Standards for Internal Control in the Federal Government

Standards for Internal Control in the Federal Government (commonly known as the “Green Book”), sets the standards for an effective internal control system for federal agencies and provides the overall framework for designing, implementing, and operating an effective internal control system.

An entity uses the Green Book to help achieve its objectives related to operations, reporting, and compliance.

GAO updated the Green Book in 2025 to provide requirements, guidance, and resources to help managers better address risk areas related to fraud; improper payments; information security; and the implementation of new or substantially changed programs, including emergency assistance programs

The 2025 revision of Standards for Internal Control in the Federal Government contains changes from, and supersedes, Standards for Internal Control in the Federal Government (GAO-14-704G) issued in September 2014. Key changes in this 2025 revision include the following:

• The need to consider risks related to improper payments and information security when identifying, analyzing, and responding to risks.
• Documentation of the results of risk assessments, including the identification, analysis, and response to risks.
• Documentation of a change assessment process for identifying, analyzing, and responding to risk related to significant changes so that the internal control system can be quickly adapted as needed to respond to changes once they occur.
• Two new appendixes that provide additional information related to control activities, examples of sources of data, and references to additional resources that management may leverage in designing, implementing, and operating effective internal control systems to address risks, including areas related to fraud, improper payments, and information security.

Updates include an emphasis on prioritizing preventive control activities and highlighting management’s responsibility for internal control at all levels within the entity’s organizational structure, such as program and financial managers. Other updates were made to clarify the intent of the standards and to continue harmonization with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control – Integrated Framework.

The 2025 revision of Standards for Internal Control in the Federal Government is also available in a digital format.

Effective Date

The 2025 revision of Standards for Internal Control in the Federal Government is effective beginning with fiscal year 2026 and the Federal Managers’ Financial Integrity Act of 1982 reports covering that year. Early implementation is permitted.

Revision Process

Revisions of Standards for Internal Control in the Federal Government undergo an extensive, deliberative process, including public comments and input from the Comptroller General's Advisory Council on Standards for Internal Control in the Federal Government. GAO considered all comments and input in finalizing revisions to the standards.

Why GAO Revised the Green Book

Section 3512 (c) and (d) of Title 31 of the United States Code, commonly known as the Federal Managers’ Financial Integrity Act of 1982, requires the Comptroller General to issue standards for internal control in the federal government. This update is intended to help managers design and strengthen their entities’ internal control systems to address risks, including risks related to fraud, improper payments, and information security, and the implementation of new or substantially changed programs, including emergency assistance programs.

For more information or for technical assistance regarding the Green Book, please e-mail greenbook@gao.gov. Visit GAO’s Green Book website for more information on applicable updates and alerts.