Hurricanes Katrina and Rita Disaster Relief: Prevention Is the	 
Key to Minimizing Fraud, Waste, and Abuse in Recovery Efforts	 
(29-JAN-07, GAO-07-418T).					 
                                                                 
Hurricanes Katrina and Rita destroyed homes and displaced	 
millions of individuals. While federal and state governments	 
continue to respond to this disaster, GAO has identified	 
significant control weaknesses--specifically in the Federal	 
Emergency Management Agency (FEMA)'s Individuals and Households  
Program (IHP) and in Department of Homeland Security (DHS)'s	 
purchase card program--resulting in significant fraud, waste, and
abuse. In response to the numerous recommendations GAO made, DHS 
and FEMA have reported on numerous actions taken to address our  
recommendations. Lessons learned from GAO's prior work can serve 
as a framework for an effective fraud prevention system for	 
federal and state governments as they consider spending billions 
more on disaster recovery. These lessons are particularly	 
important because funding that is lost to fraud, waste, and abuse
reduces the amount of money that could be delivered to victims in
need. Today's testimony will (1) describe key findings from past 
GAO work and (2) use the results from that work and GAO's other  
experiences to discuss the importance of an effective fraud,	 
waste and abuse prevention program.				 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-07-418T					        
    ACCNO:   A65324						        
  TITLE:     Hurricanes Katrina and Rita Disaster Relief: Prevention  
Is the Key to Minimizing Fraud, Waste, and Abuse in Recovery	 
Efforts 							 
     DATE:   01/29/2007 
  SUBJECT:   Accountability					 
	     Data integrity					 
	     Disaster relief aid				 
	     Erroneous payments 				 
	     Federal aid programs				 
	     Fraud						 
	     Hurricane Katrina					 
	     Hurricane Rita					 
	     Internal controls					 
	     Lessons learned					 
	     Monitoring 					 
	     Program abuses					 
	     Program evaluation 				 
	     Standards						 
	     Strategic planning 				 
	     Waste, fraud, and abuse				 
	     Government Purchase Card Program			 
	     Individuals and Households Program 		 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-07-418T

   

     * [1]Summary
     * [2]Prior Findings of Fraud, Waste, and Abuse
     * [3]Framework for Fraud Prevention, Detection, and Prosecution

          * [4]The Importance of Fraud, Waste, and Abuse Prevention to Katr
          * [5]Detection and Monitoring Help Assure that Funds Are Used for
          * [6]Collection Efforts, Investigations, and Prosecutions Are Far

     * [7]Conclusions
     * [8]Contacts

          * [9]Order by Mail or Phone

Testimony

Before the Committee on Homeland Security and Governmental Affairs, U.S.
Senate

United States Government Accountability Office

GAO

For Release on Delivery Expected at 10:00 a.m. EST

Monday, January 29, 2007

HURRICANES KATRINA AND RITA DISASTER RELIEF

Prevention Is the Key to Minimizing Fraud, Waste, and Abuse in Recovery
Efforts

Statement of Gregory Kutz, Managing Director Forensic Audits and Special
Investigations

GAO-07-418T

Chairman and Members of the Committee:

Thank you for the opportunity to discuss the fraud prevention lessons
learned as a result of the fraud, waste, and abuse that occurred as part
of the overall hurricanes Katrina and Rita recovery efforts. Making
landfall in August 2005, Hurricane Katrina was the costliest hurricane,
and one of the deadliest, in U.S. history. In May 2006, this committee
reported that Hurricane Katrina was responsible for over $150 billion in
damages and over 1,500 deaths, with thousands more reported missing.
Hurricane Katrina devastated much of the Gulf Coast; the storm surge
caused major or catastrophic damage along the coastlines of Alabama,
Louisiana, and Mississippi. About 80 percent of New Orleans was flooded
when levees protecting the city broke, and ultimately Hurricane Katrina
affected 90,000 square miles. Hurricane Rita caused further devastation,
making landfall on the Gulf Coast in September 2005, causing an estimated
$9.4 billion in damages and killing seven people. These two hurricanes
posed numerous, unprecedented challenges for the federal government and
state and local governments in the Gulf Coast region. For example, the
Federal Emergency Management Agency (FEMA) received far more applications
for housing and "other needs" assistance, and awarded more grant money in
2005-2006 for Hurricanes Katrina and Rita than for all of the hurricanes
that resulted in a disaster declaration in 2004 (Ivan, Charley, Frances,
and Jeanne) and 2003 (Isabel and Claudette) combined.1

The recovery effort in the Gulf Coast region in response to the two
hurricanes is unprecedented and will, over time, require an even more
substantial amount of funding. Testimonies we delivered on February 13,
June 14, and December 6, 2006,2 identified significant fraud, waste, and
abuse in just one of the programs FEMA uses to provide disaster recovery
assistance--the Individuals and Households Program (IHP). As of October
2006, FEMA reported to Congress that it had delivered approximately $7
billion in IHP aid for hurricanes Katrina and Rita. Areas we have
highlighted related to FEMA's IHP program included our estimate of $600
million to $1.4 billion of payments FEMA disbursed based on invalid
registrations made through February of 2006. These improper and
potentially fraudulent payments arose from breakdowns in preventive
controls that failed to identify bogus registrations made using
information such as invalid Social Security numbers and bogus damaged
addresses. Numerous other areas of internal control weaknesses resulted in
additional fraud, waste, and abuse. For example, we have identified
duplicate claims for hurricanes Katrina and Rita, payments to nonqualified
aliens, improper use of the government purchase cards, and missing or
stolen government computers, printers, and other items. Our testimony
before this committee on July 19, 2006,3 identified additional examples of
fraud, waste and abuse related to the use of Department of Homeland
Security (DHS) purchase cards for response and recovery efforts. Based on
these findings, we have made recommendations to FEMA and DHS to develop
effective systems and controls to minimize fraud, waste, and abuse. In
response to our recommendations FEMA and DHS have identified numerous
actions they have taken to address our recommendations, and improve
internal controls.

1 GAO, Hurricanes Katrina and Rita: Unprecedented Challenges Exposed the
Individuals and Households Program to Fraud and Abuse; Actions Needed to
Reduce Such Problems in Future, [10]GAO-06-1013 (Washington, D.C.: Sept.
27, 2006).

2 GAO, Expedited Assistance for Victims of Hurricanes Katrina and Rita:
FEMA's Control Weaknesses Exposed the Government to Significant Fraud and
Abuse, [11]GAO-06-403T (Washington, D.C.: Feb. 13, 2006); GAO, Hurricanes
Katrina and Rita Disaster Relief: Improper and Potentially Fraudulent
Individual Assistance Payments Estimated to Be Between $600 Million and
$1.4 Billion, [12]GAO-06-844T (Washington, D.C.: June 14, 2006); GAO,
Hurricanes Katrina and Rita Disaster Relief: Continued Findings of Fraud,
Waste, and Abuse, [13]GAO-07-252T (Washington, D.C.: Dec. 6, 2006).

Crucial internal controls and control weaknesses we identified during our
work on the IHP program, and requirements in the Comptroller General's
Standards for Internal Control in the Federal Government,4 are directly
relatable to controls over disaster recovery assistance efforts. Lessons
learned from our findings of fraud, waste, and abuse related to Katrina
and Rita can serve as a lesson for federal and state governments as they
consider spending substantial sums--estimated to be billions of additional
dollars--on Katrina and Rita recovery efforts and for future disaster
recovery spending beyond Katrina and Rita. Identifying and adopting these
lessons are crucial because disaster assistance and recovery funds that is
lost to fraud, waste, and abuse reduce the amount of money that could be
delivered to alleviate the pain, suffering, and needs of legitimate
victims of disasters. Further, fiscal challenges facing federal and state
governments only increase the need for pressure on agencies to best ensure
that available disaster relief funding is spent as efficiently and
effectively as possible. My testimony today will (1) summarize the key
findings of fraud, waste, and abuse from our past work related to
hurricanes Katrina and Rita recovery efforts and (2) use the results from
that work and GAO's other experiences to discuss the importance of an
effective fraud, waste, and abuse prevention program.

3 GAO, Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable to
Fraudulent, Improper, and Abusive Activity, [14]GAO-06-957T (Washington,
D.C.: July 19, 2006). This work was performed jointly with the DHS Office
of Inspector General.

4 The Federal Managers' Financial Integrity Act of 1982 (FMFIA) required
that GAO issue standards for internal control in government resulting in
the issuance of Internal Control: Standards for Internal Control in the
Federal Government, [15]GAO/AIMD-98-21.3.1 (Washington, D.C.: Nov. 1999).

To address our objectives, we reviewed prior findings from GAO audits of
hurricane Katrina and Rita relief efforts. We also reviewed applicable
guidance on internal control standards from the Comptroller General's
Standards for Internal Controls in the Federal Government.5 We conducted
our audit work in accordance with generally accepted government auditing
standards and conducted investigative work in accordance with standards
prescribed by the President's Council on Integrity and Efficiency.

Summary

Findings from our prior work on FEMA's IHP payments and DHS's purchase
card program show that fraud, waste, and abuse related to hurricanes
Katrina and Rita disaster assistance are significant. Due to the need to
provide assistance quickly and expedite purchases, programs without
effective fraud prevention controls can end up losing millions or
potentially billions of dollars to fraud, waste, and abuse. For example,
for the FEMA IHP program alone, we estimate that through February 2006,
FEMA made about 16 percent, or $1 billion, in improper and potentially
fraudulent payments to registrants who used invalid information to apply
for disaster assistance. Subsequent findings showed additional improper
and potentially fraudulent payments for IHP and acquisitions made using
DHS purchase cards.

The following are some examples from our work related to the hurricane
Katrina and Rita recovery efforts that are symptomatic of an ineffective
fraud, waste, and abuse prevention program.

           o Millions of dollars paid to individuals who used bogus damaged
           property addresses, invalid Social Security numbers, or duplicate
           registrations.

           o Millions of dollars in payments to thousands of registrants who
           used Social Security numbers that had never been issued or
           belonged to deceased individuals.

           o Millions of dollars paid on over 1,000 registrations containing
           the names and Social Security numbers of individuals incarcerated
           in federal or state prisons during the hurricanes.

           o FEMA provided thousands of registrants rental assistance money
           while at the same time providing rent-free housing in hotels,
           apartments, and FEMA trailers.

           o FEMA provided about $20 million dollars in potentially duplicate
           payments to individuals who registered and received assistance
           twice, for both hurricanes Katrina and Rita, using the same Social
           Security number and damaged address.

           o Several million dollars worth of IHP payments were made to
           ineligible nonqualified aliens.

           o Several payments made of fictitious registrations that GAO
           submitted using bogus identities and addresses.

           o A year after DHS used the purchase cards to pay for items
           intended to assist in providing disaster relief, 34 percent of
           these items could not be located and are presumed lost or stolen.

5 [16]GAO/AIMD-98-21.3.1.

These examples highlight lessons learned with respect to the importance of
federal and state governments establishing effective prevention programs
in order to minimize such fraud, waste, and abuse. An effective program
would include fraud prevention controls, fraud detection, monitoring
adherence to controls throughout the entire program life, collection of
improper payments, and aggressive prosecution of individuals committing
fraud. These controls are crucial whether dealing with programs to provide
housing and other needs assistance, or other recovery efforts. With
effective planning, relief agencies should not have to make a choice
between speedy delivery of disaster recovery assistance and effective
fraud prevention.

The results of audit work on FEMA's IHP payments and DHS purchase card
controls serve to emphasize the fundamental concept that fraud prevention
is the most effective and efficient means to minimize fraud, waste, and
abuse. Preventive controls should be designed to include, at a minimum, a
requirement that application data be validated against other government or
third-party sources to determine whether registrants provided accurate
information on their identity and place of residence. Further, such
preventive controls should include physical verification, edit checks to
identify problem registrants and claims (e.g., duplicates) before payments
are made, and training on fraud awareness and potential fraud schemes for
all key government and contractor personnel.

Although more costly and less effective than preventive controls, fraud
detection and monitoring is also a necessary element of an effective
overall fraud prevention program. Key elements of an effective detection
process include data-mining for fraudulent and suspicious registrants and
reviews to establish the accountability of property and funds. Our
investigations into lost or stolen items bought for relief efforts show
the importance of establishing and maintaining accountability over assets
easily converted to personal use, such as laptop computers. Another
element of an effective fraud prevention program is the collection of
identified improper payments and the aggressive investigation and
prosecution of individuals who committed fraud against the federal
government. While our evidence shows that collection actions after money
has gone out the door are far less effective than up front preventive
controls, the deterrent value of prosecuting those who commit fraud sends
the message that the government will not tolerate individuals stealing
assistance money and serves as a preventive measure for future disasters.
In addition, lessons learned from investigations and prosecutions should
be used to improve up front fraud prevention controls as well.

Prior Findings of Fraud, Waste, and Abuse

Audit work we performed on FEMA's IHP payments and DHS's purchase card
program identified widespread fraud, waste, and abuse. Findings from these
audits and our related investigations show the result of ineffective
preventive controls. As shown by our IHP work, ineffective preventive
controls can result in hundreds of millions or potentially billions of
dollars in improper and fraudulent payments. In addition, our work on DHS
purchase cards showed that control weaknesses in government purchasing
programs can also result in fraud, waste, and abuse.

Between February and December 2006, we testified on three different
occasions that potentially improper and fraudulent activities related to
the IHP program are significant. Our February 2006 testimony6 focused on
control weaknesses that resulted in FEMA making thousands of Expedited
Assistance7 (EA) payments that were based on bogus registration data.
Specifically, we found that FEMA made millions of dollars in payments on
registrations containing Social Security numbers that had never been
issued or belonged to deceased individuals. In addition, we also found
that numerous registrations we selected for investigation contained bogus
damaged address. We also successfully submitted fictitious registrations
and received payments using bogus identities and addresses.

Our second testimony in June 20068 discussed breakdowns in internal
controls, in particular the lack of controls designed to prevent bogus
registrations. These breakdowns resulted in an estimated 16 percent or $1
billion in payments made through February 2006 based on invalid
registrations. The statistical sample testing used to reach this estimate
found payments made on registrations that contained invalid identities,
bogus addresses, addresses which the registrant did not live in at the
time of the disaster, and duplicate registrations. Our data mining also
found that FEMA paid millions of dollars on over 1,000 registrations
containing the names and Social Security numbers of individuals
incarcerated in federal or state prisons during the hurricanes, and paid
millions of dollars in IHP payments to individuals who claimed a Post
Office box as their damaged physical address in order to receive
assistance.

In our December 2006 testimony9 we found additional instances of IHP
fraud, waste, and abuse, including duplicate housing assistance provided
to thousands of individuals living in FEMA-provided housing. Specifically
FEMA paid registrants rental assistance money while at the same time
providing rent-free housing in apartments and FEMA trailers. We also found
that FEMA provided about $20 million dollars in potentially duplicate
payments to individuals who registered and received assistance twice using
the same Social Security number and damaged address. These individuals
registered once for Hurricane Katrina and then again for Hurricane Rita
using the same Social Security number and damaged address. FEMA also paid
several million more dollars worth of IHP payments to registrants who were
ineligible nonqualified aliens. Based on data we received from several
universities in the area, we identified that FEMA made IHP payments to
more than 500 ineligible foreign students, despite receiving, in some
cases, evidence clearly showing that they were not eligible for IHP
benefits. The December 2006 testimony also pointed to the small amount of
money that FEMA had been able to collect from improper payments as of
November 2006. Specifically, in contrast to the $1 billion in potentially
improper and/or fraudulent payments we estimated through February 2006,
FEMA had detected, as of November 2006, about $290 million in improper
payments, and had collected only $7 million.

6 [17]GAO-06-403T .

7 Because of the tremendous devastation caused by hurricanes Katrina and
Rita, FEMA activated expedited assistance to provide fast track money--in
the form of $2,000 in expedited assistance payments--to eligible disaster
victims to help with immediate, emergency needs for food, shelter,
clothing, and personal necessities.

8 [18]GAO-06-844T .

9 [19]GAO-07-252T .

Our work on DHS purchase card controls found weak accountability over FEMA
computers, printers, Global Positioning System (GPS) units, and other
items bought for hurricane relief efforts using government purchase cards.
Thirty-four percent of items obtained with purchase cards that we
investigated could not be located and are thus presumed lost or stolen. As
of October 2006, more than 40 computers, 10 printers, 20 GPS units, and 2
flat-bottom boats are missing. In addition, 18 other flat-bottom boats
purchased by FEMA were in its possession, but FEMA did not own title to
any of them. Based on these findings, and the findings on the IHP program,
we have made recommendations to FEMA to develop effective systems and
controls to minimize the opportunity for fraud, waste, and abuse in the
future. FEMA has generally concurred with most of our recommendations and
has reported on actions to improve prevention of fraud, waste, and abuse
for the future.

Framework for Fraud Prevention, Detection, and Prosecution

The results of our work serve to emphasize the overall lesson learned that
fraud prevention is the most effective and efficient means to minimize
fraud, waste, and abuse. It also demonstrates that the establishment of
effective fraud prevention controls over the registration and payment
process, fraud detection and monitoring adherence to those controls, and
the aggressive pursuit and prosecution of individuals committing fraud are
crucial elements of an effective fraud prevention program over any
assistance programs with defined eligibility criteria, including disaster
assistance programs.

The very nature of the government's need to quickly provide assistance to
individuals adversely affected by disasters makes assistance payments more
vulnerable to applicants attempting to obtain benefits that they are not
entitled to receive. However, it is because of these known vulnerabilities
that federal and state governments need to have effective controls in
place to minimize the opportunities for individuals to defraud the
government. Figure 1 provides an overview of how preventive controls help
to screen out the majority of fraud, waste, and abuse, and how detection
controls and prosecution can help to further minimize the extent to which
a program is vulnerable to fraud.

Figure 1: Program Designed to Minimize Fraud, Waste, and Abuse

The Importance of Fraud, Waste, and Abuse Prevention to Katrina and Rita
Recovery Efforts

Preventive controls are a key element on an effective fraud prevention
program and are also described in the Standards for Internal Control in
the Federal Government.10 The most crucial element of effective fraud
prevention controls is a focus on substantially diminishing the
opportunity for fraudulent access into the system through front-end
controls. Preventive controls should be designed to include, at a minimum,
a requirement for data validation, system edit controls, and fraud
awareness training. Finally, prior to implementing any new preventive
controls, and well in advance of any disaster, agencies must adequately
field test the new controls to ensure that controls are operating as
intended and that legitimate victims are not denied benefits.

Fraud prevention can be achieved by requiring that registrants provide
information in a uniform format, and validating these data against other
government or third-party sources to determine whether registrants
provided accurate information on their identity and place of residence.
Effective fraud prevention controls require that agencies enter into
data-sharing arrangements with organizations to perform validation. In the
current environment, agencies have at their disposal a large number of
data sources that they can use to validate the identity and address of
registrants. However, our work related to FEMA's management of the IHP
program for hurricanes Katrina and Rita found that its limited--or
sometimes nonexistent--use of a third-party validation process left
disaster assistance programs vulnerable to substantial fraud. For example,
FEMA's failure to implement preventive controls to validate the identity
of individuals who applied using the telephone resulted in FEMA making
millions of dollars in payments to individuals who used Social Security
numbers that had never been issued or belonged to deceased individuals.
Another method of data validation is through physical inspection of the
disaster damage prior to payment. While physical inspections in a timely
manner may not be possible to prevent all fraudulent and improper
payments, our work found that FEMA continued to make payments without a
valid physical inspection of our undercover registration's bogus
addresses, months after the hurricanes had occurred.

10 [20]GAO/AIMD-98-21.3.1 .

System edit checks designed to identify problem registrants and claims
(e.g., duplicates) before payments are made are also a crucial lesson
learned with respect to ensuring that obviously false or duplicate
information is not used to receive disaster relief payments. System edit
checks are most effective if performed before distribution of a payment.
Edit checks should include ensuring that (1) the same Social Security
number was not used on multiple registrations and (2) the registrant
provides a verifiable physical address on which the disaster damage is
based. In the case of FEMA's IHP program, ineffective edit checks resulted
in millions paid to registrants who claimed the same damages twice, once
for Hurricane Katrina and once for Hurricane Rita, and registrants who
submitted multiple registrations using the same name, Social Security
number, or address. Ineffective edit checks also resulted in payments
being made based on obviously false data, including payments of millions
of dollars to individuals who used a Post Office box as their damaged
physical address in order to receive assistance.

Beyond validation and edits, lessons learned show that other controls,
including a well-trained work force that is aware of the potential for
fraud, can help prevent fraud. Fraud awareness training with frontline
personnel--specifically on the potential for fraud within the program and
the likely types of fraud they could encounter--is crucial to stopping
fraud before it gains access into the program. In addition, when
implementing any new controls, it is important to field test all systems
prior to putting them in place. On top of reducing the risk of untested
controls allowing substantial fraud, field testing also helps to ensure
that new controls do not improperly deny benefits to valid registrants. A
safety net for those registrants who are wrongly denied disaster relief
due to preventive controls should always be in place to ensure they
receive assistance.

Detection and Monitoring Help Assure that Funds Are Used for Disaster Recovery

Even with effective preventive controls, there is substantial residual
risk that fraudulent and improper disaster relief payments can occur. Our
work has shown that agencies must continue their efforts to monitor fraud
and improper payment vulnerabilities in the execution of disaster relief
programs, even if these efforts are more costly and less effective than
preventive controls. Detection and monitoring efforts are addressed in the
Standards for Internal Control in the Federal Government and include
data-mining for fraudulent and suspicious transactions and reviews to
establish the accountability of funds. Also, control weaknesses identified
through detection and monitoring should be used to make improvements to
preventive controls to reduce the risk for fraud, waste, and abuse in the
future.

The data-mining we performed to search for anomalies in registrant data
and purchase card transactions show how important constant monitoring and
detection can be. Through data-mining, we found rental assistance payments
to individuals who were residing in FEMA-provided hotel rooms, trailers,
and apartments and payments to ineligible, nonqualified aliens. We found
examples of multiple registrations citing the same address or bank
accounts, and numerous residents in a damaged apartment building all
relocating to the same location, which may also suggest fraud. By
comparing applicant data in FEMA's own databases, we identified duplicate
applications submitted for both Katrina and Rita, but intended to cover
the same damage to the same residence. By comparing recipient data against
federal and state prisoners' databases, we identified instances where
prisoners had fraudulently registered for and received disaster relief
payments while incarcerated. Our examples illustrate that data-mining
efforts should be done in a manner that uses creative solutions to search
for potential fraud using all available data sources. To the extent that
data-mining identifies systematic fraud, intelligence should be fed back
into the fraud prevention process so that for future disasters the fraud
is detected and prevented before money is disbursed.

Depending on the type of assistance provided and the means in which the
assistance was distributed, it can be important for an agency to monitor
the use of disaster relief funds. Our review of FEMA's IHP program found
that while the vast majority of debit card transactions that were not
withdrawn as cash appeared to have been used for disaster-related needs,
we did find a number of purchases for nondisaster items such as football
tickets, alcohol, massage parlor services, and adult videos. In addition,
our review of items bought with DHS purchase cards found that many items
bought for use in disaster relief were lost or stolen. By monitoring these
types of uses, agencies may be able to ensure that disaster funds are used
to help mitigate losses and not used for inappropriate items or services.

Collection Efforts, Investigations, and Prosecutions Are Far Less Effective than
Up Front Fraud Prevention

Another element of a fraud prevention program is the collection of
improper payments and the aggressive investigation and prosecution of
individuals who committed fraud against the government. These back-end
controls are often the most costly and less effective means of reducing
losses to fraud, waste, and abuse. However, the deterrent value of
prosecuting those who commit fraud sends the message that the government
will not tolerate individuals stealing assistance money, and thus serving
as a preventive measure for future disasters. Our experience is that
investigations and prosecutions are a necessary part of an overall fraud
prevention and deterrence program, but should be a last resort when all
other controls have failed. For hurricanes Katrina and Rita, the Justice
Department has set up the Katrina Fraud Task Force, which has successfully
investigated and prosecuted numerous individuals who received assistance
fraudulently from FEMA.

In December 2006, we testified to the difficulty of collecting on improper
payments after they have been disbursed. Specifically, in contrast to the
$1 billion we estimated to be improper and potentially fraudulent
payments--an estimate derived from statistical sampling--FEMA determined
that it had overpaid nearly 60,000 registrants about $290 million as of
November 2006. These overpayments, which FEMA refers to as recoupments,
represent the improper payments that FEMA reported it had detected and for
which it had issued collection letters. Although FEMA had identified about
$290 million in overpayments, as of late 2006, FEMA stated that it had
only collected nearly $7 million. The small amount of money that FEMA had
collected on overpayments related to hurricanes Katrina and Rita further
emphasizes the need for preventing fraud, waste, and abuse prior to
payments going out the door.

Lessons learned from our prior work show that, while investigations and
prosecutions can be the most visible means to deal with individuals intent
on perpetrating fraud schemes, they are also the most costly and should
not be used in place of other more effective preventive controls. Still,
by successfully prosecuting such individuals, agencies can deter others
who are thinking of taking advantage of the inherent vulnerabilities in
disaster relief programs. We have already referred thousands of cases we
have identified as potentially improper and fraudulent to the Katrina
Fraud Task force for further investigation and expect to refer others for
additional investigation and possible prosecution.

Conclusions

Our Katrina and Rita work to date has shown that there are at least tens
of thousands of individuals that took advantage of the opportunity to
commit fraud against the federal government. Our work shows that for one
FEMA individual assistance program alone it is likely that over $1 billion
has been lost to fraudulent and improper payments. With potentially
billions of dollars of additional spending likely for Katrina and Rita
recovery, state and federal agencies should implement lessons learned with
respect to the importance of effective fraud, waste, and abuse prevention
programs. With effective planning, relief agencies should not have to make
a choice between speedy delivery of assistance and effective fraud
prevention. Going forward, FEMA and other agencies involved in disaster
recovery efforts must work hard to develop and institute effective
controls that will ensure victims are provided assistance as quickly as
possible while also minimizing fraud, waste, and abuse.

Chairman and Members of the Committee, this concludes my statement. I
would be pleased to answer any questions that you or other Members of the
Committee have at this time.

Contacts

For further information about this testimony, please contact Gregory Kutz
at (202) 512- 7455 or [email protected] . Contact points for our Offices
of Congressional Relations and Public Affairs may be found on the last
page of this testimony.

(192244)

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail:
[email protected] Automated answering system: (800) 424-5454 or (202)
512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548

Public Affairs

Paul Anderson, Managing Director, [email protected] (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

www.gao.gov/cgi-bin/getrpt?GAO-07-418T .

To view the full product, including the scope
and methodology, click on the link above.

For more information, contact Gregory Kutz at (202) 512-7455 or
[email protected].

Highlights of [29]GAO-07-418T , a testimony before the Committee on
Homeland Security and Governmental Affairs, U.S. Senate

January 29, 2007

HURRICANES KATRINA AND RITA DISASTER RELIEF

Prevention Is the Key to Minimizing Fraud, Waste, and Abuse in Recovery
Efforts

Hurricanes Katrina and Rita destroyed homes and displaced millions of
individuals. While federal and state governments continue to respond to
this disaster, GAO has identified significant control
weaknesses--specifically in the Federal Emergency Management Agency
(FEMA)`s Individuals and Households Program (IHP) and in Department of
Homeland Security (DHS)'s purchase card program--resulting in significant
fraud, waste, and abuse. In response to the numerous recommendations GAO
made, DHS and FEMA have reported on numerous actions taken to address our
recommendations.

Lessons learned from GAO's prior work can serve as a framework for an
effective fraud prevention system for federal and state governments as
they consider spending billions more on disaster recovery. These lessons
are particularly important because funding that is lost to fraud, waste,
and abuse reduces the amount of money that could be delivered to victims
in need.

Today's testimony will

(1) describe key findings from past GAO work and (2) use the results from
that work and GAO's other experiences to discuss the importance of an
effective fraud, waste and abuse prevention program.

Prior GAO audit and investigative work on FEMA's controls over IHP
payments and DHS's controls over purchase cards emphasizes one fundamental
concept--that fraud prevention is the most effective and efficient means
of minimizing fraud, waste, and abuse. GAO estimates that FEMA made about
16 percent or almost $1 billion dollars in improper and potentially
fraudulent IHP payments to registrants who applied using invalid
information, illustrating what can happen when fraud prevention controls
are ineffective. For example, GAO found that FEMA made payments based on
bogus damaged addresses, false identities, and identities belonging to
federal and state prisoners. These findings highlight the need for
effective controls over all types of recovery disbursements. With
effective planning, relief agencies should not have to make a choice
between speedy delivery of disaster recovery assistance and effective
fraud prevention. Finally, GAO's findings of significant control
weaknesses in DHS's purchase card program leading to fraud, waste, and
abuse further underline the need for an effective framework for fraud
prevention, monitoring, and detection as shown below.

Program Designed to Minimize Fraud, Waste, and Abuse

Our work on disaster assistance programs in particular show that
preventive controls should be designed to include, at a minimum, a
requirement that data used in decision making is validated against other
government or third-party sources to determine accuracy. Inspections and
physical validation should also be conducted whenever possible to confirm
information prior to payment. System edit checks should also be used to
identify problems before payments are made. Finally, providing training on
fraud awareness is important in stopping fraud before it gets into any
type of recovery program.

Fraud detection and monitoring is also critical, although more costly and
less effective than preventive controls. Key elements of detection include
data mining for fraudulent information and performing reviews to establish
the accountability of property and funds. The final element of a fraud
prevention program is the collection of identified improper payments and
the aggressive investigation and prosecution of individuals who commit
fraud as a preventive measure for future disasters. These elements are
most costly, and collecting money after it has been disbursed is far less
effective than up front prevention--FEMA has collected only $7 million of
the estimated $1 billion in potential improper and fraudulent IHP
payments.

References

Visible links

  10. http://www.gao.gov/cgi-bin/getrpt?GAO-06-1013
  11. http://www.gao.gov/cgi-bin/getrpt?GAO-06-403T
  12. http://www.gao.gov/cgi-bin/getrpt?GAO-06-844T
  13. http://www.gao.gov/cgi-bin/getrpt?GAO-07-252T
  14. http://www.gao.gov/cgi-bin/getrpt?GAO-06-957T
  15. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-21.3.1
  16. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-21.3.1
  17. http://www.gao.gov/cgi-bin/getrpt?GAO-06-403T
  18. http://www.gao.gov/cgi-bin/getrpt?GAO-06-844T
  19. http://www.gao.gov/cgi-bin/getrpt?GAO-07-252T
  20. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-98-21.3.1
  29. http://www.gao.gov/cgi-bin/getrpt?GAO-07-418T
*** End of document. ***