The Government Accountability Office (GAO) issued revisions on Thursday to its Standards for Internal Control in the Federal Government, also known as the Green Book.
The Green Book has historically been used as a framework for Federal agencies to better manage their internal control systems. Today’s update marks GAO’s first Green Book revision since 2014.
“The updated standards will help federal agencies bolster their internal control systems to prevent and prepare for risks in all areas, especially those increasingly susceptible to fraud, improper payments, and information security threats,” U.S. Comptroller General Gene Dodaro said in a statement.
“To ensure accountability and transparency of federal funds, especially in crisis situations where money is being spent quickly, these standards require clarification and modernization to keep up with changing risk environments,” Dodaro added. “I want to thank those involved in the revision process, including the Advisory Council and all those who submitted public comment.”
GAO said the 2025 revision incorporates lessons learned following the COVID-19 pandemic and cyberattacks and highlights the challenges managers face when addressing risks.
Updates to the book include emphasizing preventive control activities and highlighting management’s responsibility for internal control at all levels of an organization.
Other updates include clarifying the intent of the standards and continuing harmonization with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control – Integrated Framework.
The watchdog agency said key changes to the Green Book include:
- “the need to consider risks related to improper payments and information security when identifying, analyzing, and responding to risks;
- documentation of the results of risk assessments;
- documentation of a change assessment process so that the internal control system can be quickly adapted to respond to significant changes as they occur; and
- two new appendixes that provide information that management can use for effective internal control systems to address risks, including areas related to fraud, improper payments, and information security.”
GAO gathered input on the revisions from the Comptroller General’s Advisory Council on Standards for Internal Control in the Federal Government. The council includes experts on internal controls, drawn from Federal, state, and local governments, industry, and academia.
The watchdog agency asked for public feedback last summer on the proposed changes to the Green Book.
The 2025 Green Book is effective starting in fiscal year 2026, but GAO said early implementation is allowed. The new revision supersedes the 2014 version.