In May 2025, the U.S. Government Accountability Office (GAO) released updates to the Standards for Internal Control in the Federal Government, commonly known as the Green Book. This update modernizes the Federal internal control framework to better address today’s risk landscape, with new requirements focused on fraud, improper payments, information security, and rapid response programs.
Whether you’re managing investigative cases or ensuring compliance across your agency, understanding what’s changed is essential for aligning your operations with Federal expectations.
What is the Green Book?
The Green Book establishes the internal control standards for federal agencies. It provides a framework for designing, implementing, and operating effective internal control systems to achieve mission objectives while safeguarding public resources.
Why were changes made?
The GAO revised the Green Book to provide updated requirements, resources, and guidance that strengthen risk management practices. The 2025 update aims to help managers more effectively address critical risk areas, including:
- Fraud
- Improper payments
- Information security
- Implementation of new or significantly changed programs (e.g., emergency assistance)
Key Changes in the 2025 Revision:
- Risk Focus Expansion: Agencies must now consider improper payments and information security risks when assessing internal controls.
- Risk Assessment Documentation: New requirements for documenting the identification, analysis, and response to organizational risks.
- Change Management Protocols: Agencies must implement a change assessment process to respond quickly to significant internal or external shifts.
- New Appendices: Includes practical tools, examples of data sources, and control activities to support managers in building more effective systems.
Why It Matters?
The 2025 Green Book update places greater responsibility on agencies to document and proactively manage risk, especially in areas like fraud, cybersecurity, and rapid program changes. For investigative and compliance teams, this means:
- Increased accountability across all staff levels, not just leadership
- More rigorous documentation requirements must be met during audits or internal reviews
- Stronger expectations for preventive controls, not just reactive measures
- Adaptability to emergency programs or fast-moving initiatives like pandemic response or disaster relief
For agencies using case management systems like CMTS, the new standards reinforce the value of having configurable workflows, audit trails, and role-based access controls—all essential to meeting updated federal expectations with confidence.
When Do the New Standards Take Effect?
The 2025 Green Book revision becomes effective with fiscal year 2026, and early implementation is encouraged.
CMTS is built to help investigative and compliance teams meet updated federal expectations with confidence. Request a Live Demo to see how CMTS can support your agency’s compliance efforts.