U.S. Senate Committee on Environment & Public Works
U.S. Senate Committee on Environment & Public Works
Hearing Statements
Date:   09/24/2003
 
Statement of Rick Skinner
Deputy Inspector General
The Department of Homeland Security

FEMA Oversight.

Good morning Mr. Chairman and Members of the Subcommittee. I am Richard L. Skinner, Deputy Inspector General of the Office of Inspector General (OIG) for the Department of Homeland Security, which includes the Federal Emergency Management Agency (FEMA).

Thank you for the opportunity to be here today to discuss the work of the OIG in response to the unparalleled terrorist events of September 11, 2001, as well as our perspective on FEMA’s merger into the new Department of Homeland Security.

First let me address our work in New York following the September 11, 2001, terrorist attacks.

OIG RESPONSE TO SEPTEMBER 11

September 11, 2001, resulted in catastrophic physical damage and loss to the business and residential infrastructure in the lower part of the Borough of Manhattan. FEMA applied the full range of authorized disaster assistance programs to the post-disaster needs of the City of New York and its individuals, including Public Assistance grants, Temporary Housing (specifically Mortgage and Rental Assistance), Individual and Family Grants, Disaster Unemployment Assistance, Crisis Counseling Assistance and Training, and Legal Services. FEMA, however, due to the unique circumstances of this disaster, (i.e., managing the consequence of a terrorist attack rather than the consequences of hurricanes, tornadoes, or floods), had to use its authorities and programs more broadly than it ever had before. FEMA’s authorities were not adequate to meet everyone’s expectations in recovering from the unprecedented needs created by this event.

The FEMA OIG deployed teams of auditors, inspectors, and investigators from Headquarters and various field offices in early October 2001 to the New York City Disaster Field Office (DFO). Our mission was to assist the Federal Coordinating Officer (FCO) in reviewing and assessing procedures, practices, and controls in place throughout the operation, to identify and prevent fraud, and to assure FEMA’s Director that all possible actions were being taken to protect public welfare and to ensure the efficient, effective, and economic expenditure of federal funds. One team of auditors and inspectors worked directly with the FCO and monitored set-up and operation of the DFO. Another team of auditors worked with the FEMA public assistance staff and a team of inspectors worked with the FEMA individual assistance staff. Several teams of investigators worked round the clock at the DFO and at ground zero.

GENERAL MANAGEMENT OVERSIGHT

We worked in direct support of the FCO to respond to specific requests and addressed matters that independently came to our attention. Some of the tasks we performed related to accounting and auditing, but some were as varied as tracking down missing copy machines. We worked closely with a team of FEMA comptrollers and OGC representatives, helping them with a wide assortment of financial matters. We also worked with other Federal agencies, as well as State and city organizations and voluntary agencies. Our support included establishing a partnership with program staff to identify and suggest courses of action with regard to potential and emerging issues regarding duplication of benefits, donations management, accountable property, program limitations and administration, DFO training, safety and security. We identified a number of significant issues and made recommendations for improvement.

INVESTIGATIVE INTIATIVES

Our Office of Investigations processed 787 fraud complaints and resolved or closed 771 of them. Sixteen complaints remain open. We continually receive new complaints through the DHS OIG fraud hotline, FEMA personnel, and numerous federal, state, and local agencies. We have opened 112 criminal investigations and have received 89 indictments and arrested 86 individuals. We have recovered $922,028, received restitution of $6,729,728, issued fines of $1,686,538, and reported cost savings of $7,429,502.

PUBLIC ASSISTANCE OVERSIGHT

The FEMA OIG responded to the World Trade Center attack as a partner to FEMA’s response and recovery components. We deployed a team of auditors to monitor public assistance operations and assist in reviewing requests for assistance. This team maintained a presence for more than a 1½ years working with FEMA public assistance staff to ensure that recovery efforts were on track and complied with federal laws and regulations.

Our efforts were far from the traditional role of the OIG, but this was an extremely unique situation, and we were able to contribute significantly to the effectiveness of FEMA’s response by providing proactive oversight rather than hindsight. Early in the process we briefed applicants on how to qualify for FEMA assistance and maintain records, and we reviewed accounting systems of some of the local governments to ensure they were adequate for collecting necessary cost data.

We reviewed requests for funding and the detailed worksheets for proposed projects and met with public assistance program staff on a regular basis to provide them technical assistance on cost allowability. At FEMA’s request, we reviewed questionable bills submitted by applicants for payment and FEMA’s implementation of its policy on heightened security eligibility.

We did not conduct any traditional grant compliance audits of public assistance grants, nor did we audit any costs incurred under the Consolidated Appropriations Resolution Act of 2003, which provided that costs not eligible for public assistance funding, referred to as associated expenses, will be funded with the remainder of the $8.8 billion of authorized FEMA funding. FEMA estimates that $7.6 billion will be required for Stafford Act purposes and $1.2 billion will be used for associated expenses. Associated expenses include such costs as local government employees’ salaries, heightened security costs, and the I Love NY campaign to encourage visitors to the state.

INDIVIDUAL ASSISTANCE REVIEW

In response to Congressional inquiries, the FEMA OIG reviewed FEMA’s delivery of individual assistance in New York after September 11, 2001. The review focused on issues that need to be addressed by both FEMA and Congress as they consider regulatory and legislative changes to improve FEMA’s delivery of assistance to victims of future terrorist attacks that result in presidential disaster declarations. Following is a summary of issues raised during our review.

Eligibility Issues in the Mortgage and Rental Assistance Program

FEMA historically has not had to implement the Mortgage and Rental Assistance (MRA) program on a large scale because previous disasters did not coincide with nor result in widespread unemployment and national economic losses. From the inception of MRA until September 11, 2001, only $18.1 million had been awarded under the program for 68 declared disasters, compared to approximately $76 million as a result of the New York disaster alone.[1] Because it was seldom used, Congress eliminated the program when it enacted the Disaster Mitigation Act of 2000 (DMA 2000) making the program unavailable after May 1, 2002.

