7/29/2019 GAO Slides on GB Revision FAEC 06 2012

1/19

Federal Audit ExecutiveCouncil (FAEC)

June 2012

Bi-Monthly Meeting

Heather I. Keister

Doris G. Yanger

June 14, 2012

Green Book Update

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

2/19

Session Objectives

Discuss update of The Committee of SponsoringOrganizations of the Treadway Commission(COSO) Internal Control-Integrated Framework

Discuss GAOs plan to update the Standards forInternal Control in the Federal Government,GAO/AIMD-00.21.3.1, November 1999 (Green

Book)

2

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

3/19

COSOs Internal Control-IntegratedFramework

COSO Framework first published in 1992

Framework concepts timeless, but context needsupdating

COSO released exposure draft for comment in

December 2011 Deadline for submitting comments was March 31, 2012

Draft available at www.ic.coso.org

3

http://www.ic.coso.org/http://www.ic.coso.org/

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

4/19

4

Why update the COSO InternalControl-Integrated Framework?

Changes in operating environments

Changes in business models

Tight budget constraints

Expectations for governance oversight

Use and reliance on evolving technologies Expectations for preventing and detecting fraud

Demands and complexities in laws, rules, regulationsand standards

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

5/19

Highlights of COSOs Internal Control Integrated Framework Update

Project goal is to refresh the Framework

Update not intended to alter core concepts developed in

original Framework

Additional focus on operational and compliance controlobjectives

Expands the reporting category of objectives

Codification of five internal control components into

Principles and Attributes5

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

6/19

6

Whats Not Changing?

Definition and objectives of internal control

Five components of internal control

Criteria used to assess effectiveness of systems ofinternal control

Use of judgment in evaluating the effectiveness ofsystems of internal control

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

7/197

Definition and Objectives of InternalControls Remain Unchanged

Definition

Internal control is a process, effected by an entitys board of directors,

management and other personnel, designed to provide reasonable

assurance regarding the achievement of objectives.

ObjectivesOperations: Effectiveness and efficiency of operations

Reporting: Reliability of reporting

Compliance: Compliance with applicable laws and regulations

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

8/198

Components of Internal ControlRemain Unchanged

Relationship of Objectives and ComponentsA direct relationship exists between objectives (which arewhat an entity strives to achieve) and the components(which represent what is needed to achieve the

objectives).

COSO depicts therelationship in a form of a cube:

The three objectives are representedby the columns.

The five components are representedby the rows.

The entitys organization structure isrepresented by the third dimension.

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

9/19

What Changed in COSOExposure Draft?

Update not intended to alter core conceptsdeveloped in the original Framework

Goal of the project is to refresh objectives ofthe Framework

Address significant changes to the businessenvironment and associated risks

Codify criteria to use in the development andassessment of systems of internal control

Increase focus on operations, compliance, and non-financial reporting objectives

9

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

10/1910

What Changed in COSOExposure Draft? (cont.)

Expanded financial reporting objective toaddress internal and external, financial and non-financial reporting objectives

Enhanced internal control guidance over:

Operations

Compliance

Information Technology

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

11/19

What Changed in COSOExposure Draft? (cont.)

Codification of internal control concepts intoPrinciples and Attributes Represents the fundamental concepts associated with

each component Provides a basis for evaluating the effectiveness ofinternal controls

17 Principles supported by related attributes that representcharacteristics associated with these principles

Provides clarity in the design and development of internalcontrols

Supports assessment on the effectiveness of internalcontrols

11

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

12/19

Codification of 17 Principles Embeddedin the Original Framework

13. Uses relevant information

14. Communicates internally

15. Communicates externally

Control Environment 1 Demonstrates commitment to integrity and ethical values2 Exercises oversight responsibility3 Establishes structure, authority and responsibility4 Demonstrates commitment to competence5 Enforces accountability

Risk Assessment 6 Specifies relevant objectives7 Identifies and analyzes risk8 Assesses fraud risk9 Identifies and analyzes significant change

Control Activities 10 Selects and develops control activities11 Selects and develops general controls over technology12 Deploys through policies and procedures13 Uses relevant information14 Communicates internally15 Communicates externally

Monitoring Activities 16 Conducts ongoing and/or separate evaluations17 Evaluates and communicates deficiencies

Information &Communication

12

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

13/1913

GAOs Responsibility for IssuingStandards for Internal Control in theFederal Government (Green Book)

Federal Managers Financial Integrity Act of1982(FMFIA) requires GAO to issue standards forinternal control in the Federal government

Provides an overall framework for establishing andmaintaining internal control in Federal agencies

Existing Green Book utilizes COSO internal controlconcepts

Last revision issued November 1999

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

14/19

Why Revise the Green Book?

General recognition of the need to update

The COSO Internal Control Integrated-Framework is currentlybeing updated

Consider the updated COSO Framework where applicable togovernment and add additional areas of emphasis forgovernment

Green Book will be updated and harmonized with the revised

COSO framework

Revised Green Book will provide clarified standards andattributes to assist:

Management in developing internal control

Auditors in auditing and reporting on internal control14

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

15/19

Green Book Revision Process and Timing

GAO will seek input from user groups- Management

- IG and audit community

-OMB and other users

A Green Book advisory council with cross-representation, similar to the Yellow Book

council, will be established

An exposure draft will be available for commentwith a final version due later in the year

15

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

16/1916

Green Book Revision Timeline

Seek input from user groups - Ongoing

Public Exposure Period 2013 90 day comment period

Finalize 2013

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

17/1917

Proposed Green Book Changes

Expand discussion of the five components ofinternal control

Expand discussion of controls over informationtechnology

Expand discussion on compliance withapplicable laws and regulations

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

18/19

Why are we here today?

Outreach to the user community to obtain theirinput on areas of interest related to internalcontrol in the Federal government

Opportunity to discuss areas of interest,concerns and other internal control related topics

18

7/29/2019 GAO Slides on GB Revision FAEC 06 2012

19/19

Questions?

GAO Contact Information

Jim Dalkin, Director, (202) 512-3133, dalkinj@gao.gov

Heather Keister, Assistant Director, (202) 512-2943, keisterh@gao.gov

Doris Yanger, Senior Auditor, (202) 512-4819, yangerd@gao.gov

mailto:dalkinj@gao.govmailto:keisterh@gao.govmailto:yangerd@gao.govmailto:yangerd@gao.govmailto:keisterh@gao.govmailto:dalkinj@gao.gov