wfedstaff | April 17, 2015 7:48 pm
When there’s something strange in your neighborhood, you may call Ghostbusters. But if you’re a federal manager, you’d do better turning to the Government Accountability Office’s Green Book. Better yet, use it before things start smelling bad.
GAO has released the first major revision since 1999 of the book, officially titled “Standards for Internal Control in the Federal Government” . The update maintains the five major components of internal control from past editions, but it adds depth in the form of 17 principles. In a section about creating a control environment, it now has information on what that environment should including, such as proper oversight or competent staff.
Updated version provides more detail for managers
“The old version was at a very high level. This new version provides a lot more detail for federal managers to use on a day-to-day-basis,” said Jim Dalkin, director of financial management and assurance at GAO.
Insight by Carahsoft: This exclusive e-book demonstrates just how far agencies have come and where they still need to go to take fully advantage of DevSecOps to drive modern capabilities to their customers.
Dalkin does not like the word “checklist.” Rather, he said, it is a framework that both managers and auditors can use.
“There are a lot of federal dollars that go out on a day-to-day basis, and you need to have the policies and procedures in place to make sure the money gets to the right people and make sure the funds aren’t misused,” he said.
The new details might not make a big difference to those managers who already have effective controls in place. But they could serve as “a wake-up call” for others, according to Jeff Steinhoff, a former assistant comptroller general who is now with the accounting firm KPMG.
“Some of the issues that have arisen in the past few years that haven’t gone well, you see what happened. Whether it be GSA, VA, the person on the top was held accountable in the end. Those were management control issues,” he said.
The update also aligns the U.S. government with international standards for management controls and reflects the developments of the past 15 years. The relatively new field of risk assessment figures prominently. There is also a section on how federal managers should assess the risks of outsourcing.
The revision took several years, in which GAO reached out to stakeholders and opened a draft to public comment. The agency sought to balance the needs of federal managers and auditors, Dalkin said.
“That was the fine line we had to walk,” he said. “We wanted to be sure what we put in was flexible enough for managers and yet provided enough that auditors and IGs could use it when doing their work.”
In guarding against the kind of scandals that have befallen some agencies, you can go overboard in implementing controls, Steinhoff cautioned.
“What this is really saying: you want to ensure that what you want to happen, happens well,” he said. “And what you want to avoid, you avoid. And any time there is a breakdown, public confidence goes down.”
Agencies must begin using it for mandated financial integrity reports beginning in fiscal 2016, although they can adopt it earlier.
Federal managers wanted enough time to study the book and implement it properly, Dalkin said. “Many agencies and departments have good controls so, for them, it won’t be a big change. For others, this gives them time to catch up.”
Agency blunders put spotlight on risk management