fraud

FEMA has instituted several effective mechanisms to demonstrate the importance of fraud prevention in its disaster assistance programs, but it needs to do more.  In line with our 2011 audit report recommendations, FEMA now uses standard system queries and additional business rules to flag potentially fraudulent disaster assistance applications.  However, FEMA must take additional, proactive steps to create and sustain a culture of fraud prevention and awareness.  This includes adequately staffing the Fraud and Internal Investigations Division, implementing an effective process to monitor and discourage staff noncompliance with required fraud training requirements, and establishing a clear and consistent process for reporting suspected fraud.  We made five recommendations for FEMA to demonstrate its commitment to fraud prevention in carrying out its disaster assistance programs.  FEMA concurred with all of our recommendations and has begun implementing corrective actions.

Prompted by the suspicious cyber activities on election systems in 2016, Secretary Jeh Johnson designated the election infrastructure as a subsector to one of the Nation’s existing critical sectors. Our audit objective was to evaluate the effectiveness of the Department’s efforts to coordinate with states on securing the Nation’s election infrastructure. DHS has taken some steps to mitigate risks to the Nation’s election infrastructure; however, improved planning, more staff, and clearer guidance could better facilitate the Department’s coordination with state and local officials. Specifically, despite Federal requirements, DHS has not completed the plans and strategies critical to identifying emerging threats and mitigation activities, or established metrics to measure progress in securing the election infrastructure. Senior leadership turnover and insufficient guidance and administrative staff have hindered DHS’ ability to accomplish such planning.

The Government Charge Card Abuse Prevention Act of 2012 (Charge Card Act) requires the Office of Inspector General to conduct an annual risk assessment and periodic audits on agency charge card programs. We conducted this audit to determine whether the Department of Homeland Security implemented internal controls to prevent illegal, improper, and erroneous purchases and payments. During fiscal year 2016, DHS reported spending approximately $1.2 billion in purchase, travel, and fleet card transactions. Although the Department has established internal controls for its charge card programs, the components we reviewed did not always follow DHS’ procedures. Our testing results of purchase, travel, and fleet card transactions revealed internal control weaknesses. Specifically, we found major internal control weaknesses that persisted at the United States Coast Guard and some control weaknesses within CBP’s Fleet Card Program.

This is a Department of Homeland Security, Office of Inspector General management alert to make the Federal Emergency Management Agency (FEMA) and its partners aware of active attempts — observed during our ongoing disaster oversight work in Puerto Rico — to profit from disaster survivors seeking FEMA assistance. We observed posted notices featuring a logo similar to FEMA’s, advertising paid services to complete the FEMA disaster assistance application on behalf of survivors. These services appear to be associated with FEMA, but actually are not, and demand a fee for services FEMA provides at no cost.

To complete the disaster assistance application forms, the paid service requires disaster survivors to provide their Personally Identifiable Information (PII) — such as their social security number, household annual income, and bank account numbers — to a third party, which exposes survivors to unnecessary risks.

We determined that the Contract Officer and Project Officer performed their duties according to Federal statutes, program guidance, and the IDIQ contract. In addition, there does not appear to be any internal control issues related to the segregation of duties related to contract purchases and receipt of goods.  We made no recommendations and FEMA concurred with our determination.

We determined that FEMA did not implement our recommendations and suspended improvements on existing information technology systems. We recommended that FEMA include an enterprise solution in its Grants Management Modernization platform for tracking applicant compliance with the Public Assistance Program insurance requirements that are a condition of receiving a disaster assistance grant.