This is the accessible text file for GAO report number GAO-06-954T 
entitled 'Individual Disaster Assistance Programs: Framework for Fraud 
Prevention, Detection, and Prosecution' which was released on July 12, 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 


Before the Subcommittee on Management, Integration, and Oversight, 
Committee on Homeland Security, U.S. House of Representatives: 

United States Government Accountability Office: 


For Release on Delivery Expected at 2:00 p.m. EST: 

Wednesday, July 12, 2006: 

Individual Disaster Assistance Programs: 

Framework for Fraud Prevention, Detection, and Prosecution: 

Statement of Gregory D. Kutz, Management Director Forensic Audits and 
Special Investigations: 


GAO Highlights: 

Highlights of GAO-06-954T, a testimony before the Subcommittee on 
Management, Integration, and Oversight, Committee on Homeland Security, 
U.S. House of Representatives 

Why GAO Did This Study: 

Federal agencies spend billions of dollars annually to aid victims of 
natural and other disasters and acts of terrorism. Managers of federal 
disaster assistance programs face a dual challenge—delivering aid as 
quickly as possible while at the same time ensuring that relief 
payments go only to those who are truly in need. Due to the very nature 
of the government’s need to quickly provide assistance to disaster 
victims, federal disaster relief programs are vulnerable to significant 
risk of improper payments and fraudulent activities. 

On February 13, 2006, and on June 14, 2006, GAO testified concerning 
extensive fraud, waste, and abuse in the Individuals and Household 
Program (IHP), a component of the Federal Emergency Management Agency’s 
(FEMA) disaster assistance programs. GAO identified significant 
internal control weaknesses that resulted in FEMA making tens of 
thousands of Expedited Assistance payments that were based on bogus 
registration data. GAO also found numerous other internal control 
failures in FEMA’s IHP disaster assistance program, resulting in an 
estimate that FEMA made $600 million to $1.4 billion in improper and 
potentially fraudulent payments to registrants. The purpose of this 
testimony is to establish a framework for preventing, detecting, and 
prosecuting disaster assistance fraud. 

What GAO Found: 

Recent GAO audits have illustrated the importance of an effective 
fraud, waste, and abuse prevention system in federal disaster 
assistance programs. GAO’s Standards for Internal Control in the 
Federal Government provide a framework for internal control that can be 
used to minimize fraudulent, wasteful, and abusive activity regardless 
of whether dealing with the effects of natural disasters like 
hurricanes Katrina and Rita, or coping with the destruction left by the 
terrorist attacks of September 11, 2001. 

The figure below illustrates that a well-designed fraud prevention 
system should consist of three crucial elements: (1) upfront preventive 
controls, (2) detection and monitoring, and (3) investigations and 
prosecutions. The figure also shows that upfront preventive controls 
can help screen out the majority of fraud, and are the most effective 
and efficient means to minimize fraud, waste, and abuse. Detection and 
monitoring, and aggressive prosecution of individuals committing fraud, 
while also crucial elements of an effective system, are less effective 
and generally cost more. 

Figure: Program Designed to Minimize Fraud, Waste, and Abuse: 

[See PDF for Image] 

Source: GAO> 

[End of Figure] 

Audit work has long confirmed that upfront preventive controls are most 
effective when they require validation of data provided by disaster 
registrants against other government or third-party sources, and 
physical inspections when possible. Preventive controls should also 
include procedures designed to identify problem registrants prior to 
payments. Training personnel on fraud awareness and potential fraud 
schemes is also an integral component in preventive controls. 
Collectively, these preventive controls can help improve program 
integrity and safeguard tax dollars. 

An effective fraud deterrence program must also include resources to 
continually monitor and detect potential fraud, and aggressively 
investigate and prosecute individuals who received assistance 
fraudulently. Monitoring and detection include data-mining for 
suspicious registrations and payment usage, and setting up fraud 
hotlines. Finally, program integrity is enhanced by investigating and 
prosecuting individuals who take advantage of program weaknesses. 
However, the high costs of prosecutions highlight our conclusion that 
upfront preventive controls are most effective in preventing fraud, and 
that lessons learned from detection and prosecutions should be used to 
improve preventive controls. 


To view the full product, including the scope and methodology, click on 
the link above. For more information, contact Gregory Kutz at (202) 512-
7455 or 

[End of Section] 

Mr. Chairman and Members of the Committee: 

Thank you for the opportunity to discuss fraud prevention and detection 
related to the federal government's efforts to provide assistance to 
individuals and households in the aftermath of disasters.[Footnote 1] 
Effective fraud prevention in relief programs is an important issue, 
regardless of whether dealing with the effects of natural disasters 
like hurricanes Katrina and Rita, or coping with the destruction left 
by the terrorist attacks of September 11, 2001. Agencies are faced with 
many challenges in the aftermath of a disaster and must devote 
resources not only to distributing money and relief quickly to victims, 
but must also minimize fraud, waste, and abuse to ensure only 
legitimate victims receive assistance. 

On February 13, 2006,[Footnote 2] and then again on June 14, 
2006,[Footnote 3] we testified concerning extensive fraud, waste, and 
abuse related to hurricanes Katrina and Rita in the Individuals and 
Household Program (IHP), a component of the broader disaster assistance 
program from the Federal Emergency Management Agency (FEMA). The 
February testimony focused on control weaknesses that resulted in FEMA 
making tens of thousands of Expedited Assistance (EA) payments that 
were based on bogus registration data. Our June 14, 2006, testimony 
discussed breakdowns in internal controls, in particular the lack of 
controls designed to prevent bogus registrations, which resulted in an 
estimated $600 million to $1.4 billion in improper and potentially 
fraudulent payments. Based on these findings we have made 
recommendations to FEMA to develop effective systems and controls to 
minimize the opportunity for fraud, waste, and abuse when FEMA decides 
to provide assistance in the future. Crucial internal controls and 
control weaknesses we identified during our work on hurricane disaster 
relief, and requirements in the Comptroller General's Standards for 
Internal Control in the Federal Government,[Footnote 4] are directly 
relatable to controls over any individual assistance program, 
regardless of the cause of the disaster. My testimony today will focus 
on the importance of fraud prevention controls, fraud detection 
efforts, and the aggressive pursuit and prosecution of individuals who 
commit fraud against the government in a time of disaster. 


The establishment of effective fraud prevention controls over the 
registration and payment process, fraud detection and monitoring 
adherence to those controls throughout the entire program life, and the 
aggressive pursuit and prosecution of individuals committing fraud are 
crucial elements of an effective fraud prevention program over any 
assistance programs with defined eligibility criteria, including 
disaster assistance programs. The very nature of the government's need 
to quickly provide assistance to individuals adversely affected by 
disasters makes assistance payments more vulnerable to applicants 
attempting to obtain benefits that they are not entitled to receive. 
However, it is because of these known vulnerabilities that the federal 
government, and more specifically FEMA, needed to have had effective 
controls in place to minimize the opportunities for individuals to 
defraud the government. Figure 1 provides an overview of how prevention 
controls help to screen out the majority of fraud, waste and abuse, and 
how detective controls and prosecution can help to further minimize the 
extent to which a program is vulnerable to fraud. 

Figure 1: Program Designed to Minimize Fraud, Waste and Abuse: 

[See PDF for image] 

Source: GAO. 

[End of figure] 

The results of our work serve to emphasize the fundamental concept that 
fraud prevention is the most effective and efficient means to minimize 
fraud, waste, and abuse. Preventive controls should be designed to 
include, at a minimum, a requirement that data provided by registrants 
be validated against other government or third-party sources to 
determine whether registrants provided accurate information on their 
identity and place of residence. Inspections and physical validation 
processes should also be conducted whenever possible to confirm 
registration information prior to payment. System edit checks designed 
to identify problem registrants and claims (e.g., duplicates) before 
payments are made are also critical. Finally, providing training on 
fraud awareness and potential fraud schemes to all key government and 
contractor personnel is important in stopping fraud before it gets into 
the program. Prior to implementing any new controls, and well in 
advance of any disaster, agencies must adequately field test the new 
controls to ensure that controls are operating as intended and that 
legitimate victims are not denied benefits. In addition, as fraud 
prevention controls are increased, agencies must provide safety 
precautions to assist any disaster victims who are inappropriately 
denied relief due to preventive controls. 

