government data.

In March 2020, as COVID-19 emerged as a global threat, it became apparent that millions of small businesses were headed into economic peril. While White House officials and lawmakers moved with unusual speed to enact the Coronavirus Aid, Relief and Economic Security (CARES) Act, the task of administering financial aid to small businesses suddenly fell on the U.S. Small Business Administration (SBA).

Legacy challenge

As an independent cabinet agency with fewer than 3,000 employees, the SBA had, until then, managed small business loan and grant applications using an email-based processing and approval system involving shared mailboxes built on Microsoft Outlook. The agency’s outdated backend infrastructure had never been designed — and was ill-equipped — to handle the overwhelming volume of relief requests flooding in from all 50 states once the CARES Act was enacted. Inboxes and storage capacities hit their daily caps almost immediately. Customers started to receive “undeliverable” messages. And SBA employees were unable to keep up with the skyrocketing workloads.

Photo of Brian Quay, SBA Program Manager
Brian Quay, SBA Program Manager

SBA’s leadership quickly recognized what many other public and private sector organizations discovered at the onset of the pandemic — to remain effective in an environment of rapidly escalating and fast-changing needs, they needed to transition quickly from their existing operating systems and adopt a more modern and scalable digital solution that could meet their rapidly-changing needs.

Transformative solution

SBA officials turned to a cloud-based customer relationship management (CRM) platform, Microsoft Dynamics 365. The platform not only offered the scalability and customization the SBA needed but also allowed the SBA to implement a wide range of integrated features, including email automation, auto-routing, metrics recognition, storage optimization, spam prevention, app integration, and auditing capabilities.

More fundamentally, the shift to a modern CRM platform enabled the SBA to transition from a series of manual, labor-intensive processes to a more efficient, automated system that could quickly scale to the volume SBA needed.

Improved outcomes

Adopting a modern, cloud-based CRM platform not only helped SBA overcome a host of technology bottlenecks but also resulted in significant improvements in the SBA’s internal operations and customer service. The platform:

By making it easier to integrate apps and implement a knowledge base reference library, the modernization effort also allowed the SBA to consolidate information from various sources and streamline the decision-making process. That effort was further enhanced with the creation of a Tier 1 dashboard for individual users and a Tier 2 dashboard for team leads to track overall caseloads, giving SBA staff the ability to make data-driven decisions faster and adapt to changing circumstances.

Mission modernization

Moving to a scalable, cloud-based CRM platform helped the SBA rally quickly in response to the sudden flood of aid requests. It also catapulted the SBA’s ability to meet its broader mission of serving and supporting small businesses.

In particular, the new platform made it possible for the SBA to manage activities more effectively with — and gain deeper insights about — more than 11 million individuals in its contact list.

“We can come to the campaign tabs [on the dashboard] and see a list of all of the different campaigns that the SBA has created inside of the platform,” explained SBA Program Manager Brian Quay. The software allows SBA staff to roll up all the cases associated with a contact record and even view image files to validate what information has been provided. It also allows SBA staff to see the status and performance of various marketing campaigns and activities.

“We can see…the number of members that were on [a particular] marketing list, how many messages were successfully sent to them, and failures. This is something that has been a huge productivity gain for SBA [staff], who were previously mainly sending those emails out through Outlook without an ability to track success,” the official said. Altogether, the platform helped SBA create and send more than 50 million templated outreach email from February to September 2023.

Another dimension of the SBA’s customer service modernization is the implementation of Power BI dashboards natively embedded into Dynamics 365. This allows executives who aren’t trained to use Dynamics to still access the metrics it provides by leveraging Power BI on the web or their mobile devices.  

Within two and a half years, the SBA expanded the platform from four mailboxes to over 200 individual inboxes, used by close to 80 teams with an unprecedented volume of activity. According to recent estimates, the platform now tracks over 20 million cases to date and has resulted in operational cost savings of over $25 million.

Lessons learned

The SBA’s transition from an email-based tracking system to a cloud-based CRM platform yielded several valuable lessons for federal executives considering a similar transformation:

Firstly, the importance of scalability cannot be overstated. In a crisis situation, the ability to quickly scale up operations is crucial, and a flexible digital platform can make all the difference.

