GAO – Standards for Internal Control in the Federal Government (commonly known as the “Green Book”), sets the standards for an effective internal control system for federal agencies and provides the overall framework for designing, implementing, and operating an effective internal control system. An entity uses the Green Book to help achieve its objectives related to operations, reporting, and compliance. GAO updated the Green Book in 2025 to provide requirements, guidance, and resources to help managers better address risk areas related to fraud; improper payments; information security; and the implementation of new or substantially changed programs, including emergency assistance programs. The 2025 revision of Standards for Internal Control in the Federal Government contains changes from, and supersedes, Standards for Internal Control in the Federal Government (GAO-14-704G) issued in September 2014. Key changes in this 2025 revision include the following:

• The need to consider risks related to improper payments and information security when identifying, analyzing, and responding to risks.
• Documentation of the results of risk assessments, including the identification, analysis, and response to risks.
• Documentation of a change assessment process for identifying, analyzing, and responding to risk related to significant changes so that the internal control system can be quickly adapted as needed to respond to changes once they occur.
• Two new appendixes that provide additional information related to control activities, examples of sources of data, and references to additional resources that management may leverage in designing, implementing, and operating effective internal control systems to address risks, including areas related to fraud, improper payments, and information security.

Updates include an emphasis on prioritizing preventive control activities and highlighting management’s responsibility for internal control at all levels within the entity’s organizational structure, such as program and financial managers. Other updates were made to clarify the intent of the standards and to continue harmonization with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO) Internal Control – Integrated Framework.