0
Menu
0
CPE

The GAO Green Book: Understanding Government Internal Control Standards

June 13, 2025
6 min read
Open book representing Yellow Book CPE requirements

The GAO Green Book, formally titled Standards for Internal Control in the Federal Government, is a cornerstone of accountability in public sector financial management. To help you better understand what's in it and how it applies to your work, we're looking at the Green Book's purpose and historical development as well as the current structure and the latest updates, focusing on how it supports internal control excellence across federal and non-federal entities.

Table of Contents

  1. What is the GAO Green Book?
  2. Historical background
  3. Who writes the Green Book?
  4. Structure and Components of the Standards for Internal Control in the federal government
  5. 2025 updates
  6. Broader application


 

Start earning CPE and CE credits with a FREE course!

Get Your Free Credit

 

What Is the GAO Green Book?

Issued by the U.S. Government Accountability Office (GAO), the Green Book provides a comprehensive framework for establishing and maintaining effective internal control systems. This book is an essential resource for auditors, compliance officers, and federal program managers responsible for ensuring that government operations are efficient, reliable, and fully compliant with applicable laws and regulations. But let's look further into what this means.

The GAO Green Book defines internal control as a “process, effected by an entity’s oversight body, management, and other personnel, designed to provide reasonable assurance that the objectives of an entity will be achieved." These objectives fall into three categories:

  1. Operations: Effective and efficient use of resources to achieve mission goals
  2. Reporting: Reliable internal and external financial and non-financial reporting
  3. Compliance: Adherence to applicable laws and regulations

Internal control is not a one-time event, but a continuous, integrated process embedded in an organization’s operations. For example, a federal grant administrator might use the Green Book to ensure that disbursements comply with program rules, while an internal auditor might assess whether procurement controls are sufficient to prevent fraud.

Although designed for federal agencies, the Green Book is also widely used by state and local governments, nonprofit organizations, and other entities that receive federal funding.

Historical Background of the GAO Green Book

The GAO Green Book’s origins trace back to the Federal Managers’ Financial Integrity Act (FMFIA) of 1982. This act made it a requirement that executive agencies establish internal controls that are consistent with standards issued by the Comptroller General of the United States. The GAO, as the federal government’s audit and investigative arm, fulfills this mandate by publishing the Green Book.

The GAO significantly modernized the Standards for Internal Control in the Federal Government in 2014, aligning it with the COSO Internal Control—Integrated Framework, which is widely recognized in the private sector. This alignment introduced a principles-based structure and emphasized adaptability across diverse government environments.

The 2025 update, effective for fiscal year 2026, builds on this foundation by addressing emerging risks such as cybersecurity, fraud, and emergency response, ensuring the GAO Green Book remains relevant in today’s complex federal landscape.

Who Writes the GAO Green Book?

The GAO is solely responsible for authoring and maintaining the Standards for Internal Control in the Federal Government. As mandated by FMFIA, the GAO develops these standards in consultation with advisory councils, subject matter experts, and stakeholders across the federal government.

This collaborative process ensures that the Green Book reflects current risks, technologies, and operational realities. It is not merely a set of best practices—it is the authoritative standard for internal control in the federal government.

Agencies required to follow the GAO Green Book include:

  • U.S. Department of the Treasury: Oversees federal finances and public debt
  • Department of Health and Human Services (HHS): Administers Medicare, Medicaid, and public health programs
  • Department of Defense (DoD): Manages logistics, procurement, and personnel systems
  • Environmental Protection Agency (EPA): Ensures regulatory compliance and proper use of grant funding

  • Social Security Administration (SSA): Safeguards benefit payments and prevents fraud

     

    Icon of an open book illustration

    Download our FREE ebook Excel automation for accountants 

    With step-by-step tutorials and real world examples, learn valuable automation functions in Excel that save time, improve accuracy, and and enhance your skills!

    Download your free guide


     

Structure and Components of the Standards for Internal Control in the federal government

The Green Book is structured around five interrelated components of internal control, each supported by specific principles and attributes:

Control Environment 

Sets the tone at the top. It includes integrity, ethical values, organizational structure, and accountability. A strong control environment is foundational to all other components.

Risk Assessment 

Involves identifying and analyzing risks to achieving objectives. This includes fraud risk, changes in operations, and external threats like cyberattacks.

Control Activities 

These are the policies and procedures that help ensure directives are carried out. Examples include approvals, reconciliations, and segregation of duties.

Information and Communication 

Ensures that relevant, timely, and quality information flows throughout the organization and to external stakeholders.

Monitoring 

Involves ongoing and separate evaluations to assess the effectiveness of internal controls and ensure timely remediation of deficiencies.

Each component is supported by 17 principles that provide detailed guidance for implementation.

2025 updates to the GAO Green Book

The 2025 update to the GAO Green Book introduces several enhancements to address modern challenges:

  • Fraud Risk Management: Agencies are expected to proactively identify, assess, and mitigate fraud risks, aligning with broader federal initiatives to reduce improper payments
  • Information Security: New guidance emphasizes integrating cybersecurity into internal control frameworks to address growing threats
  • Emergency and Rapid Deployment Programs: The update includes provisions for maintaining effective controls during crises, such as public health emergencies or natural disasters
  • New Appendices: Two appendices provide practical examples, case scenarios, and data sources to help agencies tailor internal controls to their specific missions and risks
     

Broader Applications Beyond Federal Agencies

While the Green Book is mandatory for federal agencies, its principles are widely adopted by state and local governments, nonprofits, and private entities that receive federal funds or operate in regulated environments.

Consider these two examples: 

  • A state education department managing federal grants may use the Green Book to ensure compliance with the Elementary and Secondary Education Act.
  • A nonprofit housing provider might adopt the Green Book framework to strengthen internal controls and demonstrate accountability to funders and auditors.

Many state auditors and inspectors general reference the Green Book during evaluations, and some states have codified its use into their financial management policies. Its adaptability makes it a national benchmark for internal control excellence.

These updates ensure that internal controls remain robust, even under urgent or high-pressure conditions.

Learn more about the Standards of Internal Control in the Federal Government with CPE courses from Becker

If you'd like to dig deeper into this topic, Becker offers several CPE courses designed to keep you informed and help you meet your requirements. Check out these courses for additional information:

Access these courses and over 700 other courses on-demand, 1,000 live webcasts annually, and weekly CPE podcasts when you subscribe to Becker's Prime CPE! 

Related Articles

A guide to the GAO Yellow Book
CPE
A guide to the GAO Yellow Book

by Shannon Cantor

May 2025

8 min read

Read More
The expense recognition principle
CPE
The expense recognition principle

by Jennifer F. Louis, CPA

May 2025

5 min read

Read More
Tax penalty abatement - Helping clients reduce their tax burdens
CPE
Tax penalty abatement - Helping clients reduce their tax burdens

by Shannon Cantor

May 2025

7 min read

Read More

Share

FacebookLinkedinXEmail
CPE FREE COURSE
Learn more
Sidebar CTA
Browse our CPE Offerings
Browse

Areas of study:

Becker Policies:

Now Leaving Becker.com

You are leaving the Becker.com website. Once you click “continue,” you will be brought to a third-party website. Please be aware, the privacy policy may differ on the third-party website. Adtalem Global Education is not responsible for the security, contents and accuracy of any information provided on the third-party website. Note that the website may still be a third-party website even the format is similar to the Becker.com website.

Continue