Secondly, customization matters. Tailoring the system to the agency’s unique needs ensures maximum efficiency and usability.

Thirdly, integration capabilities are a game-changer. The ability to connect different tools and data sources creates a unified ecosystem, enabling faster decision-making.

Lastly, automation is a key enabler of efficiency. By automating routine tasks, agencies can focus their efforts on high-impact activities and respond swiftly to emerging challenges.

The Small Business Administration’s journey to digital modernization also demonstrates that in a rapidly evolving world, embracing innovative solutions is not just an option; it’s a necessity to empower organizations to thrive, grow, and support those they serve.

The report was produced by Scoop News Group for FedScoop, as part of a series on innovation in government, underwritten by Microsoft Federal.

OPM issues generative AI guidance, competency model for AI roles required by Biden order

Guidance on generative AI and a competency model for AI roles are among the latest actions that the Office of Personnel Management has completed under President Joe Biden’s executive order on the technology, an agency spokesperson said.

In a statement provided to FedScoop ahead of the Monday announcement, OPM disclosed it would issue guidance on use of generative AI tools for the federal workforce; a competency model and skills-based hiring guidance for AI positions to help agencies find people with the skills needed for those roles; and an AI competency model specifically for civil engineering

All of those actions were among those the agency was required to complete at the 180-day mark of the October executive order, which would have been over the weekend. The spokesperson also noted that the agency established an interagency working group for AI, as required by the order. 

OPM was given multiple actions under the sweeping order, most of which were aimed at helping agencies attract and retain a federal workforce prepared to address AI. That role is important as the government is working to rapidly hire for 100 AI positions by this summer. The latest actions from OPM give federal agencies a better roadmap for hiring workers in those positions.

They also add to OPM’s existing work under the order, which has included authorizing direct hire authority for AI-related positions and outlining incentives for attracting and retaining AI workers in the federal government. 

Notably, OPM’s action on the responsible use of generative AI comes as agencies across the government have been developing their own unique approaches to those tools for their workforces. Those policies have ranged from banning the use of certain third-party tools to allowing use across the workforce with guidelines. 

The OPM guidance, which was posted publicly Monday, outlines risks and benefits of the technology along with best practices for implementing it in work. 

Though it ultimately directs employees to consult their agency’s policy, the guidance provides examples of uses and specific considerations for those uses, such as summarizing notes and transcripts, drafting content, and using generative tools for software and code development. 

“GenAI has the potential to improve the way the federal workforce delivers results for the public,” the guidance says. “Federal employees can leverage GenAI to enhance creativity, efficiency, and productivity. Federal agencies and employees are encouraged to consider how best to use these tools to fulfill their missions.”

Under the order, OPM was required to create that guidance in consultation with the Office of Management and Budget. 

In addition to the competency models and guidance, the OPM spokesperson also disclosed that the agency issued an AI classification policy and talent acquisition guidance. While those actions support the rest of OPM’s work, they weren’t required by Biden’s executive order but rather the 2020 AI in Government Act. The spokesperson described those actions as addressing “position classification, job evaluation, qualifications, and assessments for AI positions.”

OPM is seeking feedback on that policy and guidance in a 30-day comment period ending May 29. 

This story was updated April 29, 2024, with additional information and links from OPM released Monday.

CISA unveils guidelines for AI and critical infrastructure

The Cybersecurity and Infrastructure Security Agency on Monday released safety and security guidelines for critical infrastructure, a move that comes just days after the Department of Homeland Security announced the formation of a safety and security board focused on the same topic. The guidelines for critical infrastructure owners and operators also fulfills CISA’s obligations under the Biden administration’s October executive order on artificial intelligence.   

The guidelines are meant to address both the opportunities made possible by artificial intelligence for critical infrastructure — which spans 16 sectors, including farming and information technology — and the ways it could be weaponized or misused. CISA instructs operators and owners of critical infrastructure to govern, map, measure, and manage their use of the technology, incorporating the National Institute of Standards and Technology’s AI risk management framework

“Based on CISA’s expertise as National Coordinator for critical infrastructure security and resilience, DHS’ Guidelines are the agency’s first-of-its-kind cross-sector analysis of AI-specific risks to critical infrastructure sectors and will serve as a key tool to help owners and operators mitigate AI risk,” CISA Director Jen Easterly in a statement. 

The guidelines emphasize a range of steps, including understanding the dependencies of AI vendors that operators might be working with and inventorying AI use cases. They also encourage critical infrastructure owners to create procedures for reporting AI security risks and continually testing AI systems for vulnerabilities. 

Opportunities related to AI span categories including operational awareness, customer service automation, physical security, and forecasting, according to the guidelines. At the same time, the new document also warns that AI risks to critical infrastructure could include attacks facilitated with AI, attacks aimed at AI systems, and “failures in AI design and implementation,” which could lead to potential malfunctions or other unintended consequences. 

“AI can present transformative solutions for U.S. critical infrastructure, and it also carries the risk of making those systems vulnerable in new ways to critical failures, physical attacks, and cyber attacks. Our Department is taking steps to identify and mitigate those threats,” Homeland Security Secretary Alejandro Mayorkas said in a statement. 

DHS has been especially active in recent months on artificial intelligence, most notably with the release of its AI roadmap in March. Earlier this month, the department announced that Office of Management and Budget alum Michael Boyce would lead its AI Corps, a group of 50 experts in the technology that the agency aims to hire through 2024. The department also brought on technology company executives — including Sam Altman of OpenAI and Sundar Pichai from Alphabet — to assist with its new board focused on AI and critical infrastructure. 

ACLU seeks AI records from NSA, Defense Department in new lawsuit

The American Civil Liberties Union is seeking the disclosure of records related to the National Security Agency’s use of artificial intelligence, as the Biden administration emphasizes transparency surrounding use of the technology in the government.

In a Thursday complaint, the ACLU asked the U.S. District Court for the Southern District of New York to compel the release of documents detailing the agency’s integration of the technology and plans for the future. Despite the agency’s public comments about its AI efforts and past pledges to be transparent, those documents haven’t yet been released, the ACLU argued.

“Immediate disclosure of these records is critical to allowing members of the public to participate in the development and adoption of appropriate safeguards for these society-altering systems,” the ACLU said in its filing, which was first reported by Bloomberg Law.

In addition to the NSA, the complaint also names the Department of Defense and the Office of the Director of National Intelligence — which oversee the spy agency — as plaintiffs.

The Freedom of Information Act lawsuit comes as the Biden administration has underscored the need for transparency in the use of AI by the government. In an Office of Management and Budget memo released last month, the administration expanded what civilian agencies are required to report in their annual, public AI use case inventories, adding requirements for safety- and rights-impacting uses. Certain intelligence community agencies and DOD, however, continue to be exempt from that process.

“Transparency is one of the core values animating White House efforts to create rules and guidelines for the federal government’s use of AI, but exemptions for national security threaten to obscure some of the most high-risk uses of AI,” Patrick Toomey, deputy director of the ACLU’s National Security Project who is representing the civil rights organization, told FedScoop.

Toomey said the NSA has described itself as a leader among the intelligence agencies in the development and deployment of AI, and officials have noted that it’s using the technology to gather information on foreign governments, assist with language processing, and monitor networks for cybersecurity threats. 

“But unfortunately, that’s about all we know,” Toomey said. “And as the NSA integrates AI into some of its most profound decisions, it’s left the public in the dark about how it uses AI and what safeguards, if any, are in place to protect everyday Americans and others around the world whose privacy hangs in the balance.”

The complaint pointed to several actions the NSA has taken on AI, including a joint evaluation of the agency’s integration of AI, conducted by its inspector general and DOD, and studies and roadmaps NSA has completed about its use of the technology.

The specific documents being requested include an October 2022 report from DOD and NSA titled “Joint Evaluation of the National Security Agency’s Integration of Artificial Intelligence,” several roadmap documents created by NSA starting in January 2023, and documents related to the agency’s proposed uses of AI and machine learning created on or after January 2022.

The NSA didn’t immediately respond to FedScoop’s request for comment on the lawsuit. 

While the intelligence community is exempt from the inventory process that other civilian agencies must complete, President Joe Biden’s October 2023 executive order on AI required the development of a memo on the governance of AI that’s used for national security, military or intelligence. That memo is required to be produced 270 days after the issuance of the order. 

Toomey said the ACLU is hopeful that memo “will incorporate some of the very important transparency principles that the Biden administration and even the intelligence agencies have publicly committed themselves to.”

IRS touts Direct File usage, while mulling the future of the program

More than 140,000 taxpayers across 12 states used the IRS’s Direct File system this filing season, claiming more than $90 million in refunds and reporting $35 million in balances due, the tax agency said Friday. The future of the program, however, hasn’t yet been determined.

The IRS said that the pilot — which allowed for taxpayers in Arizona, California, Florida, Massachusetts, Nevada, New Hampshire, New York, South Dakota, Tennessee, Texas, Washington and Wyoming to electronically file their federal returns in 2024 directly with the agency at no cost — “started out small” and picked up “steadily increasing interest” from filers in those 12 states. 

“From the very beginning of the Direct File pilot, we wanted to test new ways to give taxpayers an easy, accurate and free way to file their taxes online directly with the IRS,” Commissioner Danny Werfel said in a statement. “We saw a strong response from the pilot, and Direct File’s users generally found it fast and easy to use. This is an important part of our effort to meet taxpayers where they are, give them options to interact with the IRS in ways that work for them and help them meet their tax obligations as easily and quickly as possible.”

Werfel added that the agency will now review results from the pilot, take in feedback and make a decision on Direct File, with the expectation of “an announcement about future plans later this spring.”

“We will consult a wide variety of stakeholders to understand how lessons from Direct File can help us improve the entire tax system as well as assess next steps,” Werfel said.

The IRS said usage of Direct File surpassed expectations and “far exceeded what was necessary to provide sufficient data for the agency to evaluate.” The pilot program ran as the agency embarked on broader IT and customer service modernization initiatives fueled in part by billions in Inflation Reduction Act funds. 

The IRS’s decision to develop a free tax filing tool represents a major challenge to the highly lucrative tax preparation industry. The development of a free tax filing tool — something most taxpayers have access to in developed countries — could eat into the revenues of firms like H&R Block and Intuit, the maker of TurboTax.

In a statement Friday, an Intuit spokesperson questioned some of the statistics cited by the IRS in its Direct File statement. 

“IRS claims of $90 million in refunds to Direct File filers acknowledges that those that filed their taxes with Direct File potentially received average refunds of around $640 which is thousands of dollars lower than the IRS’s own data showing the nation’s average refund is around $3,000,” Intuit spokesperson Rick Heineman said. “This means filers using Direct File not only paid for an already free service with their tax dollars but on average also got a substantially smaller refund.”

The IRS said in its press release that the total amount spent by the agency on Direct File was $24.6 million, a figure that Heineman said was “clearly low, inaccurate, and the IRS even acknowledges conveniently leaving out necessary costs to build and run the pilot.”

A Government Accountability Office report issued earlier this month found that the IRS’s budget estimates for Direct File didn’t include start-up costs for the technology behind the system. The congressional watchdog said the IRS would need “a comprehensive accounting” of Direct File’s costs if the agency decided to extend the program beyond 2024.

This story was updated April 26, 2024, with comments from an Intuit spokesperson.

DHS launches safety and security board focused on AI and critical infrastructure 

The Department of Homeland Security on Friday announced the creation of its new Artificial Intelligence Safety and Security Board. The formation of the group comes as the department ramps up its focus on AI and as concern grows about the technology’s impacts on critical services. 

The board includes representatives of major technology companies, including OpenAI CEO Sam Altman and Alphabet CEO Sundar Pichai, as well as experts focused on artificial intelligence and civil rights. Also represented are leaders of companies focused on computer chips, like Lisa Su of Advanced Micro Devices and Jensen Huang, president and CEO of NVIDIA. Government leaders in the group include Seattle Mayor Bruce Harrell and Arati Prabhakar, director of the White House Office of Science and Technology Policy. 

On a call with reporters Friday, DHS Secretary Alejandro Mayorkas gestured to a range of opportunities and concerns related to AI and critical infrastructure, which covers 16 sectors including defense, agriculture, energy, and internet technology. The department also expects to release guidelines related to critical infrastructure and artificial intelligence next week, he added.


The group will meet for the first time in May and will eventually form new recommendations for integrating artificial intelligence into critical infrastructure and protecting against any risks the technology might present. Mayorkas said he was personally involved in selecting members of the board, and addressed specific criticisms of OpenAI’s Altman by saying he had “no hesitation” about tapping the executive. 

“Ultimately AI is a tool, a potent tool, and it must be developed and applied with an understanding of how it will impact the individual, community, and society at large,” board member Fei-Fei Li, co-director of the Stanford Human-centered Artificial intelligence Institute, said in a statement. 

Maya Wiley, another board member and the president and CEO of the Leadership Conference on Civil and Human Rights, added that “it is critical to have a civil rights perspective on any board with the mission to responsibly deploy artificial intelligence in our nation’s infrastructure. Critical infrastructure plays a key role ensuring everyone has equal access to information, goods, and services. It also poses great threats, including the spread of bias and hate speech online, stoking fear, distrust, and hate in our communities of color.”

Social media companies, which are not technically part of the 16 critical infrastructure sectors, are not represented on the board. “That’s a discrete line of endeavor that I did not feel is really within the center of what we are focused upon,” Mayorkas said in response to a FedScoop question. 

The department also referenced progress with its quest to beef up its internal staff focused on artificial intelligence. The agency said it’s received 4,000 applications for its AI Corps, a group of 50 experts in the technology it hopes to hire over the course of this year. Michael Boyce, a former OMB official, will lead that group. DHS has also launched an AI roadmap and is developing several generative AI pilots

GSA welcomes nominations for advisory committee focused on federal transparency efforts

The General Services Administration said Friday that it is soliciting nominations across the private and public sectors for an Open Government Federal Advisory Committee that will work to create, implement and monitor the Open Government National Action Plan and other relevant commitments. 

In addition to work on the action plan, which centers on transparency and public access to information and research pertaining to the federal government, the committee will advise the GSA’s administrator on open government issues, challenges and opportunities that emerge in order to support the agency’s open government secretariat. 

“The OG FAC will allow GSA to tackle emerging open government issues, challenges, and opportunities through expert advice from these stakeholders,” Krystal Brumfield, GSA’s associate administrator for government-wide policy, said in a press release. “We look forward to receiving innovative suggestions on the development of the sixth Open Government National Action Plan as well as other efforts to strengthen open government policy and public engagement.”

The committee, as outlined in a Federal Register post, will consist of between 10 and 20  federal and non-federal members that possess “strong background and expertise” in open government and improving government delivery services. Outside of federal agency officials, the committee is open to nominees from state and local government, industry and academia. 

The post lists background themes to include anti-corruption, digital governance, gender and inclusion, media freedom, public participation and more. 

The GSA said the OG FAC will meet “at least four times per year” and the convenings will be open to the public unless otherwise determined by appropriate authorities. 

Additionally, the agency’s open government secretariat is set to host a public session in May to field questions regarding the selection process and timeline.

Security flaws in IRS systems pose risk to financial statements, GAO says

A handful of security deficiencies in IRS information systems elevate the tax agency’s risk of inaccuracies in financial statements, the Government Accountability Office said Thursday.

In its report, the congressional watchdog highlighted “new and continuing” shortcomings with information systems and the safeguarding of assets, issues that increase the likelihood of unauthorized access to sensitive IRS data. The security deficiencies also pose a threat of disruption to critical agency operations, the GAO warned.

“The continuing control deficiencies related to transaction cycles increase the risk of financial statement misstatements,” the GAO said in its report. “IRS mitigated the potential effect of these control deficiencies primarily through compensating controls that management designed to help detect potential financial statement misstatements.”

The GAO’s audit of fiscal years 2022 and 2023 financial statements from the IRS revealed three new deficiencies, after the agency had taken “corrective actions” to address 51 previous recommendations from the watchdog — 15 of which have been completed and the remaining 36 are in progress.

Those newly identified deficiencies, which the GAO characterized as “sensitive in nature,” cover control problems in security management, access and configuration management. 

Configuration management appeared to present the most significant issues for the IRS, according to the report. Security settings for specific servers that support financial reporting-related systems were not consistently implemented; the watchdog delivered four recommendations to address that deficiency. 

For the security management control problem, the IRS failed to “consistently create a plan of action and milestones for identified weaknesses on a timely basis.” On access controls tied to monitoring and audits, the agency didn’t review and certify a monthly security report in a timely fashion. The GAO made one recommendation apiece for those deficiencies. 

IRS Commissioner Danny Werfel said in a letter responding to a draft version of the GAO’s report that the agency is “committed to implementing improvements dedicated to promoting the highest standard of financial management, internal controls, and information technology security.”

DHS picks OMB official to lead its new AI Corps

The Department of Homeland Security has named Michael Boyce as the new director of its AI Corps, an initiative to hire 50 artificial intelligence experts for the agency throughout the year. The announcement comes as DHS continues to ramp up its focus on the technology, and follows the agency’s release of a new AI roadmap and the establishment of an AI task force. 

“The Department of Homeland Security is by most accounts the largest federal civilian agency, the largest federal law enforcement agency, and the federal agency with [the] most daily interactions with the public,” said Boyce in a LinkedIn post Thursday. “As a former refugee officer who used to travel all over the world to determine which refugee officers can receive protection in the United States, I am keenly aware of the life-and-death importance of that mission.” 

The AI Corps, part of the department’s office of the chief information officer, will be expected to provide guidance for topic areas including software engineering, machine learning, and data science. DHS CIO Eric Hysen currently serves as the agency’s chief AI officer. Notably, the department’s components are already using myriad forms of AI, according to the agency’s AI Inventory

Boyce was previously a senior policy analyst at the Office of Management and Budget, where he focused on FedRAMP and AI policy, according to DHS. He also worked as the chief of innovation and design for the Refugee, Asylum and International Operations Directorate at U.S. Citizenship and Immigration Services, and as a product and strategy lead at the U.S. Digital Service. 

GSA taps Login.gov deputy director to take top role next month

Hanna Kim will take over as director of Technology Transformation Services’ Login.gov starting May 11, the General Services Administration confirmed Wednesday. 

Kim has served as the website’s first deputy director since January following a five-year stint at Amazon, where she developed “cutting-edge AI-based technology to scale policy enforcement,” per a GSA email. Kim previously worked across the federal government, serving with the departments of State, Treasury and Defense.

Dan Lopez-Braus, the outgoing director of Login.gov, will transition into a senior adviser position with TTS. 

TTS Director Ann Lewis said in a statement that Kim “will lead the team to implement the recently-announced launch of an optimized pricing structure and a new pilot for selfie-based identity verification, both of which will empower even more agencies and programs to use Login.gov to benefit people nationwide.” 

The news of Kim’s appointment follows an announcement from Login.gov earlier this month that it will pilot biometric technology for identity verification. The tool would allow users to take a “selfie” as a complementary feature to the site’s efforts to protect against identity fraud attempts and cyberattacks. 

A Government Accountability Office report released Monday listed Login.gov as a federal government use case for biometric identification. The congressional watchdog said the Department of Veterans Affairs and the Social Security Administration use it for identity verification for members of the public to access websites and services. 

The GAO issued five recommendations for policymakers to address concerns regarding biometric technology: conducting comprehensive evaluations to provide more information about the effects of biometric tech, enacting privacy laws or guidance, offering tech users additional training and guidance on how they might select and use the biometric technology appropriately, more widespread information-sharing about the tech, and applying a “risk-based” approach in the development of regulations and guidance. 

Biometric identification tech varies in “accuracy for different populations,” the GAO stated, but  there have been advances over the past four years that have led to notable improvements.

Correction: Due to an editing error, Kim was initially identified as a deputy director for TTS rather than deputy director of TTS’ Login.gov.