Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standards for Internal Control in the Federal Government: The “Green Book” Kristen Kociolek Assistant Director, U.S. Government Accountability Office Harriet.

Published byHenry Long Modified over 8 years ago

Similar presentations

Presentation on theme: "Standards for Internal Control in the Federal Government: The “Green Book” Kristen Kociolek Assistant Director, U.S. Government Accountability Office Harriet."— Presentation transcript:

1 Standards for Internal Control in the Federal Government: The “Green Book” Kristen Kociolek Assistant Director, U.S. Government Accountability Office Harriet Richardson City Auditor, Palo Alto, CA Larry Stafford Internal Performance Auditor, Clark County, WA

2 Learning Objectives Understand what an exposure draft is and why the Professional Issues Committee reviews them Understand what the Green Book is and why it is relevant to local government auditors Understand key differences between COSO and the Green Book Understand ways that auditors can use the Green Book in their own work Understand ways that auditors can use the Green Book to help management in their organizations gain a better understanding of internal control

3 What Is the “Green Book”? Official title is, “Standards for Internal Control in the Federal Government” Similar to the Yellow Book, it is called the Green Book because of its green cover Reflects federal internal control standards required per the Federal Managers’ Financial Integrity Act (FMFIA) Serves as the base for OMB Circular A-123 Written for government: Leverages the COSO Framework Uses government terms

4 Green Book Through the Years 1983 Present

5 Reasons for Green Book Revision

6 From COSO to Green Book: Harmonization

7 Internal Control Defined: COSO vs. Green Book COSO Definition: “A process, effected by an entity’s board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of the objectives relating to operations, reporting, and compliance.” Green Book Definition: “An integral component of an entity’s management that provides reasonable assurance that the objectives of an entity are being achieved. These objectives and related risks can be broadly classified into one or more of the three following categories: Operations – Effectiveness and efficiency of operations Reporting – Reliability of reporting for internal and external use Compliance – Compliance with applicable laws and regulations

8 Internal Control Objectives Internal Controls Provide Reasonable Assurance of Achieving Objectives Operations Efficiency Effectiveness Compliance Laws Regulations Reporting Reliability Internal/ External Safeguarding of Assets

9 The COSO Framework Relationship of Objectives and Components Direct relationship between objectives (which are what an entity strives to achieve) and the components (which represent what is needed to achieve the objectives) COSO depicts the relationship in the form of a cube: The three objectives are represented by the columns The five components are represented by the rows The entity’s organization structure is represented by the third dimension Source: COSO

10 Green Book Revision Process Retained five original COSO components Adapted COSO Framework’s language to make it appropriate for a federal government standard Adapted the concepts for a government environment where appropriate Considered clarity drafting conventions Considered INTOSAI internal control guidance

11 Green Book Advisory Council Representation from: Federal agency management (nominated by OMB) Inspector General State and local government, including two ALGA members Academia COSO Independent public accounting firms At large

12 Revised Green Book: Overview Section Fundamental concepts of internal control Establishing an effective internal control system Evaluation of an effective internal control system Additional considerations

13 Standards: Components, Principles, and Attributes Achieve ObjectivesComponentsPrinciplesAttributes Overview Standards

14 5 Components Supported by 17 Principles 1.Demonstrate commitment to integrity and ethical values 2.Exercise oversight responsibility 3.Establish structure, authority, and responsibility 4.Demonstrate commitment to competence 5.Enforce accountability Control Environment Risk Assessment Control Activities Information & Communication Monitoring Activities 6.Define objectives and risk tolerances 7.Identify, analyze, and respond to risks 8.Assess fraud risk 9.Identify, analyze, and respond to significant change 10.Design control activities to achieve objectives 11.Design control activities for entity’s information systems 12.Implement control activities through written policies 13.Use quality relevant information 14.Communicate internally 15.Communicate externally 16.Establish and perform monitoring activities 17.Identify and remediate deficiencies in a timely manner

15 Example: Component, Principle, Attributes

16 Example: Controls Across Components Controls embedded in other components may affect this principle Principle Component

17 Key Differences: Requirements of COSO vs. Green Book COSO Framework: Each of the 5 components and relevant principles are present and functioning Addresses deficiencies in general terms Documentation is a matter of judgment Green Book: Each of the 5 components, 17 principles, and relevant attributes are effectively designed, implemented, and operating Addresses deficiencies in design, operation, and implementation Specifies minimum documentation requirements

18 Key Differences: Overall Tone and Approach COSO vs. Green Book COSO Framework: Accommodates global operations Additional details and narrative IT general controls Focus on organization’s responsibilities for internal controls Green Book: Accommodates government operations Direct and indexed IT general and application controls Focus on management’s responsibilities for internal controls

19 PIC’s Response to Green Book Exposure Draft Agreed with format, content, and enhanced detail Suggestions included: Address challenges and requirements for large, complex governments Define the terms “must” and “should”; add explanatory language for difference in responsibility imparted by each term Clarify roles and responsibilities of those responsible for internal control, including requirements for reporting allegations of fraud and wrongdoing Expand examples to strengthen understanding of applicability to state and local governments Improve documentation requirements for the monitoring component Define “external auditor” to align with GAGAS 3.27-3.30

20 Exposure Draft Review and Next Steps Issued for comments in September 2013; response deadline of December 2, 2013; extended to February 18, 2014 43 comment letters with 527 comments; major themes of comments included: Clarification of requirements (must/should) Definition of key terms Applicability to state, local, and not-for-profit organizations Documentation requirements Editorial suggestions Green Book Advisory Council meeting in late May 2014 Finalize Green Book in summer 2014 GAO will publish a companion document, Internal Control Management and Evaluation Tool

21 Auditors’ Role in Using the Green Book In their own work: there is a linkage between internal control (Green Book) and criteria (Yellow Book): Can be used by auditors to understand criteria Findings are composed of: Condition (what is) Criteria (what should be) Cause (often relates to internal control deficiencies) Effect (result) Recommendation (as applicable) Green Book provides criteria for design, implementation, and operating effectiveness of an effective internal control system

22 Auditors’ Role in Using the Green Book: Control Environment – Audit Application Audit evaluated why theft occurred: $52,000 theft from 2009-2011 despite multiple audits and 179 recommendations over 10 years to improve cash handling practices in various city departments Lack of “tone at the top” to correct the deficiencies, either at the departments audited or citywide Management focus on providing services rather than on the oversight required to safeguard assets

23 Auditors’ Role in Using the Green Book: Risk Assessment – Audit Application Audit evaluated the appropriateness of the Health Service trust fund balance: The Health Service Board was not sufficiently focused on risk management The Health Service Board did not identify cost containment strategies to address the risks associated with skyrocketing health care costs Insufficient oversight, strategic planning, and decision making from the Board, the Health Service System could not adequately position itself to address future issues

24 Auditors’ Role in Using the Green Book: Control Activities – Audit Application Audit evaluated the Pension Division’s internal control system; inadequate controls, including lack of supervision, allowed: Two employees to divert $75,690 in payments from two deceased pensioners and one fictitious pensioner into a bank account Payments totaling $2.1 million to be paid to 454 deceased pensioners over a 39-month period

25 Auditors’ Role in Using the Green Book: Information & Communication – Audit Application Audit evaluated agency procedures for collecting, calculating, and reporting performance-related data: Performance data collected often did not match the measure’s definition Procedures for collecting data often unreliable Reported performance data often inaccurate Performance data inaccuracies and inadequate procedures diminish transparency and accountability and affect the quality of management decisions

26 Auditors’ Role in Using the Green Book: Monitoring – Audit Application Audit evaluated why theft occurred; identified warning signs that there was more theft: Boat launch revenue sharply declined for three consecutive years No boat launch revenue in August 2007 – a peak boating month Management did not monitor; was unaware of decline in/lack of revenue

27 Auditors’ Role in Helping Management Use the Green Book Develop and provide training sessions to help management understand the components, principles, and attributes and their applicability to local government Focus on responsibilities of management Provide examples for each component, principle, and attribute Use “plain talk” Explain link to grant monitoring responsibilities Educate management through audits

28 Standards for Internal Control in the Federal Government: The “Green Book” Exposure Draft, previous Green Book versions, and comment letters available at: http://www.gao.gov/greenbook/overview

29 Standards for Internal Control in the Federal Government: The “Green Book” Questions?

30 Contact Information Kristen Kociolek kociolekk@gao.gov 202.512.2989 Harriet Richardson Harriet.Richardson@cityofpalto.org 650.329.2629 Larry Stafford Larry.Stafford@clark.wa.gov 360.397.2310

Download ppt "Standards for Internal Control in the Federal Government: The “Green Book” Kristen Kociolek Assistant Director, U.S. Government Accountability Office Harriet."

Similar presentations

Internal Control–Integrated Framework

Internal Control–Integrated Framework
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.

PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.

Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
Development of internal control: methodology and responsibility

Development of internal control: methodology and responsibility
Internal Control.

Internal Control.
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Government Auditing Standards

Government Auditing Standards
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
What’s New in Government Internal Control Standards?

What’s New in Government Internal Control Standards?
Standards for Internal Control in the Government Going Green Standards for Internal Control in the Federal Government 1.

Standards for Internal Control in the Government Going Green Standards for Internal Control in the Federal Government 1.
Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.

Standar Pekerjaan Lapangan: Pemahaman Memadai atas Pengendalian Intern Pertemuan 5.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Auditing A Risk-Based Approach To Conducting A Quality Audit

Auditing A Risk-Based Approach To Conducting A Quality Audit
18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.

18- 1 © 2006 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 18 Integrated Audits of Internal Control (For Public Companies Under Sarbanes-Oxley.
Purpose of the Standards

Purpose of the Standards
Presented By: Donna Denker, CPA Donna Denker & Associates.

Presented By: Donna Denker, CPA Donna Denker & Associates.
Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.

Office of the Controller and Internal Controls Jim Corkill Controller Office of the Controller September 2014.
Control environment and control activities. Day II Session III and IV.

Control environment and control activities. Day II Session III and IV.

Similar presentations

Ads by Google