FEMA had to face the challenge of implementing this program in a disaster that caused significant economic consequences, including not only the obvious economic impact of the incident itself but also the indirect economic effects felt throughout the country. The language of the Stafford Act’s MRA authority establishes as a criterion for assistance a written notice of dispossession or eviction. The law is silent, however, on what constitutes a financial hardship. This omission required FEMA to interpret to what extent a personal financial loss constitutes a financial hardship, and to determine if that hardship resulted directly from the primary effects of the attacks or from secondary effects on the nation.

The MRA program’s limited use, the broad economic impact of this unprecedented event, and FEMA’s challenge to differentiate between primary and secondary economic effects contributed to difficulties in delivering timely and effective assistance. The MRA program is unique because it addresses limited, individual economic losses versus physical damage resulting from a disaster. Traditional inspection of damages as a basis for program eligibility, therefore, does not apply to MRA. Individual financial hardships caused by the disaster must be evaluated case-by-case. FEMA attempted to clarify eligibility criteria that required a clear link between physical damage to the business or industry caused by the disaster and an applicant’s loss of household income, work, and/or employment regardless of geographic location.

In summary, the MRA program, if reinstated, could continue to meet a fairly narrow economic need but would still require legislative revision to make it less complicated to administer. A broader, more flexible program, however, would more appropriately meet the range of economic losses experienced after events such as the September 11, 2001, terrorist attacks. The OIG believes FEMA should explore such a program with Congress. In doing so, Congress may wish to consider studying other existing mechanisms within the federal government as possible vehicles through which broader assistance could be provided.

State Capability to Implement the Individual and Family Grants Program

The Stafford Act authorizes the Individual and Family Grants (IFG) program to meet disaster related necessary expenses or serious needs of disaster victims that could not be met through other provisions of the Stafford Act or through other means, such as insurance; other Federal assistance; or voluntary agency programs. Eligible expenses may include those for real and personal property, medical and dental expenses, funeral expenses, transportation needs, and other expenses specifically requested by the State.[2]

Applications for IFG assistance rose sharply in June 2002, as applicants requested assistance for the air quality items. FEMA believes the increase in new applications coincided with public announcements being made by the U.S. Environmental Protection Agency (EPA) regarding the poor air quality in the City and the need for air-conditioning and related items because of the unusually warm spring and early summer. The State believes the surge in new applications coincided with the closing of the nonprofit programs. FEMA received an average of 7,660 applications per month from June to August 2002 for air-quality items. Applications for IFG assistance typically do not spike at this point in the recovery phase of a disaster.

The unanticipated increase in applications received after June 2002 also may be related to two other decisions regarding assistance for air-quality items. First, assistance was made available to all households in the five boroughs of New York City. The broad geographic eligibility was not related to the areas of actual impact. A better model might have been to limit eligibility to the same areas identified by EPA and the New York City Department of Health for purposes of the apartment cleaning and testing program. If the IFG program and the EPA testing and cleaning program had worked more closely together in terms of geographic eligibility, the program would have had reasonable and justifiable boundaries. Second, as a result of concerns expressed by certain advocacy groups, applicants were allowed to certify that they were unable to pay for the air-quality items (costing as much as $1600). Funding was advanced to those applicants and they were requested to provide receipts after purchase. There were few limitations placed upon who could qualify for this “unable to pay” option. This may also have increased the likelihood of fraud and abuse.

INTERAGENCY COORDINATION CHALLENGES

Responsibilities shared among FEMA, EPA, and the U.S. Department of Justice (DOJ) Office for Victims of Crime were not defined clearly enough to distinguish roles and establish the sequence of delivery of assistance. Recovery from the September 11, 2001, event highlighted the need for advance agreements regarding shared roles and responsibilities among key agencies likely to respond to future events.

Response To Residential Air Quality, Testing, And Cleaning Requires More Coordination

EPA was aware, based on its work in the aftermath of the 1993 WTC terrorist bombing, that the WTC towers contained asbestos material. Neither FEMA nor New York City officials, however, initially requested that EPA test or clean inside buildings because neither EPA nor the New York City Department of Environmental Protection (NYCDEP) could identify any specific health or safety threat. EPA nevertheless advised rescue workers early after the terrorist attack on the WTC that materials from the collapsed buildings contained irritants, and advised residents and building owners to use professional asbestos abatement contractors to clean significantly affected spaces. Directions on how to clean the exterior of buildings affected by dust and debris were provided to building owners by NYCDEP, and directions on how to clean interior spaces were provided by the New York City Department of Health.

Neither FEMA nor EPA traditionally has been involved in testing and cleaning private residences. Neither agency is specifically authorized to provide such services. However, when a potential health and safety threat was identified and New York officials documented that interior testing and cleaning would beneficially impact the City’s economic recovery, FEMA used its debris removal authorities under the Stafford Act to provide the necessary funding. Though the entire New York public cannot be serviced, the low level of applications for cleaning and testing, along with the low number of residences found with dangerous asbestos levels, may indicate that FEMA and EPA have addressed the need, or that individuals already have taken the initiative to clean their residences.

The program to test and clean residences in lower Manhattan did not commence until months after the disaster. Although FEMA has the responsibility to coordinate recovery from presidentially declared disasters, FEMA must depend on the particular expertise of EPA in circumstances involving possible air contaminants or environmental hazards. EPA must confirm that such hazards constitute a public health and safety threat before FEMA can provide funding for emergency response. FEMA should be more proactive in requesting EPA to conduct necessary testing and/ or studies to determine if a public health or safety threat exists in future, similar disasters so that cleaning efforts can begin much earlier in the recovery phase. FEMA also should address the roles of state and local agencies in such circumstances, as consultation with these agencies would provide useful information in review or evaluation.

Department of Justice Authorities Compliment FEMA Authorities

Because the September 11, 2001, terrorist attack sites were presidentially declared disasters resulting from criminal actions, both FEMA and the DOJ’s Office for Victims of Crime (OVC) had authority to provide victim assistance. FEMA’s Crisis Counseling Assistance and Training Program (CCP) providers found it necessary to offer support services that went beyond the normal levels of CCP mental health programs. Too many entities were involved at the outset to ensure coordination and avoid potential confusion of services provided to victims.

The September 11, 2001, attacks uncovered potential DOJ-FEMA overlaps in some programs covering disaster areas that are also crime scenes. FEMA’s CCP program funds crisis counseling and IFG program reimburse victims of disasters for medical, dental, and funeral expenses. The Victims of Crime Act of 1984, as amended (42 United States Code §10603), authorizes DOJ’s OVC to provide financial assistance to victims of federal crimes and of terrorism and mass violence in the form of (1) grants to state crime victim compensation programs to supplement state funding for reimbursement of the same out-of-pocket expenses, including mental health counseling; and (2) grants to state victim assistance agencies in support of direct victim services, i.e., crisis counseling, criminal justice advocacy, shelter, and other emergency assistance services.

FEMA, OVC, and DOJ’s Executive Office for United States Attorneys subscribed to a Letter of Intent to ensure that victims receive needed services and information and to articulate services needed in responding to catastrophic federal crime. The Letter of Intent should serve as the foundation for future cooperative activities but more detailed and comprehensive guidance is necessary to ensure that services delivered to disaster victims who are also victims of crime are appropriate, consistent, and not duplicative. These objectives could be accomplished through a Memorandum of Understanding between FEMA and DOJ’s OVC that formalizes the relationship, the responsibilities and authorities to be applied, programs, time frames, and sequencing when a disaster is also a crime scene.

Coordination with Voluntary Agencies

Voluntary Agencies (VOLAGS) typically provide immediate emergency assistance to victims, FEMA addresses short and long-term recovery needs, and, near the end of the recovery cycle, VOLAGS address victims’ unmet needs. After the September 11, 2001, terrorist attacks, individuals donated time, resources, and money in record volumes to a large number of VOLAGS. The overwhelming generosity and rapid influx of cash donations likely contributed to the ability of VOLAGS and other groups to provide higher levels of assistance. Since so many VOLAGS, ad hoc organizations, and other entities not traditionally in the sequence of delivery were distributing assistance, it was difficult to collect accurate information necessary to understand the scope of assistance being provided.

FEMA, attempting to bring order to the chaos created by the multitude of voluntary organizations, and developed a matrix of various government and non-government entities. At one point, this matrix included over 100 organizations and was used to identify their contributions to disaster recovery efforts and the types of assistance provided. FEMA validated the information and became familiar with the kinds of assistance being offered so that staff could make informed referrals. In spite of these efforts, FEMA was not able to ensure that all voluntary agencies were coordinated appropriately to ensure that benefits are not duplicated among disaster programs, insurance benefits, and/or any other types of disaster assistance.

Historically, FEMA has not considered the assistance of voluntary agencies to be duplicative under normal disaster conditions. In response to this event, however, VOLAGS far exceeded their traditional role in the provision of assistance. FEMA, to ensure timely assistance to victims, decided to activate its own IA program and to treat VOLAG and other non-governmental assistance as non-duplicative as it related to the events of September 11, 2001. Had FEMA expended the resources necessary to fully identify and quantify such assistance after September 11, 2001, the timely provision of urgently needed assistance would have been delayed. FEMA acknowledges, however, that some people may have received assistance for similar losses from more than one source.

Regardless of FEMA’s decision to not identify and quantify voluntary agency assistance on a case-by case basis, the potential that duplication occurred does exist although the nature and amount of duplication remain unknown. FEMA needs to be better able to anticipate the proactive role non-governmental organizations will play in disaster recovery operations and attempt to coordinate relationships with those organizations through protocols such as Memorandums of Understanding to alleviate the potential for duplicating benefits. The General Accounting Office (GAO) has also emphasized the need to improve coordination among charities and between charities and FEMA.[3]

UNMET NEEDS

Several gaps in authorizations appear to exist for FEMA and other federal agencies to address recovery needs of certain individuals and businesses. The OIG believes these gaps may be of concern in future disasters.

Federal Public Benefit Classification Limits IA Eligibility

Title IV of the Personal Responsibility and Work Opportunity Reconciliation Act of 1996 requires that Federal public benefits be provided only to United States citizens, non-citizen nationals, and qualified aliens. Under Title IV, the following FEMA IA programs authorized by the Stafford Act are considered federal public benefits:

* Temporary Housing Assistance * Unemployment Assistance * Individual and Family Grants Programs * Food Coupons and Distribution

Temporary Housing Assistance and the IFG program have been repealed and combined into one grant program, the Individuals and Households Program, under DMA 2000. This new program falls under the federal public benefit standard.

The recipient limitations imposed by the federal public benefit standard do not apply to some types of post-disaster assistance. Any victim may receive short-term, non-cash, in-kind emergency disaster relief, including emergency medical care, emergency mass care, emergency shelter, and other assistance provided by VOLAGS. Other recovery tasks also must occur without regard to limitations. These include clearing roads; constructing temporary bridges needed to perform emergency repairs and deliver essential community services; warning of further risk or hazards; disseminating public information; assisting victims with health and safety measures; providing food, water, medicine, and other essential goods; transporting supplies or persons; and otherwise reducing immediate threats to life, property, and public health and safety.

The September 11, 2001, disaster affected victims who are not United States citizens, non-citizen nationals, or qualified aliens but who were lawful residents of the United States under a valid immigration category or classification. Because these residents are not granted an alien status that would allow them to receive a federal public benefit, they were ineligible for assistance under the IA program. For example, individuals who possess an un-expired Employment Authorization Card, which permits lawful employment in the United States, are precluded from federal public benefit assistance. One immigration advocacy group estimates that as many as 80,000 lawfully present individuals in New York are not qualified for federal disaster assistance beyond the short-term emergency relief.[4]

FEMA should consider pursuing legislative changes that would exempt FEMA’s IA programs from the federal public benefit classification when victims needing IA are lawfully present in the United States at the time of the applicable disaster but may not have the qualified alien status required by Title IV of the Personal Responsibility and Work Opportunity Reconciliation Act of 1996.

FEMA Assistance For Non-Critical Private Non-Profit Service Organizations Is Limited

To be eligible for FEMA grant assistance, a Private Non-Profit (PNP) organization must fall within the Stafford Act’s definition of a PNP that provides an essential service of a governmental nature. This was true prior to DMA 2000 and DMA 2000 did not change the definition of an eligible PNP applicant. However, with DMA 2000, Congress created a two-tiered system of reimbursement for FEMA-eligible PNP’s. For eligible PNP facilities that provide “critical services,” FEMA may provide assistance for eligible work just as it did prior to DMA 2000. For eligible non-critical PNP facilities, DMA 2000 now requires the PNP to first apply to SBA. FEMA can then provide the PNP assistance if the PNP does not qualify for an SBA loan or if it obtains one in the maximum amount for which it is eligible.

The intent of Congress to limit grant assistance to “critical” PNP organizations without applying first for a loan, is unambiguous. Even the discretion given to the President to add to the list of “critical” PNP services is limited to a few emergency-related activities. The attacks of September 11, 2001, enabled the first significant test of this new approach to funding PNPs, and the reactions were predictable. PNPs that lost immediate access to grants as a result of DMA 2000—Colleges, Universities, and various providers of social services—understandably questioned the equity of the new law. While these changes were under consideration by Congress, concern surfaced that dividing PNP services into “critical” and “non-critical” categories would be perceived as inequitable and would, in fact, affect the relatively smaller and less well financially endowed organizations more substantially than larger organizations that enjoyed better, ongoing access to other forms of revenue.

On December 12, 2002, FEMA implemented a new policy, based on the President’s announcement to strengthen the Administration's compassion agenda by making it easier for America's faith-based and community groups to work with the federal government. FEMA’s new policy extends assistance to eligible and necessary faith-based organizations by broadening the eligibility of certain non-profit organizations to receive federal disaster assistance. This policy recognizes the statutory eligibility of PNP organizations that provide necessary and vital functions to local communities and is retroactive to January 20, 2001.

Congress may wish to reconsider this “critical” and “non-critical” PNP approach and either require all PNPs to apply first for an SBA loan, which would achieve greater cost-savings, or require no PNPs to apply for loans before qualifying for FEMA grants, which would level the playing field but increase the amount of federal grant assistance.

LEGISLATIVE ISSUES

Congress may wish to consider legislation to either reinstate the MRA program or develop a comparable program. Congress also might wish to consider whether FEMA or another federal agency should administer grants to small businesses that have been adversely affected by a disaster.

MRA Is Eliminated By The Disaster Mitigation Act of 2000

DMA 2000 amendments to the Stafford Act repealed the MRA program as a component of FEMA’s Temporary Housing Assistance for disasters declared on or after May 1, 2002. FEMA received an extension from Congress and has made this effective for all disasters declared on or after October 15, 2002. DMA 2000 also establishes a $25,000 cap on the Individuals and Households Program. These new limitations raise serious issues for addressing economic losses and financial hardships suffered by victims of events similar to this one. Congressional consideration may be warranted to better position FEMA to address economic issues in future acts of terrorism.

Grants To Small Businesses Were Made On An Ad Hoc Basis

In its November 2002 report, September 11, Small Business Assistance Provided in Lower Manhattan in Response to the Terrorist Attacks, GAO documented assistance made available under various grant and loan programs to both public and private entities. GAO reported, “The September 11, 2001 terrorist attacks on the World Trade Center had a substantially negative impact on the New York City economy, strongly affecting businesses, both large and small, and as disparate as financial services firms, travel agencies, and retail stores. Some businesses were destroyed, some displaced, and still others could not operate because of street closures and the lack of utilities. Many businesses still face a diminished client base and uncertainty about the future redevelopment of the World Trade Center site.” There is, however, presently no on-going federal program that provides grant support to businesses adversely affected by disasters, except in the instance of special legislation targeted to an event.

FEMA is prohibited by the Stafford Act from providing disaster assistance to businesses of any size. The Stafford Act provides funding, principally in the form of grants, to individuals, state and local governments, and certain private, non-profit organizations adversely affected by a disaster. SBA is authorized to provide loans, not grants, to businesses adversely affected by a disaster. SBA is administratively prohibited, however, from making loans to businesses that do not meet specific and generally established eligibility criteria. SBA was unable, for example, to make loans to businesses that did not meet the agency’s size standards or financial qualifications.

SBA’s limited ability to assist businesses financially after the September 11, 2001, event was recognized early in the response phase. FEMA, under special legislation, was already involved in compensating businesses adversely affected by the May 2000 Cerro Grande fire in northern New Mexico. Some members of Congress introduced legislation specific to the September 11, 2001, events that would allow FEMA to initiate a similar program in Lower Manhattan.[5] The bill would have authorized FEMA to compensate businesses in an amount generally not to exceed $500,000 for specified business losses. A companion bill was introduced in the House of Representatives. Neither bill, however, was enacted.

Alternatively, Congress enacted the Department of Defense and Emergency Supplemental Appropriations for Recovery From and Response to Terrorist Attacks on the United States Act of 2002, a provision of which allowed the State of New York to use Community Development Block Grant (CDBG) funds administered by the U.S. Department of Housing and Urban Development (HUD) to make Business Recovery Grants. GAO noted that the Business Recovery Grants covered, in total, about 17 percent of business losses that were not covered by insurance and New York City and State grants. GAO further reported that the Empire State Development Corporation, which is administering the Business Recovery Grant program, planned to increase payments to some businesses and thereby reduce the amount of their uncompensated economic losses.

Congress may wish to consider whether the federal government should be the insurer of last resort for all or part of disaster-related business losses. Such a policy decision would eliminate the need to respond on an ad hoc basis after each terrorist attack that results in a presidential disaster declaration. Factors that should be considered are whether the lack of such assistance in recovering from difficulties related to terrorist incidents could increase other federal response costs, such as DUA and MRA; and the respective roles of FEMA, SBA, and HUD in administering financial assistance to small businesses.

TRANSITIONING INTO DHS

As Undersecretary Brown noted in his testimony, FEMA has not missed a step in responding to disasters since becoming a part of DHS. In May of this year, we sent a team of auditors to monitor FEMA’s response and recovery efforts to a series of major tornadoes in Missouri. The caliber and effectiveness of FEMA’s response was the same high standard we have seen in the past.

In addition, the consolidation of first responder organizations within DHS offers opportunities for a better coordinated, more responsive, disaster response and recovery capability. In particular, the addition of Department of Health and Human Services programs to DHS and the creation of a National Incident Management System and a National Response Plan should add to that capability. The OIG plans to review those areas in the near future. However, the OIG has also transitioned into DHS, and our ability to provide oversight has been diluted due to the many non-FEMA priorities and demands being placed on our limited staff.

Notwithstanding the continued success of FEMA’s response and recovery efforts, there are still shortcomings in FEMA operations (see Attachment 2). Although we have not witnessed any changes in services, FEMA has many problems that need to be addressed and its ability to effectively address them is compounded by its merger into DHS. Areas of particular concern as FEMA transitions into DHS include FEMA’s financial management, the security of FEMA’s information technology (IT) systems, and grant management. Deficiencies in these areas could most certainly hamper the effective and efficient integration of FEMA programs and operations into DHS.

Regarding financial management, the OIG identified six material weaknesses in FY 2002 related to FEMA’s financial statement audit. For example, FEMA’s financial system functionality and financial reporting process both need significant improvement. This problem is exacerbated by other DHS components having similar problems.

Regarding IT security, The Office of Management and Budget scored FEMA’s e-gov status as unsatisfactory, and FEMA did not receive a passing grade for computer security from the House Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. FEMA is aware of its problems in IT management and is working to address the weaknesses.

Regarding grants management, FEMA has had longstanding problems, although it has made improvements and worked to develop a viable grants management program. Previous FEMA OIG reports have identified significant shortcomings in the pre-award process, cash management, monitoring, and grant closeout processes. This in turn has allowed grant recipients to misuse millions of dollars in federal funds each year.

In addition, although numerous grant programs are now consolidated within DHS, their management is divided among various components within the Department. Preparedness for terrorism is in the Border and Transportation Security directorate, while other preparedness efforts are in the Emergency Preparedness and Response directorate. This bifurcation will create additional challenges related to inter-departmental coordination, performance accountability, and fiscal accountability. Furthermore, program managers have yet to develop meaningful performance measures necessary to determine whether the grant programs being absorbed by DHS have actually enhanced state and local capabilities to respond to terrorist attacks and natural disasters. The OIG addressed these concerns in the early days of the Department’s creation (see Attachment 3). It is our understanding that this problem is now being addressed legislatively. Further, Secretary Ridge recently announced plans to centralize these programs within a single office of the Department.

In summary, although FEMA has made progress in many areas, additional improvement is needed, and the remaining problems will make an effective transition into DHS more difficult.

Conclusion

This concludes my written statement. Again, I appreciate the opportunity to testify before you today. I would be happy to answer any questions that you may have.

ATTACHMENT 1

FINANCIAL STATUS OF INDIVIDUAL ASSISTANCE PROGRAM

AS OF NOVEMBER 1, 2002

TEMPORARY HOUSING ASSISTANCE

Mortgage and Rental Assistance $76,275,000

Minimal Home Repair $1,450,000

Transient Accommodations $1,225,000

Rental Assistance $26,150,000

INDIVIDUAL AND FAMILY GRANTS $25,400,000

CRISIS COUNSELING ASSISTANCE AND TRAINING PROGRAM $162,400,000*

UNEMPLOYMENT ASSISTANCE $13,200,000

LEGAL SERVICES $2,000

TOTAL FEMA INDIVIDUAL ASSISTANCE FOR NEW YORK $306,102,000

ATTACHMENT 2

Federal Emergency Management Agency

Office of Inspector General

Washington, D.C. 20472

December 31, 2002

MEMORANDUM FOR: Joe M. Allbaugh

Director

signed

FROM: Richard L. Skinner

Acting Inspector General

SUBJECT: Management Challenges

The Office of Inspector General has identified the most serious management and performance challenges we believe FEMA is facing and the progress FEMA is making in addressing those challenges. We are required to provide this statement to you under the Reports Consolidation Act of 2000. This statement is to be included in the consolidated report described by the Act.

We believe, based on our work and our general knowledge of FEMA operations and programs, that FEMA must continue to focus attention on the following management and program initiatives to ensure public accountability and improve program effectiveness. Although FEMA managers acknowledge most of these issues and are addressing them to varying degrees, much work is left to be done to ensure that business is conducted economically and efficiently, and that appropriate program results are achieved.

Program Challenges

Homeland Security Transition. The President established the Department of Homeland Security on November 25, 2002. The mission of the Department is to develop, coordi­nate, and implement a comprehensive national strategy to secure the United States from terrorist threats or attacks. The Department is responsible for coordinating efforts to detect, prepare for, prevent, protect against, respond to, and recover from terrorist attacks within the United States. FEMA will transfer into the Department on March 1, 2003, as part of the Emergency Preparedness and Response Directorate. FEMA will continue to lead and support the nation in responding to and recovering from any destructive event, whether natural or man-made. FEMA will also continue its preparedness and mitigation programs for non-terrorist-related disasters. These programs will be coordinated with similar programs from the components of the Departments of Health and Human Services and Energy that are also transferring into the Emergency Preparedness and Response Directorate. FEMA will cooperate closely with the new Office for Domestic Prepared­ness in preparing for and mitigating terrorist activities. The challenges facing FEMA are many. Ther are concerns of FEMA losing its identity as an agency that is quick to respond to all hazards and disasters. Members of Congress and the general public have expressed concern that FEMA’s disaster response and recovery and mitigation missions will be diluted as it is absorbed into a much larger organization and that funding issues will limit FEMA’s ability to respond to disasters as it had in the past. Further, the integration of FEMA’s many management and financial information systems with those of other entities that will be brought into the Department will be a daunting task. This is of particular concern because of problems plaguing FEMA’s systems—lack of integration, security issues, and non-compliance with the Federal Financial Management Integrity Act. There are also concerns relating to the work force—FEMA’s most important asset. As with all entities being transferred to the Department, employees are concerned about their role and how the transfer will affect their job. FEMA is well aware of these issues and is addressing them as they arise through active communication with staff. FEMA’s experience in coordinating the Federal Response Plan will contribute to the success of the Department’s transition and integration efforts.

Disaster Response and Recovery. FEMA’s largest spending category is disaster relief. According to the President’s fiscal year 2003 budget proposal, $3.5 billion was obligated in that category in fiscal year 2001 and, due largely to the World Trade Center attack, $8.7 billion was estimated to be obligated in fiscal year 2002. Managing disaster re­sponse and recovery continues to be one of FEMA’s largest challenges. FEMA faces difficulties establishing disaster declaration criteria, reducing disaster response and recovery costs, managing its disaster workforce, ensuring the integrity of its many finan­cial assistance programs, and improving program services. FEMA has begun to address all of these problems. FEMA recently centralized deployment of the Disaster Assistance Employee cadre, for example, to improve the efficiency of disaster staffing; but much remains to be done.

Recent amendments to the Stafford Act increased FEMA’s challenges in managing disaster recovery. The amendments change estimating and payment procedures under the Public Assistance Grant Program, FEMA’s largest grant program. Disaster grant appli­cants will be paid based on damage estimates rather than actual damage repair costs. FEMA tested a similar approach, called the Grant Acceleration Program, after the Northridge Earthquake in Southern California. The test results reflected inflated esti­mates, extreme overpayments, and ineligible work performed at taxpayer expense. Finding solutions to these problems and instituting other changes required by the amendments, such as establishing fixed management cost rates for grantees and subgrantees, will confront managers of FEMA’s disaster assistance grants in fiscal year 2003.

Managing disaster response is a major challenge, particularly when the Federal Response Plan is activated and FEMA must coordinate the activities of dozens of Federal, State, and local organizations. FEMA also manages its own response assets to increase its ability to respond quickly, and its disaster response capabilities have improved substantially in recent years. Less than three hours after the World Trade Center attack the first Urban Search and Rescue Teams were at the site. FEMA also has warehouses around and outside the country in which commodities and equipment are stocked to support disaster field offices. Commodities such as water, meals, generators, tents and blankets that victims need immediately after a disaster also are stocked at the warehouses. These facilities contain thousands of items valued at more than $40 million. Maintaining the warehouses, accounting for property, and the logistics of deploying, recovering, and refurbishing reusable items are continuing challenges for FEMA.

State and Local Preparedness. The Director announced in November 2002 that FEMA will provide $225 million in grants to help State and local responders and emergency managers to become better prepared to respond to acts of terrorism and other emer­gencies and disasters. The funds are available through the fiscal year 2002 supplemental appropriation, a part of President Bush's First Responder Initiative. The funds will serve as down payments on resources for States and local communities to modernize plans and strengthen their preparedness for disasters of all kinds. The funds will flow through the States, with at least 75 percent going to local governments.

Roughly $100 million of the $225 million in supplemental funds will be used for updating plans and procedures to respond to all hazards, with a focus on weapons of mass destruction. Updated plans will address a common incident command system, mutual aid agreements, resource typing and standards, interoperability protocols, critical infra­structure protection, and continuity of operations for State and local governments. FEMA intends that the comprehensive plans will be linked through mutual aid agreements and that they will outline the specific roles of all first responders (fire service, law enforce­ment, emergency medical services, public works, etc.) to terrorist incidents and other disasters.

FEMA also will provide $56 million in 2002 supplemental funds to upgrade State emer­gency operations centers. States and territories will receive a base allocation but must submit grant proposals for additional funding. A total of $25 million is available for Citizen Corps activities, including Citizen Corps Councils, and expanded training for FEMA's Community Emergency Response Teams (CERTs) across the country. Other fiscal year 2002 supplemental fund allocations will include $7 million for secure communications, $5 million to begin laying the groundwork for a national mutual aid system, and $32.4 million for weapons-of-mass-destruction training for FEMA's urban search and rescue task forces.

Although funds have been set aside to address State and local preparedness issues, FEMA still faces the following challenges:

· Building and sustaining a national preparedness and response capability; and

· Coordinating national terrorism preparedness programs.

FEMA must continue to place a high priority on developing State and local capabilities to respond to acts of terrorism as well as natural disasters. FEMA must develop State and local capacity to respond to and manage small-to-medium-sized disasters, particularly fairly predictable ones such as repeated flooding in flood-prone areas.

FEMA also must continue expanding the development of the National Hazard Loss Estimation Methodology for all hazards. Models for estimating potential losses from hurricane wind and riverine flooding are to be introduced in February 2003, but addi­tional development is required with regard to thunderstorms, tornadoes, tropical cyclones, hail, and coastal flooding. The mounting dollar losses cannot be adequately addressed by a fragmented approach to natural hazards. Instead, estimated losses for other hazards are needed to support FEMA's risk-based approach to mitigation and emergency prepared­ness, and for comprehensive mitigation programs by local communities.

The increased threat of acts of terrorism spurred by the attacks of September 11, 2001, also indicates a need for FEMA to consider developing a terrorism-response method­ology. Those attacks highlighted the need to fully equip and train fire departments so they will be better prepared to respond to terrorist events. FEMA is addressing this matter through the U.S. Fire Administration’s (USFA) Assistance to Firefighters Grant Program (AFGP). FEMA and USFA also had awarded more than $170 million to 2,756 fire departments throughout the United States at the end of fiscal year 2002 under the AFGP. An additional $190 million is predicted to be awarded in the first quarter of fiscal year 2003. To date, nearly 5,500 fire stations have received funds for training or equipment upgrades and purchases since the inception of this program. It is likely that this program will continue indefinitely and probable that the amount of grant funds will be increased. It is imperative, therefore, that FEMA administer the program effectively and efficiently to ensure that funds are directed to those most in need and those most likely to be required to respond to a terrorist attack or natural disaster.

Mitigation Programs. The President’s fiscal year 2003 budget proposal includes $300 million under the National Pre-Disaster Mitigation Fund to initiate a competitive grant program for pre-disaster mitigation. FEMA is preparing to implement the program, which would replace the current formula-based Hazard Mitigation Grant Program, if enacted by Congress. FEMA is challenged with designing a program that ensures fair evaluation of all applicants and their proposed mitigation projects. Eligible activities include risk assessments; State and local planning; the reinforcement of structures against seismic, wind, and other hazards; elevation, acquisition, or relocation of flood-prone structures; and minor flood-control or drainage-management projects. Program success will depend on the quality and effectiveness of FEMA’s evaluation process and criteria. FEMA is taking into account stakeholder input to create the new program. Considerable work remains to be done, specifically the development of eligibility and evaluation criteria.

The OIG issued a report, “Status of Funds Awarded under the Hazard Mitigation Grant Program and Other Project Management Issues,” in July 2001. In response, FEMA is strengthening its management of the HMGP by monitoring unliquidated obligations and deobligating unspent funds. The agency also is planning to publish new regulations that will address problems cited in our report, such as co-mingling of funds, the quality of applicant progress reports, and inadequate project timeframes. Challenges remain for FEMA to ensure that States and local governments are making the best use of Federal funds and carrying out their mitigation projects timely and in accordance with grant agreements.

Multi-Hazard Flood-Map Modernization. Flooding stands out as the single most per­vasive hazard facing the nation, causing an estimated $6 billion in property damage annually. Much of the recovery spending could be avoided by efficient, up-front plan­ning using accurate, up-to-date flood maps. Before flood maps can be used effectively, however, they must reflect current hydrological conditions. An aggressive program to update, modernize, and maintain the inventory of flood maps is essential.

Multi-hazard flood-map modernization, a presidential initiative, is based on the need for FEMA to update its aging inventory of flood maps in such a way that they can accom­modate other hazards. A recent assessment revealed that 67 percent of FEMA’s flood maps are more than 10 years old and that the average age of a FEMA flood map is 14.1 years. Many of these maps do not reflect past development and, as a result, do not show changes in flood hazards. Reliance on these outdated flood maps in making decisions about new development harms commercial and residential property owners and the taxpayers who ultimately pay for flood damages. Accurate and useable flood maps are the foundation of good local planning and natural-disaster mitigation. New and updated flood maps will enable lenders, insurance agents, and many others to make critical decisions on where to build, where and when insurance is required, and what is an appropriate insurance premium.

FEMA is seeking $300 million in new discretionary appropriations in the President’s budget for fiscal year 2003 for the multi-hazard flood-map modernization program. FEMA is also seeking roughly $300 million per year in its fiscal year 2004 and 2005 budgets. Approximately $1 billion may be spent over the next three fiscal years. With more than 19,000 communities in the National Flood Insurance Program (NFIP), FEMA faces a daunting challenge in setting priorities for areas to be mapped, keeping maps current, and creating new maps for participating, unmapped communities.

Another significant challenge for FEMA is effective collaboration with States and local entities through the Cooperating Technical Partners (CTP) Program. The CTP program gives States and local entities the opportunity to interject a tailored, local focus into the national map-modernization program. The partnership mechanism also provides for pooling resources, extending the productivity of public funds, and sharing successes among partners. FEMA must also continue to seek input from the Map Modernization Coalition, members of which are substantial users of flood maps.

National Flood Insurance Program. The NFIP continues to be the largest single-line property insurer in the nation with coverage in excess of $580 billion. Aside from the fiscal enormity of this program, FEMA faces an array of formidable management challenges that include:

• Increasing numbers of repetitively flooded structures that are subsidized by the NFIP,

• Continued development and uninsured property in special flood-hazard areas,

• Insufficient funds to mitigate repetitive-loss properties, and

• Lack of exposure to mitigation opportunities.

Subsidized and low-cost flood insurance, available to residents of NFIP-participating communities, helps to manage the risk of financial loss due to flooding. Much more of the risk could be alleviated if homeowners would take responsibility for mitigation on their own property. Many property owners, however, fail to do so because (1) of the availability of subsidized insurance, premiums for which are typically a fraction of those for full risk-based policies; and (2) they know that, if flooded, their property will be repaired or rebuilt without penalty. Continuing to subsidize NFIP premiums fails to encourage owners of flood-prone real estate to move out of high-risk areas. This is no small problem, as the NFIP pays claims from floods in the same high-risk areas again and again, yet the policyholders are not required to pay risk-based premiums or to mitigate repetitive risks. This situation undermines the financial stability of the insurance program. On the other hand, if FEMA charged actuarially sound rates, owners could cancel their policies, pay nothing to the government, and rely on Federal disaster assist­ance after a flood, placing the recovery burden back on the American taxpayer.

Mitigation is rarely a priority of property owners before a disaster occurs but owners typically rush to have their property restored to its pre-disaster condition after an event. One of FEMA’s main objectives in the response and recovery period is to get assistance to flood victims quickly so they can rebuild and get their lives back to normal. The opportunity to encourage mitigation at this time is usually lost. FEMA must improve its outreach programs.

About 7 million structures are estimated to be located in special flood-hazard areas. Less than 35 percent are covered by flood insurance. FEMA needs to maintain a sustained campaign to provide insurance coverage for the millions of uninsured properties still at-risk.

FEMA believes that most communities participating in the NFIP have effective floodplain-management programs and that new construction is in accordance with the minimum requirements of the NFIP. FEMA officials told us that communities participating in the Community Rating System are closely monitored and subject to periodic inspections.

The OIG issued reports in 2002 that discussed most of the issues noted thus far, and FEMA is addressing them or planning to do so. Solutions to these matters, however, will not prevent FEMA’s need to address the following difficult future challenges:

• Effective enforcement of compliance with floodplain management criteria as a condition for maintaining NFIP eligibility,

• Effective monitoring of enforcement of mandatory flood insurance purchase requirements for property owners,

• Effective and reliable performance measurement criteria and information systems used to assess accomplishment of insurance goals and objectives, and

• Appropriate Community Rating System insurance premium discounts based on conditions in and mitigation actions taken by a community.

Public Building Insurance. The Stafford Act requires State and local governments, as a condition of receiving Federal assistance, to obtain and maintain insurance coverage on insurable facilities for the life of the facilities. FEMA reviews insurance coverage during the project approval process to ensure that applicants’ satisfy the requirements.

We noted in a January 2001 OIG report that neither FEMA nor the States consistently maintain sufficient information to support their conclusions about applicants' insurance status. At the time the report was issued, only 39 percent of the project files in our sample contained acceptable evidence of insurance. In fact, insurance was not main­tained in 34 percent of projects reviewed. We also determined that insurance reviews are not always timely or complete, and neither FEMA nor the States regularly monitors public entities that have received previous assistance to ensure that they are maintaining the required insurance. Keeping abreast of insurance status presents a significant challenge for FEMA.

Determining what constitutes the required “insurance” is another key issue confronting FEMA. The amount of assistance a public entity may receive depends on FEMA’s defin­ition of insurance. Several public entities seeking disaster assistance recently challenged successfully FEMA’s interpretations that various reserve or contingency funds did not constitute “insurance.” As a result, a higher percentage of the repair, restoration, or replacement costs of their damaged facilities became eligible for reimbursement by FEMA. FEMA faces significant hurdles in addressing the issues of (1) the absence in current regulations of an adequate definition of “insurance,” and (2) incentives for entities to purchase insurance.

Underinsured applicants and regular monitoring of the insurance status of public entities also present challenges. Some FEMA applicants purchase less insurance than required or may reduce coverage after an insurance review. The fact of under-insurance may not be known for long periods to FEMA and/or States because they do not regularly monitor public entities to ensure the maintenance of insurance on public buildings.

Management Challenges

Information Technology Management. FEMA is heavily dependent on information technology (IT) to accomplish its mission. The agency relies on technology for performing tasks ranging from emergency communications to remote data entry to automated processing of disaster assistance. Because of IT’s importance, the agency must maintain secure systems that help to ensure the integrity, confidentiality, and availability of information FEMA needs to do its job. IT can be expensive and complex, however, so FEMA needs to have in place good capital planning and investment control procedures for managing IT projects. The e-gov initiative under the President’s Management Agenda encompasses these challenges. Although the Office of Management and Budget (OMB) scored FEMA’s e-gov status as unsatisfactory, it also indicated that improvements are underway.

FEMA made progress during fiscal year 2002 toward improving information security, primarily through establishing the Office of Cyber Security, designing an information security program plan, and developing a security certification and accreditation methodology. Much more work lies ahead. Like many other Federal agencies, FEMA did not receive a passing grade for computer security from the House Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations. FEMA has struggled to ensure that the agency’s information security plan is practiced throughout the agency and applied to individual systems. As of the end of fiscal year 2002, however, no systems had received formal authorization, required by OMB, to process information, although FEMA’s planned security certification and accreditation methodology will facilitate the approval process. FEMA is struggling to build security into its system business plans, also required by OMB. FEMA must begin to assess the system security controls in place at critical service-provider points.

FEMA management has acknowledged weaknesses in IT capital planning and investment controls. Improving procedures in these areas were key initiatives of the reorganization of FEMA’s IT Services Directorate in fiscal year 2002. Improvement efforts have just begun. In a recent audit report, we recommended that FEMA consistently prepare current benefit-cost and alternative analyses, identify and maintain a current inventory of systems, provide more effective oversight of IT projects, conduct post-implementation system reviews to identify “lessons learned,” and complete an Information Resources Management Strategic Plan and IT Capital Plan as required by OMB.

FEMA is working to address the weaknesses in IT management, security, and other areas. OMB’s most recent scorecard rates other challenges that FEMA faces, including integrating itself smoothly into the new Department of Homeland Security; implementing its e-government agenda; managing its systems effectively in a rapidly changing IT environment; and meeting its human capital needs.

Financial Management. FEMA continues to face significant financial management challenges but, over the past year, has been working very to overcome them. FEMA developed a detailed remediation plan, for example, that it uses regularly to monitor progress in addressing weaknesses we identified in the financial audit of fiscal year 2001. Although FEMA has not been able to achieve all of its goals, it has been making progress. FEMA still needs more time and resources and a continued commitment by management to achieve an appropriate level of financial management.

Major factors motivating to FEMA’s progress were the qualification of the auditors’ opinion on FEMA’s fiscal year 2001 financial statements, and the auditors’ identification of six material internal control weaknesses. Although the qualified opinion was disap­pointing, it helped to focus management’s attention on long-standing problems. We had noted in previous audit reports that FEMA’s financial reporting process was unstable and, in fiscal year 2001, after three years of unqualified opinions, the auditors could no longer attest to the accuracy of all balances presented in the statements. Specifically, the auditors could not verify (1) the reported obligations incurred and unobligated balances (because of an unsupported $77 million reduction to unliquidated obligations), or (2) the reported equipment balance.

The six material internal weaknesses described in our audit report, on which FEMA’s remediation plan is based, related to information system security, real and personal property, financial system functionality, financial statement reporting, account reconcili­ation, and accounts receivable.

§ Information System Security: FEMA has been able to address some of its more critical system security problems but other weaknesses remain. We again found vulnerabilities in FEMA’s internal network environment during our audit of fiscal year 2002 financial statements. FEMA’s core financial system, the Integrated Financial Management Information System (IFMIS), still needs a back-up administrator, a contingency plan, policies and procedures for audit trail reviews, and a review of user access rights (currently underway). Although these issues have not been entirely addressed, FEMA has reported progress.

§ Real and Personal Property Accounting: FEMA simply does not have a property management system that supports property accounting requirements. A system acquisition moratorium due to FEMA’s move to the new Department of Homeland Security has prev