GAO’s Green Book on Standards for Internal Control for Auditors (4 hours)

Alternate Title: Assessing Internal Controls in Performance Audits  

Course Objectives

·       Understand the various topics covered by GAO’s Green Book (Standards for Internal Control in the Federal Government)

·       Learn about 2025 Revisions to GAO’s Green Book

·       Understand the relationship between GAO’s Yellow Book (Government Auditing Standards) and the Green Book

·       Be able to apply the Green Book as criteria in local government auditing

Course Description

The Standards for Internal Control in the Federal Government, or the Green Book, provide an overall framework for designing, implementing, and operating an effective internal control system. In this course, we will discuss internal control generally and related requirements in Government Auditing Standards and walk through the various sections of the Green Book.  This will include discussion of the components and principles of internal control and how we can consider and incorporate them into our audit planning and fieldwork using real-world examples from local government audits. We will also cover changes to the Green Book released by GAO in 2025 and effective in 2026.      

 

Course Outline

·       The History of the Green Book

·       Overview of Internal Controls (what, why, how)

·       Overview of the Green Book

·       Relationship between the Yellow Book and the Green Book

·       Green Book In Depth

o   Section 1 - Fundamental Concepts of Internal Control

o   Section 2 - Establishing an Effective Internal Control System

Components and Principles

Control Environment

·       Principle 1 - Demonstrate Commitment to Integrity and Ethical Values

·       Principle 2 - Exercise Oversight Responsibility

·       Principle 3 - Establish Structure, Responsibility, and Authority

·       Principle 4 - Demonstrate Commitment to Competence

·       Principle 5 - Enforce Accountability

Risk Assessment

·       Principle 6 - Define Objectives and Risk Tolerances

·       Principle 7 - Identify, Analyze, and Respond to Risks

·       Principle 8 - Assess Fraud, Improper Payment, and Info Security Risk

·       Principle 9 - Identify, Analyze, and Respond to Change

Control Activities

·       Principle 10 - Design Control Activities

·       Principle 11 - Design General Control Activities over Info Technology

·       Principle 12 - Implement Control Activities

Information and Communication

·       Principle 13 - Use Quality Information

·       Principle 14 - Communicate Internally

·       Principle 15 - Communicate Externally

Monitoring

·       Principle 16 - Perform Monitoring Activities

·       Principle 17 - Evaluate Issues and Remediate Deficiencies

o   Section 3 - Evaluation of an Effective Internal Control System

·       2025 Revisions to the Green Book:

o   Why GAO revised it (COVID-19 + cyberattacks + Changes by COSO)

o   What the revisions include:

·       Emphasis on preventive control activities

·       More consideration of risks related to improper payments and information security

·       Additional guidance on documenting the results of risk assessments

·       New guidance on documenting a change assessment

·       Two new appendices related to fraud, improper payments, and information security

·       Wrap-up