What is the Green Book and how is it used?
Important facts and concepts related to the Green Book and internal control
Page
structure
Control Environment
5 principles
Risk Assessment
4 principles
Control Activities
3 principles
Information and Communication
3 principles
Monitoring
2 principles
Each of the five
components of internal
control contains several
principles. Principles are the
requirements of each component.
Attributes
Each principle has important characteristics, called attributes,
which explain principles in greater detail.
Principles
The
cube
The standards in the
Green Book are organized
by the five components of internal
control shown in the cube below. The five
components apply to staff at all organizational
levels and to all categories of objectives.
Risk Assessment
Control Activities
Components of
internal control
Entity
Division
Operating unit
Function
Levels of
organizational structure
Operations
Categories
of objectives
Compliance
Control Environment
Reporting
Green Book pages
show components, principles,
and attributes.
GAO.GOV/GREENBOOK
How does an entity use the Green Book?
Who would use the Green Book?
What is internal control?
Internal control is a process used by management to help an
entity achieve its objectives.
An entity uses the Green Book to design, implement, and
operate internal controls to achieve its objectives related to
operations, reporting, and compliance.
How is the Green Book related to
internal control?
Standards for Internal Control in the
Federal Government, known as the
Green Book, sets internal control
standards for federal entities.
Internal control and the Green Book
Sources: GAO and COSO. GAO-14-704G
Controls
designed
Objective
achieved
Objective
identified
Controls
in place
An independent public accountant
conducting an audit of expenditures
of federal dollars to state agencies
A compliance officer
responsible for making
sure that personnel have
completed required
training
A program
manager at a
federal agency
Inspector general staff
conducting a financial or
performance audit
How does internal control work?
Internal control helps an entity
Run its operations efficiently and effectively
Report reliable information about its operations
Comply with applicable laws and regulations
Information and
Communication
Monitoring
Control Environment
Page 22 GAO-14-704G Federal Internal Control
1.01 The oversight body and management should demonstrate a
commitment to integrity and ethical values.
Attributes
The following attributes contribute to the design, implementation, and
operating effectiveness of this principle:
• Tone at the Top
• Standards of Conduct
• Adherence to Standards of Conduct
1.02 The oversight body and management demonstrate the importanc
integrity and ethical values through their directives, attitudes, and
behavior.
1.03 The oversight body and man
agement lead by an example that
demonstrates the organization’s values, philosophy, and operating style.
The oversight body and management set the tone at the top and
throughout the organization by their example, which is fundamental to an
effective internal control system. In larger entities, the various layers of
management in the organizational structure may also set “tone in the
middle.”
1.04 The oversight body’s and management’s directives, attitudes, and
behav
iors reflect the integrity and ethical values expected throughout the
entity. The oversight body and management reinforce the commitment to
doing what is right, not just maintaining a minimum level of performance
necessary to comply with applicable laws and regulations, so that these
priorities are understood by all stakeholders, such as regulators,
employees, and the general public.
1.05 Tone at the top can be either a driver, as shown in the preceding
paragraphs, o
r a barrier to internal control. Without a strong tone at the
top to support an internal control system, the entity’s risk identification
may be incomplete, risk responses may be inappropriate, control
activities may not be appropriately designed or implemented, information
and communication may falter, and results of monitoring may not be
understood or acted upon to remediate deficiencies.
Principle 1 -
Demonstrate
Commitment to
Integrity and Ethical
Attributes
Principle
Component