Although more costly and less effective than preventive controls, fraud 
detection and monitoring after payments have been made is also 
critical. Key elements of the detection process include data-mining for 
fraudulent and suspicious registrants, reviews to establish the 
accountability of funds, and the establishment of hotlines to receive 
tips of potentials fraud. For example, after the initial registration 
process, agencies need a control system that includes continual 
monitoring, to include data-mining registrations--similar to the data- 
mining we conducted--to identify potentially fraudulent registrations 
in their claim system. Also, control weaknesses identified through 
detection and monitoring should be used to make improvements to 
preventive controls to reduce the risk for fraud, waste, and abuse in 
the future. 

Another element of a fraud prevention program is the aggressive 
investigation and prosecution of individuals who committed fraud 
against the federal government. The deterrent value of prosecuting 
those who commit fraud sends the message that the government will not 
tolerate individuals stealing assistance money, serving as a preventive 
measure for future disasters. For hurricanes Katrina and Rita the 
Justice Department has set up the Katrina Fraud Task Force, which has 
investigated and convicted numerous individuals who received assistance 
fraudulently from FEMA. Further, schemes identified through 
investigations and prosecution can be used to improve the fraud 
prevention program. 

Fraud, Waste, and Abuse Prevention Controls: 

Prevention is the most effective and efficient way to minimize fraud, 
waste, and abuse in any federal program, including disaster assistance, 
and is also a key element described in the Standards for Internal 
Control in the Federal Government.[Footnote 5] The most crucial element 
of fraud prevention is to substantially diminish the opportunity for 
fraudulent access into the system through front end controls. Figure 2 
displays how preventive controls fit within a larger fraud, waste, and 
abuse prevention program. 

Figure 2: Preventive Controls: 

[See PDF for image] 

Source: GAO. 

[End of figure] 

Fraud prevention can be achieved by requiring that registrants provide 
information in a uniform format, and validating that information 
against external sources. In the current environment, agencies have at 
their disposal a large number of data sources that they can use to 
validate the identity and address of registrants. However, our work 
related to FEMA's management of the IHP program for hurricanes Katrina 
and Rita found that their limited use of a third-party validation 
process left room for substantial fraud. Effective fraud prevention 
controls require that agencies enter into data-sharing arrangements 
with organizations to perform validation. System edit checks are also 
key to identifying and rejecting fraudulent registrations before 
payments are disbursed. In addition, an effective fraud prevention 
system is not complete without adequate fraud awareness training of all 
personnel involved in the distribution of relief. Finally, any new 
systems or processes need to be field tested to ensure that the system 
is working properly prior to implementation. 

Data Validation: 

Prior to a disaster registrant gaining access to relief payments, key 
registrant information must be validated. For this program, data such 
as names, social security numbers (SSN), primary residences, 
citizenship status, and any other information which determines 
eligibility must be validated upfront, prior to agencies accepting the 
registration, or at least prior to disbursements being made. Obtaining 
releases from registrants which allow an agency to validate data with 
other sources such as social security records, tax records, and other 
information is an important step that can facilitate effective 
validation of data. 

Depending on the turnaround time needed for a payment, agencies can 
chose to validate records with federal government databases, or 
validate information with third-party contractors who can confirm key 
information with publicly available data from credit reports and other 
sources almost instantaneously. When using these third-party sources it 
is also important to at least periodically authenticate[Footnote 6] the 
data within the program with the source of the information such as 
Social Security Administration (SSA) or Internal Revenue Service (IRS) 
records. Regardless of the sources used, all key data concerning a 
registration has to be validated to minimize the risks to acceptable 
levels prior to the registrant being accepted in the program. For 
example, because FEMA lacked basic identity validation controls, they 
accepted thousands of IHP registrations from registrants who provided 
social security numbers that had never been issued or belonged to 
deceased individuals. In addition, because FEMA failed to validate 
damaged address information, we found thousands of dollars were paid to 
individuals for bogus damaged addresses. 

For data to be properly validated, it should be recorded in a uniform 
format. Once key data elements relating to disaster relief eligibility 
are determined, our work has shown that it is important to record the 
information in a format that will facilitate data validation with 
external sources. Otherwise, agencies may be faced with thousands or 
tens of thousands of registrations being rejected or placed in a manual 
review status because data was not recorded accurately. This is also 
particularly important when recording names, identity information, and 
addresses in order to prevent registrants from getting multiple 
payments by changing the spelling of their address or name. For 
example, data collected by hotels providing lodging that was paid for 
by FEMA did not record occupant's SSN or FEMA registration ID numbers. 
Thus, there were no common data elements that could be used to ensure 
people already staying at FEMA paid hotels did not also improperly 
receive rental assistance. 

Within the federal government, many organizations such as SSA, United 
States Postal Service (USPS), and IRS maintain information on disaster 
assisted registrants. These are all data sources that we have used in 
prior forensic work to identify fraudulent and improper payments. 
However, proactive actions are necessary on the part of agencies 
responsible for providing disaster assistance to enter into data- 
sharing agreements with organizations that own the data. Agreements 
have to be in place prior to any disaster occurring for agencies to 
take advantage of data-validation sources. Also for tax information, 
consent must be requested from the registrant at the time of 

Finally, whenever possible, registration data and specific loss claims 
should be validated by a physical inspection of the disaster damage 
prior to payment. In some cases, as with the massive destruction caused 
by Hurricane Katrina, physical inspections in a timely manner are not 
possible, and therefore acceptance of data must be done through 
electronic verification. However, within the FEMA IHP program we found 
significant fraud related to expedited assistance payments that were 
made prior to any physical inspection being performed. In the cases we 
found, many fraudulent registrations could have been identified and 
rejected if inspections were performed because they would have seen 
that properties did not even exist, as we found when performing our own 
inspections. For example, FEMA failed to perform physical inspections 
on our undercover registrations, which used completely bogus property 
addresses and vacant lots. Had a physical inspection been performed, 
FEMA could have identified the fraudulent information and denied the 
expedited and rental assistance payments. 

System Edit Controls: 

Disaster relief programs must also have a network of system pre-payment 
edit checks in place to ensure that obviously false or duplicate 
information is not used to receive disaster relief payments. System 
edit checks can be performed before or after a registration is accepted 
into the system, but to be an effective preventive control, they must 
be performed prior to the distribution of a payment. Edit checks should 
include items such as ensuring that the same SSN was not used on 
multiple registrations, or that the registrant provides a verifiable 
physical address for which the disaster damaged is based on. In the 
case of FEMA's IHP program, we found the lack of effective system edit 
checks allowed numerous individuals to fraudulently register numerous 
times and receive multiple payments using the same name, social 
security number, or address. In one case, the lack of controls allowed 
an individual to register eight times using the same name and SSN and 
receive multiple disaster assistance payments. In addition, accepting 
applications with obviously inaccurate data exposed FEMA to the risk 
that disbursements would be made based on obviously false data. For 
example, we found during our work that FEMA paid millions of dollars in 
IHP payments to individuals who used a Post Office Box as their damaged 
physical address in order to receive assistance. In those cases system 
edits should have identified the Post Office Box as an invalid physical 
address and forced the applicant to provide a valid street address for 
the damage property in order to be considered for disaster assistance. 

Results of our work also showed that agencies must follow through and 
accurately implement--and not short-change--existing system edit checks 
to provide assurance that the program is protected. We found in the 
course of our work that FEMA had designed controls that may have 
prevented some fraudulent payments. However, our work also indicated 
that these controls were circumvented, for example, when FEMA designed 
scripts to override system edit checks that had identified 
registrations as potential duplicates, in an effort to disburse funds 
as quickly as possible. Adhering to existing control procedures is 
therefore also crucial when maintaining effective fraud prevention. 

Fraud Training and Field Testing: 

Beyond the uniform recording and validation of data, other controls, 
including a well-trained work force that is aware of the potential for 
fraud, can help prevent fraud. Personnel involved in a disaster 
program, including government employees and call center and inspection 
contractors, should receive training about the potential for fraud 
within the program and the likely types of fraud they could encounter. 
Fraud awareness training with frontline personnel is crucial because 
they are part of the first line of defense and therefore play a key 
role in fraud prevention. If the personnel accepting registrations and 
performing physical inspections of properties and documents are aware 
of fraud indicators and suspicious activities, they will help to 
identify potentially fraudulent activity as soon as it occurs. Where 
possible, incentives can be provided to contractors not just to process 
registrations and claims quickly, but also to prevent fraud. 

In addition, when implementing any new controls, it is important to 
field test all systems prior to putting them in place. As stated in a 
recent testimony on the IHP program, FEMA acknowledged that they had 
instituted several new processes that had not been tested. Weaknesses 
in these new processes, including the lack of validation controls over 
key data elements, resulted in our findings of approximately $1 billion 
dollars in potential fraud in the IHP program. On top of reducing the 
risk of untested controls allowing substantial fraud, field-testing 
also helps to ensure that new controls do not improperly deny benefits 
to valid registrants. A safety net for those registrants who are 
wrongly denied disaster relief due to preventive controls should always 
be in place to ensure they receive assistance. This process should 
include staff who are adequately trained to expeditiously handle 

Detection and Monitoring: 

Even with effective preventive controls, there is substantial residual 
risk that fraudulent registrants are likely to gain access to a 
disaster relief program and begin to receive payments. Therefore, after 
a registrant has successfully passed through upfront controls and begun 
to receive payments, our work at FEMA illustrated that agencies must 
continue their efforts to monitor the execution of the disaster relief 
program. Detection and monitoring efforts are addressed in the 
Standards for Internal Control in the Federal Government[Footnote 7] 
and include such activities as data-mining registrations, which have 
received payments, ensuring accountability over funds and monitoring 
how the disaster assistance is being spent, and establishing mechanisms 
to identify the existence of fraud. Figure 3 provides a perspective on 
how these controls fit into an overall fraud prevention program. 

Figure 3: Detection and Monitoring Controls: 

[See PDF for image] 

Source: GAO. 

[End of figure] 

Data-mining of registration data within the program should be done to 
look for suspicious information after payments have been made. Along 
with data-mining efforts, proper accountability controls over the 
distribution of funds and the monitoring of fund usage is key to 
obtaining reasonable assurance that relief payments are being used to 
mitigate the effects of a disaster. Also, setting up hotlines to 
identify potential frauds is an important activity that should be in 
place when distributing disaster funds. Finally, any lessons learned 
from detection and monitoring efforts should be used to improve 
preventive controls to reduce the risk for fraud, waste, and abuse in 
the future. 


Despite effective preventive controls, there is still risk for fraud, 
waste, and abuse within disaster programs once payments are made. 
Therefore, it is important that program managers continuously data mine 
registrations for suspicious activity. A robust data-mining program can 
include many different efforts. Examples of fraud indicators include 
but are not limited to searching for anomalies like those found at 
FEMA, including multiple payments sent to the same address or bank 
account. Abnormalities such as numerous residents in a damaged 
apartment building all relocating to the same location may also suggest 
fraud. Comparing recipient data against other government assistance 
programs such as databases containing information on Red Cross or FEMA 
paid for hotel rooms can help to identify duplication of benefits 
between programs. However, due to the difficulties of collecting 
overpayments, system edit checks that occur prior to payments being 
made are preferable to data-mining after payments have occurred. 

The data-mining we performed on FEMA's IHP program showed how important 
constant monitoring and detection can be. We searched for and found 
examples where the same individual received several rental assistance 
checks from FEMA while at the same time residing in a hotel room paid 
for by FEMA. We also found instances where multiple family members from 
the same household registered numerous times and received duplicate 
payments. Using external databases of federal and state prisoners, we 
found instances where prisoners had fraudulently registered for and 
received disaster relief payments while incarcerated. As shown by our 
examples, data-mining efforts should be done in a manner that uses 
creative solutions to search for potential fraud using all available 
data sources. To the extent that data-mining identifies systematic 
fraud, that intelligence should be fed back into the fraud prevention 
process and system edits so that for future disasters the fraud is 
detected before money is disbursed. 

Accountability and Proper Use of Relief Payments: 

When part of the disaster assistance comes in the form of cash or a 
cash equivalent such as a debit card, our work at FEMA shows that it is 
crucial for agencies to maintain strict accountability over who has 
received the assistance. This can be achieved by obtaining signatures 
of release from an agency official and, if appropriate, from the 
issuing bank official, along with a signature of acceptance from the 
relief recipient. Agencies should also be able to link each 
distribution of cash to a specific applicant. In the case of FEMA and 
their distribution of debit cards, adequate accountability was not 
maintained, resulting in more than $1 million worth of debit cards 
being distributed without a record of who received them. 

In addition, depending on the type of assistance provided and the means 
in which the assistance was distributed, it can be important for an 
agency to monitor the usage of disaster relief funds. Our review of 
FEMA's IHP program found that almost all money was distributed via 
check or EFT, which did not allow us to review whether the money was 
spent on disaster-related needs. A small amount, approximately $80 
million, of IHP money was distributed via debit cards, which allowed us 
to see whether funds were being used appropriately. In this case, the 
vast majority of debit card money was still withdrawn as cash, but the 
remaining amount appeared to have been used for disaster-related needs. 
However, we did find a small number of purchases for nondisaster items 
such as football tickets, alcohol, massage parlor services, and adult 
videos. By monitoring these types of uses and contacting and possibly 
penalizing those who misuse funds, agencies may be able to ensure that 
disaster funds are used to help mitigate losses and not for 
inappropriate items. 

Fraud Hotlines: 

To detect existing fraud and prevent new cases in the future, agencies 
should also set up mechanisms to identify and investigate existing 
cases. The use of hotlines where individuals can anonymously call and 
report potential fraud can provide valuable investigation leads. The 
Department of Homeland Security (DHS) Office of Inspector General set 
up one such hotline specifically dedicated to fraud related to 
hurricanes Katrina and Rita. Similar hotlines are useful within any 
disaster relief program to help identify any fraudulent activity not 
caught by controls. In conjunction with fraud identified through data- 
mining or hotline tips, agencies should have in place teams ready to 
investigate leads, not only for future prosecution, but also to provide 
suggestions for how the fraud can be prevented in the future. 

Investigations and Prosecution of Offenders: 

The final aspect of a program designed to reduce fraud in a disaster 
assistance program is the investigation and aggressive prosecution of 
individuals who have fraudulently received disaster assistance. 
Suspicious cases identified through preventive, detective, and 
monitoring controls, along with hotline tips, should be referred to 
investigators for further review. In the course of our work performed 
on IHP fraud for hurricanes Katrina and Rita, we identified tens of 
thousands of potentially fraudulent registrations. We have already 
referred thousands of those cases to FEMA and the Katrina Fraud Task 
force for further investigation and expect to refer others for 
additional investigation and possible prosecution. While the criminal 
investigative process is general a lengthy process, we are aware that 
several individuals that we referred have already been indicted. This 
included one individual indicted for fraudulently obtaining over 
$25,000 from FEMA based on bogus registrations. Figure 4 displays how 
investigations and prosecutions fit into an overall fraud prevention 

Figure 4: Investigations and Prosecutions: 

[See PDF for image] 

Source: GAO. 

[End of figure] 

While investigations and prosecution can be the most visible means to 
deal with fraudsters, they are also the most costly and should not be 
used in place of other more effective controls. Instead, agencies need 
to focus on prevention before money is spent. Still, by successfully 
prosecuting fraudsters, agencies can deter others who are thinking of 
taking advantage of disaster programs. In the end, investigations and 
prosecutions are a necessary part of an overall fraud prevention and 
deterrence program, but should be a last resort when all other controls 
have failed. In addition, knowledge from these investigations and 
prosecutions should be fed back into the fraud prevention process to 
better handle future disasters and enhance existing fraud prevention 
and detection programs. 

Concluding Comments: 

Managers of federal disaster assistance programs face a dual challenge-
-delivering aid as quickly as possible while at the same time ensuring 
that relief payments go only to those who are truly in need. To meet 
this dual challenge, managers must recognize that fraud prevention and 
the rapid distribution of assistance are not conflicting mandates; 
instead, both can be accomplished if effective controls are in place 
and operating as intended. Of the controls discussed today, fraud 
prevention controls are the most useful and cost-effective means of 
reducing the loss of money due to fraud, because payments, once out the 
door, have proven extremely difficult to recover. Implementing an 
effective system of fraud prevention controls including upfront 
controls, post payment detection and monitoring, and prosecuting those 
who have exploited control weaknesses are crucial to building the 
American taxpayer's confidence that federal disaster assistance is 
given to those in need. 

Mr. Chairman and members of the Committee, this concludes my statement. 
I would be pleased to answer any questions that you or other members of 
the Committee have at this time. 

Contacts and Acknowledgements: 

For further information about this testimony please contact Gregory 
Kutz at (202) 512-7455 or Contact points for our Offices 
of Congressional Relations and Public Affairs may be found on the last 
page of this testimony. 

Major contributors to this testimony include Jennifer Costello, Jason 
Kelly, John Kelly, Sun Kim, John Ledford, Jennifer Leone, Barbara 
Lewis, Jonathan Meyer, John Ryan, and Tuyet-Quan Thai: 


[1] In the aftermath of a disaster, the federal government typically 
activates numerous programs to help disaster victims. Examples of 
programs include individual assistance, public assistance, and hazard 
mitigation. Individual assistance provides financial and other direct 
assistance to individuals and households. Public assistance provides 
grants to states, local governments, and non profit organizations to 
provide services such as debris removal and housing accommodations to 
disaster victims. Hazard mitigation provides grants for long-term 
hazard mitigation projects. 

[2] GAO, Expedited Assistance for Victims of Hurricanes Katrina and 
Rita: FEMA's Control Weaknesses Exposed the Government to Significant 
Fraud and Abuse, GAO-06-403T, (Washington, D.C.: Feb. 13, 2006). 

[3] GAO, Hurricanes Katrina and Rita Disaster Relief: Improper and 
Potentially Fraudulent Individual Assistance Payments Estimated to Be 
Between $600 Million and $1.4 Billion, GAO-06-844T, (Washington, D.C.: 
June. 14, 2006). 

[4] The Federal Managers' Financial Integrity Act of 1982 (FMFIA) 
required that GAO issue standards for internal control in government 
resulting in the issuance of Internal Control: Standards for Internal 
Control in the Federal Government, GAO/AIMD-98-21.3.1, (Washington, 
D.C.: November, 1999). 

[5] GAO/AIMD-98-21.3.1. 

[6] For purposes of this testimony, data validation refers to the 
process of comparing data provided by a registrant with publicly 
available data (e.g., credit reports) or government databases to ensure 
accuracy. Data authentication refers to the process of periodically 
authenticating data that have been validated by third-party contractors 
with source databases such as SSA or Internal Revenue Service records. 

[7] GAO/AIMD-98-21.3.1. 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site ( Each weekday, GAO posts 
newly released reports, testimony, and correspondence on its Web site. 
To have GAO e-mail you a list of newly posted products every afternoon, 
go to and select "Subscribe to Updates." 

Order by Mail or Phone: 

The first copy of each printed report is free. Additional copies are $2 
each. A check or money order should be made out to the Superintendent 
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or 
more copies mailed to a single address are discounted 25 percent. 
Orders should be sent to: 

U.S. Government Accountability Office 441 G Street NW, Room LM 
Washington, D.C. 20548: 

To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202) 

To Report Fraud, Waste, and Abuse in Federal Programs: 


Web site: E-mail: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Gloria Jarmon, Managing Director, (202) 512-4400 U.S. 
Government Accountability Office, 441 G Street NW, Room 7125 
Washington, D.C. 20548: 

Public Affairs: 

Paul Anderson, Managing Director, (202) 512-4800 
U.S. Government Accountability Office, 441 G Street NW, Room 7149 
Washington, D.C. 20548: