Summary
In the wake of Hurricanes Katrina and Rita, the Federal Emergency Management Agency (FEMA) faced the challenge of providing assistance quickly while having sufficient controls to provide assurance that benefits were paid only to those eligible under the Individuals and Households Program (IHP). On February 13, 2006, GAO testified on the initial results of its ongoing work related to whether (1) controls are in place and operating effectively to limit assistance to qualified applicants, (2) indications exist of fraud and abuse in the application for and receipt of assistance payments, and (3) controls are in place and operating effectively over debit cards to prevent duplicate payments and improper usage.
GAO identified significant flaws in the process for registering disaster victims that leave the federal government vulnerable to fraud and abuse of expedited assistance (EA) payments. For Internet applications, limited automated controls were in place to verify a registrant's identity. However, there was no independent verification of the identity of those who applied for disaster assistance via the telephone. GAO demonstrated the vulnerability inherent in the call-in applications by using falsified identities, bogus addresses, and fabricated disaster stories to register for IHP. FEMA's automated system frequently identified potentially fraudulent registrations, such as multiple registrations with identical social security numbers (SSN) but different addresses. However, the manual process used to review these flagged applications did not prevent EA and other payments from being issued. Other control weaknesses include the lack of any validation of damaged property addresses for both Internet and telephone registrations. Given these weak or nonexistent controls, it is not surprising that GAO's data mining and investigations showed substantial potential for fraud and abuse of EA. Thousands of registrants misused IHP by applying for assistance using SSNs that were never issued or belonged to deceased or other individuals. GAO's case study investigations of several hundred registrations also indicate the use of bogus damaged property addresses. Visits to over 200 of these damaged properties in Texas and Louisiana showed that at least 80 of these addresses were bogus--including vacant lots and nonexistent apartments. FEMA also made duplicate EA payments to about 5,000 of the nearly 11,000 debit card recipients--once through the distribution of debit cards and again by check or electronic funds transfer. In addition, while debit cards were used predominantly to obtain cash, food, clothing, and personal necessities, a small number were used for adult entertainment, bail bond services, and weapons purchase, which do not appear to be items or services required to satisfy disaster-related needs.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change
from "In process" to "Implemented" or "Not implemented" based on our follow up work.
Director:
Team:
Phone:
Gregory D. Kutz
Government Accountability Office: Financial Management and Assurance
(202) 512-9505
Recommendations for Executive Action
Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should establish an identity verification process for Individuals and Households Program (IHP) registrants applying via both the Internet and telephone, to provide reasonable assurance that disaster assistance payments are made only to qualified individuals. Within this process DHS and FEMA should establish detailed criteria for registration and provide clear instructions to registrants on the identification information required, create a field within the registration that asks registrants to provide their name exactly as it appears on their Social Security Card in order to prevent name and Social Security Number (SSN) mismatches, fully field test the identity verification process prior to implementation, ensure that call center employees give real-time feedback to registrants on whether their identities have been validated, and establish a process that uses alternative means of identity verification to expeditiously handle legitimate applicants that are rejected by identity verification controls.
Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should develop procedures to improve the existing review process of duplicate registrations containing the exact same SSN and to identify the reasons why registrations flagged as invalid or as potential duplicates have been overridden and approved for payment.
Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should establish an address verification process for IHP registrants applying via both the Internet and telephone, to provide reasonable assurance that disaster assistance payments are made only to qualified individuals. Within this process DHS and FEMA should create a uniform method to input street names and numbers and apartment numbers into the registration, institute procedures to check IHP registration damaged addresses against publicly available address databases so that payments are not made based on bogus property addresses, fully field test the address verification process prior to implementation, ensure that call center employees can give real time feedback to registrants on whether addresses have been validated, and establish a process that uses alternative means of address verification to expeditiously handle legitimate applicants that are rejected by address verification controls.
Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should explore entering into an agreement with other agencies, such as the Social Security Administration, to periodically authenticate information contained in IHP registrations.
Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should establish procedures to collect duplicate expedited assistance payments or to offset these amounts against future payments. Such duplicate payments include the payments made to IHP recipients who improperly received the $2,000 debit cards and an additional $2,000 EA check or Electronic Funds Transfer (EFT) and the thousands of duplicate EA payments made to the same IHP registration number.
Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should ensure that any future distribution of IHP debit cards includes instructions on the proper use of IHP funds, similar to those instructions provided to IHP check and EFT recipients, to prevent improper usage.
Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency
Status: In process
Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.
