What’s New In GAO’s Revised Greenbook
Association of Government Accountants, KC Chapter Fall 2014 Professional Development Seminar November 10, 2014
Michael A. Fiene Chief, USDA/FSA-Internal Control and Planning Office
Which Presentation?
GAO Greenbook
Or
Preparing to Retire the “Cheapskate” Way
• COSO updated its guidance in 2013 • Provides greater detail and depth
• Retains the 5 components of internal control
• Presents 17 new principles that enumerate
management responsibilities
5
GAO Green Book (Theory)
GAO Green Book (Theory)
Effective and Efficient Operations
Accurate Reporting
Compliance with Laws and Regulations
COSO Cube
7
GAO Green Book (Theory)
Financial Non-Financial Ex
tern
al
External Financial Reports
External Non-Financial
Reports
Inte
rnal
Internal Financial Reports
Internal Non-Financial
Reports
10
GAO Green Book (Theory)
Control Environment Principles 1) The oversight body and management should
demonstrate a commitment to integrity and ethical values.
2) The oversight body should oversee the entity’s internal control system.
3) Management should establish an organizational structure, assign responsibility, and delegate authority to achieve the entity’s objectives.
4) Management should demonstrate a commitment to recruit, develop, and retain competent individuals.
5) Management should evaluate performance and hold individuals accountable for their internal control responsibilities.
11/04/2014 11
New: Principle 2, explicitly states oversight body should oversee the entity’s internal control system.
GAO Green Book (Theory)
Risk Assessment Principles 6. Management should define objectives clearly to enable
the identification of risks and define risk tolerances. 7. Management should identify, analyze, and respond to
risks related to achieving the defined objectives. 8. Management should consider the potential for fraud
when identifying, analyzing, and responding to risks. 9. Management should identify, analyze, and respond to significant
changes that could impact the internal control system.
New: Principle 8, explicitly states Management should consider the potential for fraud in its risk assessment
11/04/2014 12
GAO Green Book (Theory)
Control Activities Principles 10.Management should design control activities to
achieve objectives and respond to risks. 11.Management should design the entity’s information
system and related control activities to achieve objectives and respond to risks.
12.Management should implement control activities through policies.
New: Language very similar but modified to remove the word “should” in several places to more clearly state Management’s responsibility for
designing and implementing an effective internal control system.
11/04/2014 13
GAO Green Book (Theory)
Information and Communication Principles 13.Management should use quality information to achieve
the entity’s objectives. 14.Management should internally communicate the
necessary quality information to achieve the entity’s objectives.
15.Management should externally communicate the necessary quality information to achieve the entity’s objectives.
New: Emphasis on the “quality” of information.
11/04/2014 14
GAO Green Book (Theory)
Monitoring Principles 16.Management should establish and operate monitoring
activities to monitor the internal control system and evaluate the results.
17.Management should remediate identified internal control deficiencies on a timely basis.
New: The attributes provide guidance on establishing a baseline for monitoring as well as establishing ongoing monitoring that is built into the entity’s operations, performed continually and is responsive to change.
11/04/2014 15
GAO Green Book: Practical Applications
Risk Assessment Principles 6. Management should define objectives clearly to enable
the identification of risks and define risk tolerances. 7. Management should identify, analyze, and respond to
risks related to achieving the defined objectives. 8. Management should consider the potential for fraud
when identifying, analyzing, and responding to risks. 9. Management should identify, analyze, and respond to significant
changes that could impact the internal control system.
New: Principle 8, explicitly states Management should consider the potential for fraud in its risk assessment
11/04/2014 17
GAO Green Book: Practical Applications
Control Objective Risk All collections and disbursements of fund balance with Treasury are recorded and are recorded accurately in the general ledger
All collections and disbursements of fund balance with Treasury are not recorded and/or are not recorded accurately in the general ledger
Recorded FSA direct loans are valid and are approved/authorized by management
Recorded FSA direct loans are not valid and/or are not approved/authorized by management
All FSA direct loans are recorded and are recorded accurately in the general ledger
All FSA direct loans are not recorded and/or are not recorded accurately in the general ledger
19
GAO Green Book: Practical Applications
Risk Assessment Principles 6. Management should define objectives clearly to enable
the identification of risks and define risk tolerances. 7. Management should identify, analyze, and respond to
risks related to achieving the defined objectives. 8. Management should consider the potential for fraud
when identifying, analyzing, and responding to risks. 9. Management should identify, analyze, and respond to significant
changes that could impact the internal control system.
New: Principle 8, explicitly states Management should consider the potential for fraud in its risk assessment
11/04/2014 20
GAO Green Book: Practical Applications
Monitoring Principles 16.Management should establish and operate monitoring
activities to monitor the internal control system and evaluate the results.
17.Management should remediate identified internal control deficiencies on a timely basis.
New: The attributes provide guidance on establishing a baseline for monitoring as well as establishing ongoing monitoring that is built into the entity’s operations, performed continually and is responsive to change.
11/04/2014 24
GAO Green Book: Practical Applications
•Ongoing Monitoring Occurs when the routine operations of an organization provides feedback to those responsible for the effectiveness of the internal control system
•Separate Evaluations
Designed to evaluate controls periodically and are not ingrained in the routine operations of the organization
25
GAO Green Book: Practical Applications
28
“Monitoring promotes good control operation. When people who are responsible for internal control know their work is subject to oversight through monitoring, they are more likely to perform their duties properly over time.” COSO Guidance on Monitoring Internal Control Systems, January, 2009
GAO Green Book: ERM
Effective and Efficient Operations
Accurate Reporting
Compliance with Laws and Regulations
Strategic
Effective and Efficient Operations
Accurate Reporting
Compliance with Laws and Regulations
30
COSO I/C Framework COSO ERM Framework
GAO Green Book: ERM
Clarify technical terminology to ensure that program managers can understand and use internal controls properly; Replace “check the box” compliance approaches with risk management based approaches to support agency missions; Introduce Enterprise Risk Management (ERM); and Build on internal controls over financial reporting, while at the same time reducing compliance burdens to focus on program controls
Proposed Revisions to OMB Circular A-123
11/04/2014 31
Implementing ERM and a
Broader View of Risk
GAO Green Book: ERM
270.24 – What is Enterprise Risk Management (ERM)? 270.25 – What are the key roles of risk managers at an agency? 270.26 – Why is ERM a best practice and how is it relevant to strategic reviews? 270.27 – What other guidance does OMB provide agencies regarding risk management concepts discussed in this Circular? 270.28 – What is the difference between internal control and risk? 270.29 – What is the difference between OMB Circular A-123 and Enterprise Risk Management?
OMB’s Direction (A-11, ERM Direction) –
11/04/2014 32
Questions?
GAO Greenbook
Or
Preparing to Retire the “Cheapskate” Way
Top Related