International Journal of Government Auditing – January 2015
In an age of shifting environments, evolving demands, changing risks, and new priorities, government entities, including Supreme Audit Institutions (SAIs), constantly look for ways to improve their performance. By implementing an effective internal control system, SAIs can work more efficiently and effectively to achieve their goals.
Internal control—an organizational process used to help an entity achieves its objectives —is a matter of great interest to SAIs worldwide. SAIs can play a key role in establishing internal control standards. In the United States, the U.S. Government Accountability Office (GAO) publishes Standards for Internal Control in the Federal Government (also known as the “Green Book”), which sets the internal control standards for federal entities. Because GAO issued the most recent Green book in 1999, GAO recognized the need to update the standards in order to adapt to various changes in the ways the government operates.
Internal controls are the plans, methods, policies, and procedures organizations, including governments, use to ensure that they are meeting their objectives. These objectives can be broadly classified into three categories: operations, reporting, and compliance. Internal control helps an organization operate more efficiently and effectively, report reliable information about its operations, and comply with applicable laws and regulations.
GAO’s Green Book defines the standards for internal control in the federal government. The document provides an overall framework for establishing and maintaining an effective internal control system. The new edition of the Green Book, issued September 2014, retains the five components of internal control found in past editions, and presents 17 new principles that enumerate management responsibilities in implementing and overseeing an effective internal control system. Each principle has important characteristics, called attributes, which explain principles in greater detail.
Control Environment is the foundation for an internal control system. It provides the discipline and structure to help an entity achieve its objectives.
Risk Assessment assesses the risks facing the entity as it seeks to achieve its objectives. This assessment provides the basis for developing appropriate risk responses.
Control Activities are the actions management establishes through policies and procedures to achieve objectives and respond to risks in the internal control system, which includes the entity’s information system.
Information and Communication refers to the quality information management and personnel communicate and use to support the internal control system.
Monitoring includes activities management establishes and operates to assess the quality of performance over time and promptly resolve the findings of audits and other reviews.
In order to improve its performance, an SAI can incorporate the concepts from the Green Book into their internal control standards. The Green Book can serve as a guide to design, implement, and operate internal controls to achieve its objectives related to operations, reporting, and compliance. Based on applicable laws and regulations, an SAI can determine how to appropriately adapt the standards presented in the Green Book as a framework for the organization.
Internal control is advantageous to a SAI in many ways. First, it provides management with added confidence regarding the achievement of objectives. Second, internal control provides feedback on how effectively an entity is operating. Finally, it helps reduce risks affecting the achievement of the entity’s objectives.
Internal control is a dynamic, iterative, and integrated process built into the day to day operations of an organization. The Green Book can be used as a resource for auditors to model criteria for an effective internal control system and use that criteria to audit government entities.
In addition, SAIs could, by using this tool, continually evaluate their own internal control system in order to improve performance.