The GAO recently updated the Green Book for the first time since 2014, introducing new guidance that strengthens risk assessment, information security, and internal control practices, with changes taking effect in FY 2026.
The GAO Green Book provides a comprehensive framework for designing, implementing, and maintaining effective internal controls. While nonprofit organizations, colleges, and other non-federal entities receiving federal grants aren’t required to follow the Green Book exactly, it offers valuable guidance to help safeguard federal funds and ensure compliance with grant requirements.
Using the Green Book as a reference can strengthen your organization’s internal controls and prepare you for federal monitoring. Here’s a simple approach to get started:
1. Understand the Core Components
Familiarize yourself with the Green Book’s five components of internal control: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring. These components form the foundation of a strong control system.
2. Assess Your Current Controls
Review your existing internal controls and processes. Identify which areas already align with the Green Book principles and where gaps or weaknesses exist, especially around safeguarding federal funds.
3. Identify Risks Specific to Your Grant Programs
Conduct a risk assessment focusing on threats that could affect your programs.
4. Design or Strengthen Control Activities
Develop policies, written procedures, and controls to address identified risks. This might include segregation of duties, authorization processes, or monitoring mechanisms.
5. Establish Clear Communication and Documentation
Ensure that roles, responsibilities, and control activities are clearly communicated and documented across your organization.
6. Monitor and Update Controls Regularly
Set up ongoing monitoring to verify that controls work effectively, and update them as your programs or risks evolve.
By referencing the Green Book, you can build a more robust internal control system that protects your organization and enhances your ability to manage federal grants successfully.
