Hurricanes Katrina and Rita destroyed homes and displaced millions of individuals. While federal and state governments continue to respond to this disaster, GAO has identified significant control weaknesses--specifically in the Federal Emergency Management Agency (FEMA)'s Individuals and Households Program (IHP) and in Department of Homeland Security (DHS)'s purchase card program--resulting in significant fraud, waste, and abuse. In response to the numerous recommendations GAO made, DHS and FEMA have reported on numerous actions taken to address our recommendations. Lessons learned from GAO's prior work can serve as a framework for an effective fraud prevention system for federal and state governments as they consider spending billions more on disaster recovery. These lessons are particularly important because funding that is lost to fraud, waste, and abuse reduces the amount of money that could be delivered to victims in need. Today's testimony will (1) describe key findings from past GAO work and (2) use the results from that work and GAO's other experiences to discuss the importance of an effective fraud, waste and abuse prevention program.

Prior GAO audit and investigative work on FEMA's controls over IHP payments and DHS's controls over purchase cards emphasizes one fundamental concept--that fraud prevention is the most effective and efficient means of minimizing fraud, waste, and abuse. GAO estimates that FEMA made about 16 percent or almost $1 billion dollars in improper and potentially fraudulent IHP payments to registrants who applied using invalid information, illustrating what can happen when fraud prevention controls are ineffective. For example, GAO found that FEMA made payments based on bogus damaged addresses, false identities, and identities belonging to federal and state prisoners. These findings highlight the need for effective controls over all types of recovery disbursements. With effective planning, relief agencies should not have to make a choice between speedy delivery of disaster recovery assistance and effective fraud prevention. Finally, GAO's findings of significant control weaknesses in DHS's purchase card program leading to fraud, waste, and abuse further underline the need for an effective framework for fraud prevention, monitoring, and detection. Our work on disaster assistance programs in particular show that preventive controls should be designed to include, at a minimum, a requirement that data used in decision making is validated against other government or third-party sources to determine accuracy. Inspections and physical validation should also be conducted whenever possible to confirm information prior to payment. System edit checks should also be used to identify problems before payments are made. Finally, providing training on fraud awareness is important in stopping fraud before it gets into any type of recovery program. Fraud detection and monitoring is also critical, although more costly and less effective than preventive controls. Key elements of detection include data mining for fraudulent information and performing reviews to establish the accountability of property and funds. The final element of a fraud prevention program is the collection of identified improper payments and the aggressive investigation and prosecution of individuals who commit fraud as a preventive measure for future disasters. These elements are most costly, and collecting money after it has been disbursed is far less effective than up front prevention--FEMA has collected only $7 million of the estimated $1 billion in potential improper and fraudulent IHP payments.