Hurricanes Katrina and Rita Disaster Relief
Prevention Is the Key to Minimizing Fraud, Waste, and Abuse in Recovery Efforts Gao ID: GAO-07-418T January 29, 2007Hurricanes Katrina and Rita destroyed homes and displaced millions of individuals. While federal and state governments continue to respond to this disaster, GAO has identified significant control weaknesses--specifically in the Federal Emergency Management Agency (FEMA)'s Individuals and Households Program (IHP) and in Department of Homeland Security (DHS)'s purchase card program--resulting in significant fraud, waste, and abuse. In response to the numerous recommendations GAO made, DHS and FEMA have reported on numerous actions taken to address our recommendations. Lessons learned from GAO's prior work can serve as a framework for an effective fraud prevention system for federal and state governments as they consider spending billions more on disaster recovery. These lessons are particularly important because funding that is lost to fraud, waste, and abuse reduces the amount of money that could be delivered to victims in need. Today's testimony will (1) describe key findings from past GAO work and (2) use the results from that work and GAO's other experiences to discuss the importance of an effective fraud, waste and abuse prevention program.
Prior GAO audit and investigative work on FEMA's controls over IHP payments and DHS's controls over purchase cards emphasizes one fundamental concept--that fraud prevention is the most effective and efficient means of minimizing fraud, waste, and abuse. GAO estimates that FEMA made about 16 percent or almost $1 billion dollars in improper and potentially fraudulent IHP payments to registrants who applied using invalid information, illustrating what can happen when fraud prevention controls are ineffective. For example, GAO found that FEMA made payments based on bogus damaged addresses, false identities, and identities belonging to federal and state prisoners. These findings highlight the need for effective controls over all types of recovery disbursements. With effective planning, relief agencies should not have to make a choice between speedy delivery of disaster recovery assistance and effective fraud prevention. Finally, GAO's findings of significant control weaknesses in DHS's purchase card program leading to fraud, waste, and abuse further underline the need for an effective framework for fraud prevention, monitoring, and detection. Our work on disaster assistance programs in particular show that preventive controls should be designed to include, at a minimum, a requirement that data used in decision making is validated against other government or third-party sources to determine accuracy. Inspections and physical validation should also be conducted whenever possible to confirm information prior to payment. System edit checks should also be used to identify problems before payments are made. Finally, providing training on fraud awareness is important in stopping fraud before it gets into any type of recovery program. Fraud detection and monitoring is also critical, although more costly and less effective than preventive controls. Key elements of detection include data mining for fraudulent information and performing reviews to establish the accountability of property and funds. The final element of a fraud prevention program is the collection of identified improper payments and the aggressive investigation and prosecution of individuals who commit fraud as a preventive measure for future disasters. These elements are most costly, and collecting money after it has been disbursed is far less effective than up front prevention--FEMA has collected only $7 million of the estimated $1 billion in potential improper and fraudulent IHP payments.
GAO-07-418T, Hurricanes Katrina and Rita Disaster Relief: Prevention Is the Key to Minimizing Fraud, Waste, and Abuse in Recovery Efforts
This is the accessible text file for GAO report number GAO-07-418T
entitled 'Hurricanes Katrina and Rita Disaster Relief: Prevention Is
the Key to Minimizing Fraud, Waste, and Abuse in Recovery Efforts'
which was released on January 29, 2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony:
Before the Committee on Homeland Security and Governmental Affairs,
U.S. Senate:
United States Government Accountability Office:
GAO:
For Release on Delivery Expected at 10:00 a.m. EST:
Monday, January 29, 2007:
Hurricanes Katrina And Rita Disaster Relief:
Prevention Is the Key to Minimizing Fraud, Waste, and Abuse in Recovery
Efforts:
Statement of Gregory Kutz, Managing Director:
Forensic Audits and Special Investigations:
GAO-07-418T:
GAO Highlights:
Highlights of GAO-07-418T, a testimony before the Committee on Homeland
Security and Governmental Affairs, U.S. Senate
Why GAO Did This Study:
Hurricanes Katrina and Rita destroyed homes and displaced millions of
individuals. While federal and state governments continue to respond to
this disaster, GAO has identified significant control
weaknesses”specifically in the Federal Emergency Management Agency
(FEMA)…s Individuals and Households Program (IHP) and in Department of
Homeland Security (DHS)‘s purchase card program”resulting in
significant fraud, waste, and abuse. In response to the numerous
recommendations GAO made, DHS and FEMA have reported on numerous
actions taken to address our recommendations.
Lessons learned from GAO‘s prior work can serve as a framework for an
effective fraud prevention system for federal and state governments as
they consider spending billions more on disaster recovery. These
lessons are particularly important because funding that is lost to
fraud, waste, and abuse reduces the amount of money that could be
delivered to victims in need.
Today‘s testimony will
(1) describe key findings from past GAO work and (2) use the results
from that work and GAO‘s other experiences to discuss the importance of
an effective fraud, waste and abuse prevention program.
What GAO Found:
Prior GAO audit and investigative work on FEMA‘s controls over IHP
payments and DHS‘s controls over purchase cards emphasizes one
fundamental concept”that fraud prevention is the most effective and
efficient means of minimizing fraud, waste, and abuse. GAO estimates
that FEMA made about 16 percent or almost $1 billion dollars in
improper and potentially fraudulent IHP payments to registrants who
applied using invalid information, illustrating what can happen when
fraud prevention controls are ineffective. For example, GAO found that
FEMA made payments based on bogus damaged addresses, false identities,
and identities belonging to federal and state prisoners. These findings
highlight the need for effective controls over all types of recovery
disbursements. With effective planning, relief agencies should not have
to make a choice between speedy delivery of disaster recovery
assistance and effective fraud prevention. Finally, GAO‘s findings of
significant control weaknesses in DHS‘s purchase card program leading
to fraud, waste, and abuse further underline the need for an effective
framework for fraud prevention, monitoring, and detection as shown
below.
Figure: Program Designed to Minimize Fraud, Waste, and Abuse:
[See PDF for Image]
Source: GAO.
[End of Figure]
Our work on disaster assistance programs in particular show that
preventive controls should be designed to include, at a minimum, a
requirement that data used in decision making is validated against
other government or third-party sources to determine accuracy.
Inspections and physical validation should also be conducted whenever
possible to confirm information prior to payment. System edit checks
should also be used to identify problems before payments are made.
Finally, providing training on fraud awareness is important in stopping
fraud before it gets into any type of recovery program.
Fraud detection and monitoring is also critical, although more costly
and less effective than preventive controls. Key elements of detection
include data mining for fraudulent information and performing reviews
to establish the accountability of property and funds. The final
element of a fraud prevention program is the collection of identified
improper payments and the aggressive investigation and prosecution of
individuals who commit fraud as a preventive measure for future
disasters. These elements are most costly, and collecting money after
it has been disbursed is far less effective than up front
prevention”FEMA has collected only $7 million of the estimated $1
billion in potential improper and fraudulent IHP payments.
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-418T].
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Gregory Kutz at (202) 512-
7455 or kutzg@gao.gov.
[End of Section]
Chairman and Members of the Committee:
Thank you for the opportunity to discuss the fraud prevention lessons
learned as a result of the fraud, waste, and abuse that occurred as
part of the overall hurricanes Katrina and Rita recovery efforts.
Making landfall in August 2005, Hurricane Katrina was the costliest
hurricane, and one of the deadliest, in U.S. history. In May 2006, this
committee reported that Hurricane Katrina was responsible for over $150
billion in damages and over 1,500 deaths, with thousands more reported
missing. Hurricane Katrina devastated much of the Gulf Coast; the storm
surge caused major or catastrophic damage along the coastlines of
Alabama, Louisiana, and Mississippi. About 80 percent of New Orleans
was flooded when levees protecting the city broke, and ultimately
Hurricane Katrina affected 90,000 square miles. Hurricane Rita caused
further devastation, making landfall on the Gulf Coast in September
2005, causing an estimated $9.4 billion in damages and killing seven
people. These two hurricanes posed numerous, unprecedented challenges
for the federal government and state and local governments in the Gulf
Coast region. For example, the Federal Emergency Management Agency
(FEMA) received far more applications for housing and "other needs"
assistance, and awarded more grant money in 2005-2006 for Hurricanes
Katrina and Rita than for all of the hurricanes that resulted in a
disaster declaration in 2004 (Ivan, Charley, Frances, and Jeanne) and
2003 (Isabel and Claudette) combined.[Footnote 1]
The recovery effort in the Gulf Coast region in response to the two
hurricanes is unprecedented and will, over time, require an even more
substantial amount of funding. Testimonies we delivered on February 13,
June 14, and December 6, 2006,[Footnote 2] identified significant
fraud, waste, and abuse in just one of the programs FEMA uses to
provide disaster recovery assistance--the Individuals and Households
Program (IHP). As of October 2006, FEMA reported to Congress that it
had delivered approximately $7 billion in IHP aid for hurricanes
Katrina and Rita. Areas we have highlighted related to FEMA's IHP
program included our estimate of $600 million to $1.4 billion of
payments FEMA disbursed based on invalid registrations made through
February of 2006. These improper and potentially fraudulent payments
arose from breakdowns in preventive controls that failed to identify
bogus registrations made using information such as invalid Social
Security numbers and bogus damaged addresses. Numerous other areas of
internal control weaknesses resulted in additional fraud, waste, and
abuse. For example, we have identified duplicate claims for hurricanes
Katrina and Rita, payments to nonqualified aliens, improper use of the
government purchase cards, and missing or stolen government computers,
printers, and other items. Our testimony before this committee on July
19, 2006,[Footnote 3] identified additional examples of fraud, waste
and abuse related to the use of Department of Homeland Security (DHS)
purchase cards for response and recovery efforts. Based on these
findings, we have made recommendations to FEMA and DHS to develop
effective systems and controls to minimize fraud, waste, and abuse. In
response to our recommendations FEMA and DHS have identified numerous
actions they have taken to address our recommendations, and improve
internal controls.
Crucial internal controls and control weaknesses we identified during
our work on the IHP program, and requirements in the Comptroller
General's Standards for Internal Control in the Federal
Government,[Footnote 4] are directly relatable to controls over
disaster recovery assistance efforts. Lessons learned from our findings
of fraud, waste, and abuse related to Katrina and Rita can serve as a
lesson for federal and state governments as they consider spending
substantial sums--estimated to be billions of additional dollars--on
Katrina and Rita recovery efforts and for future disaster recovery
spending beyond Katrina and Rita. Identifying and adopting these
lessons are crucial because disaster assistance and recovery funds that
is lost to fraud, waste, and abuse reduce the amount of money that
could be delivered to alleviate the pain, suffering, and needs of
legitimate victims of disasters. Further, fiscal challenges facing
federal and state governments only increase the need for pressure on
agencies to best ensure that available disaster relief funding is spent
as efficiently and effectively as possible. My testimony today will (1)
summarize the key findings of fraud, waste, and abuse from our past
work related to hurricanes Katrina and Rita recovery efforts and (2)
use the results from that work and GAO's other experiences to discuss
the importance of an effective fraud, waste, and abuse prevention
program.
To address our objectives, we reviewed prior findings from GAO audits
of hurricane Katrina and Rita relief efforts. We also reviewed
applicable guidance on internal control standards from the Comptroller
General's Standards for Internal Controls in the Federal
Government.[Footnote 5] We conducted our audit work in accordance with
generally accepted government auditing standards and conducted
investigative work in accordance with standards prescribed by the
President's Council on Integrity and Efficiency.
Summary:
Findings from our prior work on FEMA's IHP payments and DHS's purchase
card program show that fraud, waste, and abuse related to hurricanes
Katrina and Rita disaster assistance are significant. Due to the need
to provide assistance quickly and expedite purchases, programs without
effective fraud prevention controls can end up losing millions or
potentially billions of dollars to fraud, waste, and abuse. For
example, for the FEMA IHP program alone, we estimate that through
February 2006, FEMA made about 16 percent, or $1 billion, in improper
and potentially fraudulent payments to registrants who used invalid
information to apply for disaster assistance. Subsequent findings
showed additional improper and potentially fraudulent payments for IHP
and acquisitions made using DHS purchase cards.
The following are some examples from our work related to the hurricane
Katrina and Rita recovery efforts that are symptomatic of an
ineffective fraud, waste, and abuse prevention program.
* Millions of dollars paid to individuals who used bogus damaged
property addresses, invalid Social Security numbers, or duplicate
registrations.
* Millions of dollars in payments to thousands of registrants who used
Social Security numbers that had never been issued or belonged to
deceased individuals.
* Millions of dollars paid on over 1,000 registrations containing the
names and Social Security numbers of individuals incarcerated in
federal or state prisons during the hurricanes.
* FEMA provided thousands of registrants rental assistance money while
at the same time providing rent-free housing in hotels, apartments, and
FEMA trailers.
* FEMA provided about $20 million dollars in potentially duplicate
payments to individuals who registered and received assistance twice,
for both hurricanes Katrina and Rita, using the same Social Security
number and damaged address.
* Several million dollars worth of IHP payments were made to ineligible
nonqualified aliens.
* Several payments made of fictitious registrations that GAO submitted
using bogus identities and addresses.
* A year after DHS used the purchase cards to pay for items intended to
assist in providing disaster relief, 34 percent of these items could
not be located and are presumed lost or stolen.
These examples highlight lessons learned with respect to the importance
of federal and state governments establishing effective prevention
programs in order to minimize such fraud, waste, and abuse. An
effective program would include fraud prevention controls, fraud
detection, monitoring adherence to controls throughout the entire
program life, collection of improper payments, and aggressive
prosecution of individuals committing fraud. These controls are crucial
whether dealing with programs to provide housing and other needs
assistance, or other recovery efforts. With effective planning, relief
agencies should not have to make a choice between speedy delivery of
disaster recovery assistance and effective fraud prevention.
The results of audit work on FEMA's IHP payments and DHS purchase card
controls serve to emphasize the fundamental concept that fraud
prevention is the most effective and efficient means to minimize fraud,
waste, and abuse. Preventive controls should be designed to include, at
a minimum, a requirement that application data be validated against
other government or third-party sources to determine whether
registrants provided accurate information on their identity and place
of residence. Further, such preventive controls should include physical
verification, edit checks to identify problem registrants and claims
(e.g., duplicates) before payments are made, and training on fraud
awareness and potential fraud schemes for all key government and
contractor personnel.
Although more costly and less effective than preventive controls, fraud
detection and monitoring is also a necessary element of an effective
overall fraud prevention program. Key elements of an effective
detection process include data-mining for fraudulent and suspicious
registrants and reviews to establish the accountability of property and
funds. Our investigations into lost or stolen items bought for relief
efforts show the importance of establishing and maintaining
accountability over assets easily converted to personal use, such as
laptop computers. Another element of an effective fraud prevention
program is the collection of identified improper payments and the
aggressive investigation and prosecution of individuals who committed
fraud against the federal government. While our evidence shows that
collection actions after money has gone out the door are far less
effective than up front preventive controls, the deterrent value of
prosecuting those who commit fraud sends the message that the
government will not tolerate individuals stealing assistance money and
serves as a preventive measure for future disasters. In addition,
lessons learned from investigations and prosecutions should be used to
improve up front fraud prevention controls as well.
Prior Findings of Fraud, Waste, and Abuse:
Audit work we performed on FEMA's IHP payments and DHS's purchase card
program identified widespread fraud, waste, and abuse. Findings from
these audits and our related investigations show the result of
ineffective preventive controls. As shown by our IHP work, ineffective
preventive controls can result in hundreds of millions or potentially
billions of dollars in improper and fraudulent payments. In addition,
our work on DHS purchase cards showed that control weaknesses in
government purchasing programs can also result in fraud, waste, and
abuse.
Between February and December 2006, we testified on three different
occasions that potentially improper and fraudulent activities related
to the IHP program are significant. Our February 2006
testimony[Footnote 6] focused on control weaknesses that resulted in
FEMA making thousands of Expedited Assistance[Footnote 7] (EA) payments
that were based on bogus registration data. Specifically, we found that
FEMA made millions of dollars in payments on registrations containing
Social Security numbers that had never been issued or belonged to
deceased individuals. In addition, we also found that numerous
registrations we selected for investigation contained bogus damaged
address. We also successfully submitted fictitious registrations and
received payments using bogus identities and addresses.
Our second testimony in June 2006[Footnote 8] discussed breakdowns in
internal controls, in particular the lack of controls designed to
prevent bogus registrations. These breakdowns resulted in an estimated
16 percent or $1 billion in payments made through February 2006 based
on invalid registrations. The statistical sample testing used to reach
this estimate found payments made on registrations that contained
invalid identities, bogus addresses, addresses which the registrant did
not live in at the time of the disaster, and duplicate registrations.
Our data mining also found that FEMA paid millions of dollars on over
1,000 registrations containing the names and Social Security numbers of
individuals incarcerated in federal or state prisons during the
hurricanes, and paid millions of dollars in IHP payments to individuals
who claimed a Post Office box as their damaged physical address in
order to receive assistance.
In our December 2006 testimony[Footnote 9] we found additional
instances of IHP fraud, waste, and abuse, including duplicate housing
assistance provided to thousands of individuals living in FEMA-provided
housing. Specifically FEMA paid registrants rental assistance money
while at the same time providing rent-free housing in apartments and
FEMA trailers. We also found that FEMA provided about $20 million
dollars in potentially duplicate payments to individuals who registered
and received assistance twice using the same Social Security number and
damaged address. These individuals registered once for Hurricane
Katrina and then again for Hurricane Rita using the same Social
Security number and damaged address. FEMA also paid several million
more dollars worth of IHP payments to registrants who were ineligible
nonqualified aliens. Based on data we received from several
universities in the area, we identified that FEMA made IHP payments to
more than 500 ineligible foreign students, despite receiving, in some
cases, evidence clearly showing that they were not eligible for IHP
benefits. The December 2006 testimony also pointed to the small amount
of money that FEMA had been able to collect from improper payments as
of November 2006. Specifically, in contrast to the $1 billion in
potentially improper and/or fraudulent payments we estimated through
February 2006, FEMA had detected, as of November 2006, about $290
million in improper payments, and had collected only $7 million.
Our work on DHS purchase card controls found weak accountability over
FEMA computers, printers, Global Positioning System (GPS) units, and
other items bought for hurricane relief efforts using government
purchase cards. Thirty-four percent of items obtained with purchase
cards that we investigated could not be located and are thus presumed
lost or stolen. As of October 2006, more than 40 computers, 10
printers, 20 GPS units, and 2 flat-bottom boats are missing. In
addition, 18 other flat-bottom boats purchased by FEMA were in its
possession, but FEMA did not own title to any of them. Based on these
findings, and the findings on the IHP program, we have made
recommendations to FEMA to develop effective systems and controls to
minimize the opportunity for fraud, waste, and abuse in the future.
FEMA has generally concurred with most of our recommendations and has
reported on actions to improve prevention of fraud, waste, and abuse
for the future.
Framework for Fraud Prevention, Detection, and Prosecution:
The results of our work serve to emphasize the overall lesson learned
that fraud prevention is the most effective and efficient means to
minimize fraud, waste, and abuse. It also demonstrates that the
establishment of effective fraud prevention controls over the
registration and payment process, fraud detection and monitoring
adherence to those controls, and the aggressive pursuit and prosecution
of individuals committing fraud are crucial elements of an effective
fraud prevention program over any assistance programs with defined
eligibility criteria, including disaster assistance programs.
The very nature of the government's need to quickly provide assistance
to individuals adversely affected by disasters makes assistance
payments more vulnerable to applicants attempting to obtain benefits
that they are not entitled to receive. However, it is because of these
known vulnerabilities that federal and state governments need to have
effective controls in place to minimize the opportunities for
individuals to defraud the government. Figure 1 provides an overview of
how preventive controls help to screen out the majority of fraud,
waste, and abuse, and how detection controls and prosecution can help
to further minimize the extent to which a program is vulnerable to
fraud.
Figure 1: Program Designed to Minimize Fraud, Waste, and Abuse:
[See PDF for image]
Source: GAO.
[End of figure]
The Importance of Fraud, Waste, and Abuse Prevention to Katrina and
Rita Recovery Efforts:
Preventive controls are a key element on an effective fraud prevention
program and are also described in the Standards for Internal Control in
the Federal Government.[Footnote 10] The most crucial element of
effective fraud prevention controls is a focus on substantially
diminishing the opportunity for fraudulent access into the system
through front-end controls. Preventive controls should be designed to
include, at a minimum, a requirement for data validation, system edit
controls, and fraud awareness training. Finally, prior to implementing
any new preventive controls, and well in advance of any disaster,
agencies must adequately field test the new controls to ensure that
controls are operating as intended and that legitimate victims are not
denied benefits.
Fraud prevention can be achieved by requiring that registrants provide
information in a uniform format, and validating these data against
other government or third-party sources to determine whether
registrants provided accurate information on their identity and place
of residence. Effective fraud prevention controls require that agencies
enter into data-sharing arrangements with organizations to perform
validation. In the current environment, agencies have at their disposal
a large number of data sources that they can use to validate the
identity and address of registrants. However, our work related to
FEMA's management of the IHP program for hurricanes Katrina and Rita
found that its limited--or sometimes nonexistent--use of a third-party
validation process left disaster assistance programs vulnerable to
substantial fraud. For example, FEMA's failure to implement preventive
controls to validate the identity of individuals who applied using the
telephone resulted in FEMA making millions of dollars in payments to
individuals who used Social Security numbers that had never been issued
or belonged to deceased individuals. Another method of data validation
is through physical inspection of the disaster damage prior to payment.
While physical inspections in a timely manner may not be possible to
prevent all fraudulent and improper payments, our work found that FEMA
continued to make payments without a valid physical inspection of our
undercover registration's bogus addresses, months after the hurricanes
had occurred.
System edit checks designed to identify problem registrants and claims
(e.g., duplicates) before payments are made are also a crucial lesson
learned with respect to ensuring that obviously false or duplicate
information is not used to receive disaster relief payments. System
edit checks are most effective if performed before distribution of a
payment. Edit checks should include ensuring that (1) the same Social
Security number was not used on multiple registrations and (2) the
registrant provides a verifiable physical address on which the disaster
damage is based. In the case of FEMA's IHP program, ineffective edit
checks resulted in millions paid to registrants who claimed the same
damages twice, once for Hurricane Katrina and once for Hurricane Rita,
and registrants who submitted multiple registrations using the same
name, Social Security number, or address. Ineffective edit checks also
resulted in payments being made based on obviously false data,
including payments of millions of dollars to individuals who used a
Post Office box as their damaged physical address in order to receive
assistance.
Beyond validation and edits, lessons learned show that other controls,
including a well-trained work force that is aware of the potential for
fraud, can help prevent fraud. Fraud awareness training with frontline
personnel--specifically on the potential for fraud within the program
and the likely types of fraud they could encounter--is crucial to
stopping fraud before it gains access into the program. In addition,
when implementing any new controls, it is important to field test all
systems prior to putting them in place. On top of reducing the risk of
untested controls allowing substantial fraud, field testing also helps
to ensure that new controls do not improperly deny benefits to valid
registrants. A safety net for those registrants who are wrongly denied
disaster relief due to preventive controls should always be in place to
ensure they receive assistance.
Detection and Monitoring Help Assure that Funds Are Used for Disaster
Recovery:
Even with effective preventive controls, there is substantial residual
risk that fraudulent and improper disaster relief payments can occur.
Our work has shown that agencies must continue their efforts to monitor
fraud and improper payment vulnerabilities in the execution of disaster
relief programs, even if these efforts are more costly and less
effective than preventive controls. Detection and monitoring efforts
are addressed in the Standards for Internal Control in the Federal
Government and include data-mining for fraudulent and suspicious
transactions and reviews to establish the accountability of funds.
Also, control weaknesses identified through detection and monitoring
should be used to make improvements to preventive controls to reduce
the risk for fraud, waste, and abuse in the future.
The data-mining we performed to search for anomalies in registrant data
and purchase card transactions show how important constant monitoring
and detection can be. Through data-mining, we found rental assistance
payments to individuals who were residing in FEMA-provided hotel rooms,
trailers, and apartments and payments to ineligible, nonqualified
aliens. We found examples of multiple registrations citing the same
address or bank accounts, and numerous residents in a damaged apartment
building all relocating to the same location, which may also suggest
fraud. By comparing applicant data in FEMA's own databases, we
identified duplicate applications submitted for both Katrina and Rita,
but intended to cover the same damage to the same residence. By
comparing recipient data against federal and state prisoners'
databases, we identified instances where prisoners had fraudulently
registered for and received disaster relief payments while
incarcerated. Our examples illustrate that data-mining efforts should
be done in a manner that uses creative solutions to search for
potential fraud using all available data sources. To the extent that
data-mining identifies systematic fraud, intelligence should be fed
back into the fraud prevention process so that for future disasters the
fraud is detected and prevented before money is disbursed.
Depending on the type of assistance provided and the means in which the
assistance was distributed, it can be important for an agency to
monitor the use of disaster relief funds. Our review of FEMA's IHP
program found that while the vast majority of debit card transactions
that were not withdrawn as cash appeared to have been used for disaster-
related needs, we did find a number of purchases for nondisaster items
such as football tickets, alcohol, massage parlor services, and adult
videos. In addition, our review of items bought with DHS purchase cards
found that many items bought for use in disaster relief were lost or
stolen. By monitoring these types of uses, agencies may be able to
ensure that disaster funds are used to help mitigate losses and not
used for inappropriate items or services.
Collection Efforts, Investigations, and Prosecutions Are Far Less
Effective than Up Front Fraud Prevention:
Another element of a fraud prevention program is the collection of
improper payments and the aggressive investigation and prosecution of
individuals who committed fraud against the government. These back-end
controls are often the most costly and less effective means of reducing
losses to fraud, waste, and abuse. However, the deterrent value of
prosecuting those who commit fraud sends the message that the
government will not tolerate individuals stealing assistance money, and
thus serving as a preventive measure for future disasters. Our
experience is that investigations and prosecutions are a necessary part
of an overall fraud prevention and deterrence program, but should be a
last resort when all other controls have failed. For hurricanes Katrina
and Rita, the Justice Department has set up the Katrina Fraud Task
Force, which has successfully investigated and prosecuted numerous
individuals who received assistance fraudulently from FEMA.
In December 2006, we testified to the difficulty of collecting on
improper payments after they have been disbursed. Specifically, in
contrast to the $1 billion we estimated to be improper and potentially
fraudulent payments--an estimate derived from statistical sampling--
FEMA determined that it had overpaid nearly 60,000 registrants about
$290 million as of November 2006. These overpayments, which FEMA refers
to as recoupments, represent the improper payments that FEMA reported
it had detected and for which it had issued collection letters.
Although FEMA had identified about $290 million in overpayments, as of
late 2006, FEMA stated that it had only collected nearly $7 million.
The small amount of money that FEMA had collected on overpayments
related to hurricanes Katrina and Rita further emphasizes the need for
preventing fraud, waste, and abuse prior to payments going out the
door.
Lessons learned from our prior work show that, while investigations and
prosecutions can be the most visible means to deal with individuals
intent on perpetrating fraud schemes, they are also the most costly and
should not be used in place of other more effective preventive
controls. Still, by successfully prosecuting such individuals, agencies
can deter others who are thinking of taking advantage of the inherent
vulnerabilities in disaster relief programs. We have already referred
thousands of cases we have identified as potentially improper and
fraudulent to the Katrina Fraud Task force for further investigation
and expect to refer others for additional investigation and possible
prosecution.
Conclusions:
Our Katrina and Rita work to date has shown that there are at least
tens of thousands of individuals that took advantage of the opportunity
to commit fraud against the federal government. Our work shows that for
one FEMA individual assistance program alone it is likely that over $1
billion has been lost to fraudulent and improper payments. With
potentially billions of dollars of additional spending likely for
Katrina and Rita recovery, state and federal agencies should implement
lessons learned with respect to the importance of effective fraud,
waste, and abuse prevention programs. With effective planning, relief
agencies should not have to make a choice between speedy delivery of
assistance and effective fraud prevention. Going forward, FEMA and
other agencies involved in disaster recovery efforts must work hard to
develop and institute effective controls that will ensure victims are
provided assistance as quickly as possible while also minimizing fraud,
waste, and abuse.
Chairman and Members of the Committee, this concludes my statement. I
would be pleased to answer any questions that you or other Members of
the Committee have at this time.
Contacts:
For further information about this testimony, please contact Gregory
Kutz at (202) 512-7455 or kutzg@gao.gov. Contact points for our Offices
of Congressional Relations and Public Affairs may be found on the last
page of this testimony.
FOOTNOTES
[1] GAO, Hurricanes Katrina and Rita: Unprecedented Challenges Exposed
the Individuals and Households Program to Fraud and Abuse; Actions
Needed to Reduce Such Problems in Future, GAO-06-1013 (Washington,
D.C.: Sept. 27, 2006).
[2] GAO, Expedited Assistance for Victims of Hurricanes Katrina and
Rita: FEMA's Control Weaknesses Exposed the Government to Significant
Fraud and Abuse, GAO-06-403T (Washington, D.C.: Feb. 13, 2006); GAO,
Hurricanes Katrina and Rita Disaster Relief: Improper and Potentially
Fraudulent Individual Assistance Payments Estimated to Be Between $600
Million and $1.4 Billion, GAO-06-844T (Washington, D.C.: June 14,
2006); GAO, Hurricanes Katrina and Rita Disaster Relief: Continued
Findings of Fraud, Waste, and Abuse, GAO-07-252T (Washington, D.C.:
Dec. 6, 2006).
[3] GAO, Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable
to Fraudulent, Improper, and Abusive Activity, GAO-06-957T (Washington,
D.C.: July 19, 2006). This work was performed jointly with the DHS
Office of Inspector General.
[4] The Federal Managers' Financial Integrity Act of 1982 (FMFIA)
required that GAO issue standards for internal control in government
resulting in the issuance of Internal Control: Standards for Internal
Control in the Federal Government, GAO/AIMD-98-21.3.1 (Washington,
D.C.: Nov. 1999).
[5] GAO/AIMD-98-21.3.1.
[6] GAO-06-403T.
[7] Because of the tremendous devastation caused by hurricanes Katrina
and Rita, FEMA activated expedited assistance to provide fast track
money--in the form of $2,000 in expedited assistance payments--to
eligible disaster victims to help with immediate, emergency needs for
food, shelter, clothing, and personal necessities.
[8] GAO-06-844T.
[9] GAO-07-252T.
[10] GAO/AIMD-98-21.3.1.
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site.
To have GAO e-mail you a list of newly posted products every afternoon,
go to www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548:
Public Affairs:
Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548:
