This is the accessible text file for GAO report number GAO-07-418T 
entitled 'Hurricanes Katrina and Rita Disaster Relief: Prevention Is 
the Key to Minimizing Fraud, Waste, and Abuse in Recovery Efforts' 
which was released on January 29, 2007. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to [email protected]. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Committee on Homeland Security and Governmental Affairs, 
U.S. Senate: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 10:00 a.m. EST: 

Monday, January 29, 2007: 

Hurricanes Katrina And Rita Disaster Relief: 

Prevention Is the Key to Minimizing Fraud, Waste, and Abuse in Recovery 
Efforts: 

Statement of Gregory Kutz, Managing Director: 
Forensic Audits and Special Investigations: 

GAO-07-418T: 

GAO Highlights: 

Highlights of GAO-07-418T, a testimony before the Committee on Homeland 
Security and Governmental Affairs, U.S. Senate 

Why GAO Did This Study: 

Hurricanes Katrina and Rita destroyed homes and displaced millions of 
individuals. While federal and state governments continue to respond to 
this disaster, GAO has identified significant control 
weaknesses�specifically in the Federal Emergency Management Agency 
(FEMA)�s Individuals and Households Program (IHP) and in Department of 
Homeland Security (DHS)�s purchase card program�resulting in 
significant fraud, waste, and abuse. In response to the numerous 
recommendations GAO made, DHS and FEMA have reported on numerous 
actions taken to address our recommendations. 

Lessons learned from GAO�s prior work can serve as a framework for an 
effective fraud prevention system for federal and state governments as 
they consider spending billions more on disaster recovery. These 
lessons are particularly important because funding that is lost to 
fraud, waste, and abuse reduces the amount of money that could be 
delivered to victims in need. 

Today�s testimony will 
(1) describe key findings from past GAO work and (2) use the results 
from that work and GAO�s other experiences to discuss the importance of 
an effective fraud, waste and abuse prevention program. 

What GAO Found: 

Prior GAO audit and investigative work on FEMA�s controls over IHP 
payments and DHS�s controls over purchase cards emphasizes one 
fundamental concept�that fraud prevention is the most effective and 
efficient means of minimizing fraud, waste, and abuse. GAO estimates 
that FEMA made about 16 percent or almost $1 billion dollars in 
improper and potentially fraudulent IHP payments to registrants who 
applied using invalid information, illustrating what can happen when 
fraud prevention controls are ineffective. For example, GAO found that 
FEMA made payments based on bogus damaged addresses, false identities, 
and identities belonging to federal and state prisoners. These findings 
highlight the need for effective controls over all types of recovery 
disbursements. With effective planning, relief agencies should not have 
to make a choice between speedy delivery of disaster recovery 
assistance and effective fraud prevention. Finally, GAO�s findings of 
significant control weaknesses in DHS�s purchase card program leading 
to fraud, waste, and abuse further underline the need for an effective 
framework for fraud prevention, monitoring, and detection as shown 
below. 

Figure: Program Designed to Minimize Fraud, Waste, and Abuse: 

[See PDF for Image] 

Source: GAO. 

[End of Figure] 

Our work on disaster assistance programs in particular show that 
preventive controls should be designed to include, at a minimum, a 
requirement that data used in decision making is validated against 
other government or third-party sources to determine accuracy. 
Inspections and physical validation should also be conducted whenever 
possible to confirm information prior to payment. System edit checks 
should also be used to identify problems before payments are made. 
Finally, providing training on fraud awareness is important in stopping 
fraud before it gets into any type of recovery program. 

Fraud detection and monitoring is also critical, although more costly 
and less effective than preventive controls. Key elements of detection 
include data mining for fraudulent information and performing reviews 
to establish the accountability of property and funds. The final 
element of a fraud prevention program is the collection of identified 
improper payments and the aggressive investigation and prosecution of 
individuals who commit fraud as a preventive measure for future 
disasters. These elements are most costly, and collecting money after 
it has been disbursed is far less effective than up front 
prevention�FEMA has collected only $7 million of the estimated $1 
billion in potential improper and fraudulent IHP payments. 

[Hyperlink, https://www.gao.gov/cgi-bin/getrpt?GAO-07-418T]. 

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact Gregory Kutz at (202) 512-
7455 or [email protected]. 

[End of Section] 

Chairman and Members of the Committee: 

Thank you for the opportunity to discuss the fraud prevention lessons 
learned as a result of the fraud, waste, and abuse that occurred as 
part of the overall hurricanes Katrina and Rita recovery efforts. 
Making landfall in August 2005, Hurricane Katrina was the costliest 
hurricane, and one of the deadliest, in U.S. history. In May 2006, this 
committee reported that Hurricane Katrina was responsible for over $150 
billion in damages and over 1,500 deaths, with thousands more reported 
missing. Hurricane Katrina devastated much of the Gulf Coast; the storm 
surge caused major or catastrophic damage along the coastlines of 
Alabama, Louisiana, and Mississippi. About 80 percent of New Orleans 
was flooded when levees protecting the city broke, and ultimately 
Hurricane Katrina affected 90,000 square miles. Hurricane Rita caused 
further devastation, making landfall on the Gulf Coast in September 
2005, causing an estimated $9.4 billion in damages and killing seven 
people. These two hurricanes posed numerous, unprecedented challenges 
for the federal government and state and local governments in the Gulf 
Coast region. For example, the Federal Emergency Management Agency 
(FEMA) received far more applications for housing and "other needs" 
assistance, and awarded more grant money in 2005-2006 for Hurricanes 
Katrina and Rita than for all of the hurricanes that resulted in a 
disaster declaration in 2004 (Ivan, Charley, Frances, and Jeanne) and 
2003 (Isabel and Claudette) combined.[Footnote 1] 

The recovery effort in the Gulf Coast region in response to the two 
hurricanes is unprecedented and will, over time, require an even more 
substantial amount of funding. Testimonies we delivered on February 13, 
June 14, and December 6, 2006,[Footnote 2] identified significant 
fraud, waste, and abuse in just one of the programs FEMA uses to 
provide disaster recovery assistance--the Individuals and Households 
Program (IHP). As of October 2006, FEMA reported to Congress that it 
had delivered approximately $7 billion in IHP aid for hurricanes 
Katrina and Rita. Areas we have highlighted related to FEMA's IHP 
program included our estimate of $600 million to $1.4 billion of 
payments FEMA disbursed based on invalid registrations made through 
February of 2006. These improper and potentially fraudulent payments 
arose from breakdowns in preventive controls that failed to identify 
bogus registrations made using information such as invalid Social 
Security numbers and bogus damaged addresses. Numerous other areas of 
internal control weaknesses resulted in additional fraud, waste, and 
abuse. For example, we have identified duplicate claims for hurricanes 
Katrina and Rita, payments to nonqualified aliens, improper use of the 
government purchase cards, and missing or stolen government computers, 
printers, and other items. Our testimony before this committee on July 
19, 2006,[Footnote 3] identified additional examples of fraud, waste 
and abuse related to the use of Department of Homeland Security (DHS) 
purchase cards for response and recovery efforts. Based on these 
findings, we have made recommendations to FEMA and DHS to develop 
effective systems and controls to minimize fraud, waste, and abuse. In 
response to our recommendations FEMA and DHS have identified numerous 
actions they have taken to address our recommendations, and improve 
internal controls. 

Crucial internal controls and control weaknesses we identified during 
our work on the IHP program, and requirements in the Comptroller 
General's Standards for Internal Control in the Federal 
Government,[Footnote 4] are directly relatable to controls over 
disaster recovery assistance efforts. Lessons learned from our findings 
of fraud, waste, and abuse related to Katrina and Rita can serve as a 
lesson for federal and state governments as they consider spending 
substantial sums--estimated to be billions of additional dollars--on 
Katrina and Rita recovery efforts and for future disaster recovery 
spending beyond Katrina and Rita. Identifying and adopting these 
lessons are crucial because disaster assistance and recovery funds that 
is lost to fraud, waste, and abuse reduce the amount of money that 
could be delivered to alleviate the pain, suffering, and needs of 
legitimate victims of disasters. Further, fiscal challenges facing 
federal and state governments only increase the need for pressure on 
agencies to best ensure that available disaster relief funding is spent 
as efficiently and effectively as possible. My testimony today will (1) 
summarize the key findings of fraud, waste, and abuse from our past 
work related to hurricanes Katrina and Rita recovery efforts and (2) 
use the results from that work and GAO's other experiences to discuss 
the importance of an effective fraud, waste, and abuse prevention 
program. 

To address our objectives, we reviewed prior findings from GAO audits 
of hurricane Katrina and Rita relief efforts. We also reviewed 
applicable guidance on internal control standards from the Comptroller 
General's Standards for Internal Controls in the Federal 
Government.[Footnote 5] We conducted our audit work in accordance with 
generally accepted government auditing standards and conducted 
investigative work in accordance with standards prescribed by the 
President's Council on Integrity and Efficiency. 

Summary: 

Findings from our prior work on FEMA's IHP payments and DHS's purchase 
card program show that fraud, waste, and abuse related to hurricanes 
Katrina and Rita disaster assistance are significant. Due to the need 
to provide assistance quickly and expedite purchases, programs without 
effective fraud prevention controls can end up losing millions or 
potentially billions of dollars to fraud, waste, and abuse. For 
example, for the FEMA IHP program alone, we estimate that through 
February 2006, FEMA made about 16 percent, or $1 billion, in improper 
and potentially fraudulent payments to registrants who used invalid 
information to apply for disaster assistance. Subsequent findings 
showed additional improper and potentially fraudulent payments for IHP 
and acquisitions made using DHS purchase cards. 

The following are some examples from our work related to the hurricane 
Katrina and Rita recovery efforts that are symptomatic of an 
ineffective fraud, waste, and abuse prevention program. 

* Millions of dollars paid to individuals who used bogus damaged 
property addresses, invalid Social Security numbers, or duplicate 
registrations. 

* Millions of dollars in payments to thousands of registrants who used 
Social Security numbers that had never been issued or belonged to 
deceased individuals. 

* Millions of dollars paid on over 1,000 registrations containing the 
names and Social Security numbers of individuals incarcerated in 
federal or state prisons during the hurricanes. 

* FEMA provided thousands of registrants rental assistance money while 
at the same time providing rent-free housing in hotels, apartments, and 
FEMA trailers. 

* FEMA provided about $20 million dollars in potentially duplicate 
payments to individuals who registered and received assistance twice, 
for both hurricanes Katrina and Rita, using the same Social Security 
number and damaged address. 

* Several million dollars worth of IHP payments were made to ineligible 
nonqualified aliens. 

* Several payments made of fictitious registrations that GAO submitted 
using bogus identities and addresses. 

* A year after DHS used the purchase cards to pay for items intended to 
assist in providing disaster relief, 34 percent of these items could 
not be located and are presumed lost or stolen. 

These examples highlight lessons learned with respect to the importance 
of federal and state governments establishing effective prevention 
programs in order to minimize such fraud, waste, and abuse. An 
effective program would include fraud prevention controls, fraud 
detection, monitoring adherence to controls throughout the entire 
program life, collection of improper payments, and aggressive 
prosecution of individuals committing fraud. These controls are crucial 
whether dealing with programs to provide housing and other needs 
assistance, or other recovery efforts. With effective planning, relief 
agencies should not have to make a choice between speedy delivery of 
disaster recovery assistance and effective fraud prevention. 

The results of audit work on FEMA's IHP payments and DHS purchase card 
controls serve to emphasize the fundamental concept that fraud 
prevention is the most effective and efficient means to minimize fraud, 
waste, and abuse. Preventive controls should be designed to include, at 
a minimum, a requirement that application data be validated against 
other government or third-party sources to determine whether 
registrants provided accurate information on their identity and place 
of residence. Further, such preventive controls should include physical 
verification, edit checks to identify problem registrants and claims 
(e.g., duplicates) before payments are made, and training on fraud 
awareness and potential fraud schemes for all key government and 
contractor personnel. 

Although more costly and less effective than preventive controls, fraud 
detection and monitoring is also a necessary element of an effective 
overall fraud prevention program. Key elements of an effective 
detection process include data-mining for fraudulent and suspicious 
registrants and reviews to establish the accountability of property and 
funds. Our investigations into lost or stolen items bought for relief 
efforts show the importance of establishing and maintaining 
accountability over assets easily converted to personal use, such as 
laptop computers. Another element of an effective fraud prevention 
program is the collection of identified improper payments and the 
aggressive investigation and prosecution of individuals who committed 
fraud against the federal government. While our evidence shows that 
collection actions after money has gone out the door are far less 
effective than up front preventive controls, the deterrent value of 
prosecuting those who commit fraud sends the message that the 
government will not tolerate individuals stealing assistance money and 
serves as a preventive measure for future disasters. In addition, 
lessons learned from investigations and prosecutions should be used to 
improve up front fraud prevention controls as well. 

Prior Findings of Fraud, Waste, and Abuse: 

Audit work we performed on FEMA's IHP payments and DHS's purchase card 
program identified widespread fraud, waste, and abuse. Findings from 
these audits and our related investigations show the result of 
ineffective preventive controls. As shown by our IHP work, ineffective 
preventive controls can result in hundreds of millions or potentially 
billions of dollars in improper and fraudulent payments. In addition, 
our work on DHS purchase cards showed that control weaknesses in 
government purchasing programs can also result in fraud, waste, and 
abuse. 

Between February and December 2006, we testified on three different 
occasions that potentially improper and fraudulent activities related 
to the IHP program are significant. Our February 2006 
testimony[Footnote 6] focused on control weaknesses that resulted in 
FEMA making thousands of Expedited Assistance[Footnote 7] (EA) payments 
that were based on bogus registration data. Specifically, we found that 
FEMA made millions of dollars in payments on registrations containing 
Social Security numbers that had never been issued or belonged to 
deceased individuals. In addition, we also found that numerous 
registrations we selected for investigation contained bogus damaged 
address. We also successfully submitted fictitious registrations and 
received payments using bogus identities and addresses. 

Our second testimony in June 2006[Footnote 8] discussed breakdowns in 
internal controls, in particular the lack of controls designed to 
prevent bogus registrations. These breakdowns resulted in an estimated 
16 percent or $1 billion in payments made through February 2006 based 
on invalid registrations. The statistical sample testing used to reach 
this estimate found payments made on registrations that contained 
invalid identities, bogus addresses, addresses which the registrant did 
not live in at the time of the disaster, and duplicate registrations. 
Our data mining also found that FEMA paid millions of dollars on over 
1,000 registrations containing the names and Social Security numbers of 
individuals incarcerated in federal or state prisons during the 
hurricanes, and paid millions of dollars in IHP payments to individuals 
who claimed a Post Office box as their damaged physical address in 
order to receive assistance. 

In our December 2006 testimony[Footnote 9] we found additional 
instances of IHP fraud, waste, and abuse, including duplicate housing 
assistance provided to thousands of individuals living in FEMA-provided 
housing. Specifically FEMA paid registrants rental assistance money 
while at the same time providing rent-free housing in apartments and 
FEMA trailers. We also found that FEMA provided about $20 million 
dollars in potentially duplicate payments to individuals who registered 
and received assistance twice using the same Social Security number and 
damaged address. These individuals registered once for Hurricane 
Katrina and then again for Hurricane Rita using the same Social 
Security number and damaged address. FEMA also paid several million 
more dollars worth of IHP payments to registrants who were ineligible 
nonqualified aliens. Based on data we received from several 
universities in the area, we identified that FEMA made IHP payments to 
more than 500 ineligible foreign students, despite receiving, in some 
cases, evidence clearly showing that they were not eligible for IHP 
benefits. The December 2006 testimony also pointed to the small amount 
of money that FEMA had been able to collect from improper payments as 
of November 2006. Specifically, in contrast to the $1 billion in 
potentially improper and/or fraudulent payments we estimated through 
February 2006, FEMA had detected, as of November 2006, about $290 
million in improper payments, and had collected only $7 million. 

Our work on DHS purchase card controls found weak accountability over 
FEMA computers, printers, Global Positioning System (GPS) units, and 
other items bought for hurricane relief efforts using government 
purchase cards. Thirty-four percent of items obtained with purchase 
cards that we investigated could not be located and are thus presumed 
lost or stolen. As of October 2006, more than 40 computers, 10 
printers, 20 GPS units, and 2 flat-bottom boats are missing. In 
addition, 18 other flat-bottom boats purchased by FEMA were in its 
possession, but FEMA did not own title to any of them. Based on these 
findings, and the findings on the IHP program, we have made 
recommendations to FEMA to develop effective systems and controls to 
minimize the opportunity for fraud, waste, and abuse in the future. 
FEMA has generally concurred with most of our recommendations and has 
reported on actions to improve prevention of fraud, waste, and abuse 
for the future. 

Framework for Fraud Prevention, Detection, and Prosecution: 

The results of our work serve to emphasize the overall lesson learned 
that fraud prevention is the most effective and efficient means to 
minimize fraud, waste, and abuse. It also demonstrates that the 
establishment of effective fraud prevention controls over the 
registration and payment process, fraud detection and monitoring 
adherence to those controls, and the aggressive pursuit and prosecution 
of individuals committing fraud are crucial elements of an effective 
fraud prevention program over any assistance programs with defined 
eligibility criteria, including disaster assistance programs. 

The very nature of the government's need to quickly provide assistance 
to individuals adversely affected by disasters makes assistance 
payments more vulnerable to applicants attempting to obtain benefits 
that they are not entitled to receive. However, it is because of these 
known vulnerabilities that federal and state governments need to have 
effective controls in place to minimize the opportunities for 
individuals to defraud the government. Figure 1 provides an overview of 
how preventive controls help to screen out the majority of fraud, 
waste, and abuse, and how detection controls and prosecution can help 
to further minimize the extent to which a program is vulnerable to 
fraud. 

Figure 1: Program Designed to Minimize Fraud, Waste, and Abuse: 

[See PDF for image] 

Source: GAO. 

[End of figure] 

The Importance of Fraud, Waste, and Abuse Prevention to Katrina and 
Rita Recovery Efforts: 

Preventive controls are a key element on an effective fraud prevention 
program and are also described in the Standards for Internal Control in 
the Federal Government.[Footnote 10] The most crucial element of 
effective fraud prevention controls is a focus on substantially 
diminishing the opportunity for fraudulent access into the system 
through front-end controls. Preventive controls should be designed to 
include, at a minimum, a requirement for data validation, system edit 
controls, and fraud awareness training. Finally, prior to implementing 
any new preventive controls, and well in advance of any disaster, 
agencies must adequately field test the new controls to ensure that 
controls are operating as intended and that legitimate victims are not 
denied benefits. 

Fraud prevention can be achieved by requiring that registrants provide 
information in a uniform format, and validating these data against 
other government or third-party sources to determine whether 
registrants provided accurate information on their identity and place 
of residence. Effective fraud prevention controls require that agencies 
enter into data-sharing arrangements with organizations to perform 
validation. In the current environment, agencies have at their disposal 
a large number of data sources that they can use to validate the 
identity and address of registrants. However, our work related to 
FEMA's management of the IHP program for hurricanes Katrina and Rita 
found that its limited--or sometimes nonexistent--use of a third-party 
validation process left disaster assistance programs vulnerable to 
substantial fraud. For example, FEMA's failure to implement preventive 
controls to validate the identity of individuals who applied using the 
telephone resulted in FEMA making millions of dollars in payments to 
individuals who used Social Security numbers that had never been issued 
or belonged to deceased individuals. Another method of data validation 
is through physical inspection of the disaster damage prior to payment. 
While physical inspections in a timely manner may not be possible to 
prevent all fraudulent and improper payments, our work found that FEMA 
continued to make payments without a valid physical inspection of our 
undercover registration's bogus addresses, months after the hurricanes 
had occurred. 

System edit checks designed to identify problem registrants and claims 
(e.g., duplicates) before payments are made are also a crucial lesson 
learned with respect to ensuring that obviously false or duplicate 
information is not used to receive disaster relief payments. System 
edit checks are most effective if performed before distribution of a 
payment. Edit checks should include ensuring that (1) the same Social 
Security number was not used on multiple registrations and (2) the 
registrant provides a verifiable physical address on which the disaster 
damage is based. In the case of FEMA's IHP program, ineffective edit 
checks resulted in millions paid to registrants who claimed the same 
damages twice, once for Hurricane Katrina and once for Hurricane Rita, 
and registrants who submitted multiple registrations using the same 
name, Social Security number, or address. Ineffective edit checks also 
resulted in payments being made based on obviously false data, 
including payments of millions of dollars to individuals who used a 
Post Office box as their damaged physical address in order to receive 
assistance. 

Beyond validation and edits, lessons learned show that other controls, 
including a well-trained work force that is aware of the potential for 
fraud, can help prevent fraud. Fraud awareness training with frontline 
personnel--specifically on the potential for fraud within the program 
and the likely types of fraud they could encounter--is crucial to 
stopping fraud before it gains access into the program. In addition, 
when implementing any new controls, it is important to field test all 
systems prior to putting them in place. On top of reducing the risk of 
untested controls allowing substantial fraud, field testing also helps 
to ensure that new controls do not improperly deny benefits to valid 
registrants. A safety net for those registrants who are wrongly denied 
disaster relief due to preventive controls should always be in place to 
ensure they receive assistance. 

Detection and Monitoring Help Assure that Funds Are Used for Disaster 
Recovery: 

Even with effective preventive controls, there is substantial residual 
risk that fraudulent and improper disaster relief payments can occur. 
Our work has shown that agencies must continue their efforts to monitor 
fraud and improper payment vulnerabilities in the execution of disaster 
relief programs, even if these efforts are more costly and less 
effective than preventive controls. Detection and monitoring efforts 
are addressed in the Standards for Internal Control in the Federal 
Government and include data-mining for fraudulent and suspicious 
transactions and reviews to establish the accountability of funds. 
Also, control weaknesses identified through detection and monitoring 
should be used to make improvements to preventive controls to reduce 
the risk for fraud, waste, and abuse in the future. 

The data-mining we performed to search for anomalies in registrant data 
and purchase card transactions show how important constant monitoring 
and detection can be. Through data-mining, we found rental assistance 
payments to individuals who were residing in FEMA-provided hotel rooms, 
trailers, and apartments and payments to ineligible, nonqualified 
aliens. We found examples of multiple registrations citing the same 
address or bank accounts, and numerous residents in a damaged apartment 
building all relocating to the same location, which may also suggest 
fraud. By comparing applicant data in FEMA's own databases, we 
identified duplicate applications submitted for both Katrina and Rita, 
but intended to cover the same damage to the same residence. By 
comparing recipient data against federal and state prisoners' 
databases, we identified instances where prisoners had fraudulently 
registered for and received disaster relief payments while 
incarcerated. Our examples illustrate that data-mining efforts should 
be done in a manner that uses creative solutions to search for 
potential fraud using all available data sources. To the extent that 
data-mining identifies systematic fraud, intelligence should be fed 
back into the fraud prevention process so that for future disasters the 
fraud is detected and prevented before money is disbursed. 

Depending on the type of assistance provided and the means in which the 
assistance was distributed, it can be important for an agency to 
monitor the use of disaster relief funds. Our review of FEMA's IHP 
program found that while the vast majority of debit card transactions 
that were not withdrawn as cash appeared to have been used for disaster-
related needs, we did find a number of purchases for nondisaster items 
such as football tickets, alcohol, massage parlor services, and adult 
videos. In addition, our review of items bought with DHS purchase cards 
found that many items bought for use in disaster relief were lost or 
stolen. By monitoring these types of uses, agencies may be able to 
ensure that disaster funds are used to help mitigate losses and not 
used for inappropriate items or services. 

Collection Efforts, Investigations, and Prosecutions Are Far Less 
Effective than Up Front Fraud Prevention: 

Another element of a fraud prevention program is the collection of 
improper payments and the aggressive investigation and prosecution of 
individuals who committed fraud against the government. These back-end 
controls are often the most costly and less effective means of reducing 
losses to fraud, waste, and abuse. However, the deterrent value of 
prosecuting those who commit fraud sends the message that the 
government will not tolerate individuals stealing assistance money, and 
thus serving as a preventive measure for future disasters. Our 
experience is that investigations and prosecutions are a necessary part 
of an overall fraud prevention and deterrence program, but should be a 
last resort when all other controls have failed. For hurricanes Katrina 
and Rita, the Justice Department has set up the Katrina Fraud Task 
Force, which has successfully investigated and prosecuted numerous 
individuals who received assistance fraudulently from FEMA. 

In December 2006, we testified to the difficulty of collecting on 
improper payments after they have been disbursed. Specifically, in 
contrast to the $1 billion we estimated to be improper and potentially 
fraudulent payments--an estimate derived from statistical sampling-- 
FEMA determined that it had overpaid nearly 60,000 registrants about 
$290 million as of November 2006. These overpayments, which FEMA refers 
to as recoupments, represent the improper payments that FEMA reported 
it had detected and for which it had issued collection letters. 
Although FEMA had identified about $290 million in overpayments, as of 
late 2006, FEMA stated that it had only collected nearly $7 million. 
The small amount of money that FEMA had collected on overpayments 
related to hurricanes Katrina and Rita further emphasizes the need for 
preventing fraud, waste, and abuse prior to payments going out the 
door. 

Lessons learned from our prior work show that, while investigations and 
prosecutions can be the most visible means to deal with individuals 
intent on perpetrating fraud schemes, they are also the most costly and 
should not be used in place of other more effective preventive 
controls. Still, by successfully prosecuting such individuals, agencies 
can deter others who are thinking of taking advantage of the inherent 
vulnerabilities in disaster relief programs. We have already referred 
thousands of cases we have identified as potentially improper and 
fraudulent to the Katrina Fraud Task force for further investigation 
and expect to refer others for additional investigation and possible 
prosecution. 

Conclusions: 

Our Katrina and Rita work to date has shown that there are at least 
tens of thousands of individuals that took advantage of the opportunity 
to commit fraud against the federal government. Our work shows that for 
one FEMA individual assistance program alone it is likely that over $1 
billion has been lost to fraudulent and improper payments. With 
potentially billions of dollars of additional spending likely for 
Katrina and Rita recovery, state and federal agencies should implement 
lessons learned with respect to the importance of effective fraud, 
waste, and abuse prevention programs. With effective planning, relief 
agencies should not have to make a choice between speedy delivery of 
assistance and effective fraud prevention. Going forward, FEMA and 
other agencies involved in disaster recovery efforts must work hard to 
develop and institute effective controls that will ensure victims are 
provided assistance as quickly as possible while also minimizing fraud, 
waste, and abuse. 

Chairman and Members of the Committee, this concludes my statement. I 
would be pleased to answer any questions that you or other Members of 
the Committee have at this time. 

Contacts: 

For further information about this testimony, please contact Gregory 
Kutz at (202) 512-7455 or [email protected]. Contact points for our Offices 
of Congressional Relations and Public Affairs may be found on the last 
page of this testimony. 

FOOTNOTES 

[1] GAO, Hurricanes Katrina and Rita: Unprecedented Challenges Exposed 
the Individuals and Households Program to Fraud and Abuse; Actions 
Needed to Reduce Such Problems in Future, GAO-06-1013 (Washington, 
D.C.: Sept. 27, 2006). 

[2] GAO, Expedited Assistance for Victims of Hurricanes Katrina and 
Rita: FEMA's Control Weaknesses Exposed the Government to Significant 
Fraud and Abuse, GAO-06-403T (Washington, D.C.: Feb. 13, 2006); GAO, 
Hurricanes Katrina and Rita Disaster Relief: Improper and Potentially 
Fraudulent Individual Assistance Payments Estimated to Be Between $600 
Million and $1.4 Billion, GAO-06-844T (Washington, D.C.: June 14, 
2006); GAO, Hurricanes Katrina and Rita Disaster Relief: Continued 
Findings of Fraud, Waste, and Abuse, GAO-07-252T (Washington, D.C.: 
Dec. 6, 2006). 

[3] GAO, Purchase Cards: Control Weaknesses Leave DHS Highly Vulnerable 
to Fraudulent, Improper, and Abusive Activity, GAO-06-957T (Washington, 
D.C.: July 19, 2006). This work was performed jointly with the DHS 
Office of Inspector General. 

[4] The Federal Managers' Financial Integrity Act of 1982 (FMFIA) 
required that GAO issue standards for internal control in government 
resulting in the issuance of Internal Control: Standards for Internal 
Control in the Federal Government, GAO/AIMD-98-21.3.1 (Washington, 
D.C.: Nov. 1999). 

[5] GAO/AIMD-98-21.3.1. 

[6] GAO-06-403T. 

[7] Because of the tremendous devastation caused by hurricanes Katrina 
and Rita, FEMA activated expedited assistance to provide fast track 
money--in the form of $2,000 in expedited assistance payments--to 
eligible disaster victims to help with immediate, emergency needs for 
food, shelter, clothing, and personal necessities. 

[8] GAO-06-844T. 

[9] GAO-07-252T. 

[10] GAO/AIMD-98-21.3.1. 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts 
newly released reports, testimony, and correspondence on its Web site. 
To have GAO e-mail you a list of newly posted products every afternoon, 
go to www.gao.gov and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office 441 G Street NW, Room LM 
Washington, D.C. 20548: 

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 
512-6061: 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: [email protected] 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S. 
Government Accountability Office, 441 G Street NW, Room 7125 
Washington, D.C. 20548: 

Public Affairs: 

Paul Anderson, Managing Director, [email protected] (202) 512-4800 
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, D.C. 20548: