top of page
The GAO Green Book Compliance Academy

The GAO Green Book Compliance Academy

A Practical Approach to A-123 Compliance Programs


Join us for a unique, interactive workshop that "walks you through" the latest update of The Green Book which now conforms to the Internal Control Integrated Framework (COSO 2013). This training is focused on the current Standards for Internal Control in the Federal Government as detailed in the Green Book.


This 18 hour CPE course provides you with the tools to implement a compliance program that is consistent with the Green Book. This compliance workshop is focused on the needs of the government entity that has to comply with the Green Book. This program covers the Who - What - Why - Where - How to Control, the 17 principles presented, as well as the 52 attributes concerning compliance.


Documentation is a necessary part of an effective internal control system and is required for the effective design, implementation, and operating effectiveness of the internal control system. To document an understanding of an entity's internal control, management may consider developing documents such as:

1. Policies and procedures manuals

2. Flowcharts

3. Narratives/Tables

4. Risk Control Matrices (RCM)

5. Project Management Office (PMO).

6. Control Self-Assessments

7. Mapping the key controls library to the 17 principles and 52 attributes

8. Gap Analysis.


Each attendee will receive 18 CPE Hours (YB).

  • Details on Event Presentation

    Offered on Tuesday-Thursday once every six weeks in three six hour sessions for 18 CPE credits.

    The sessions will run from 9:00 a.m. to 3:00 p.m. Central Time Zone. There will be a lunch break from 12:00 noon to 12:30 p.m. each day.

    We can schedule private events on your timetable for two or more attendees.

  • CPE Event Highlights

    The seminar reviews the following:

    • The Components of COSO
    • Logic presented by the COSO Components
    • The structure used to describe the COSO Framework as used in The Green Book
    • Principles present in The Green Book Framework
    • The "Attributes" in The Green Book vs the "Points of Focus" in COSO 2013
    • The importance of the "Attributes"
    • How to gage the effectiveness of internal controls
  • Learning Objectives

    Attendees will learn how to:

    • Define the "internal control framework" within an organization

    • Describe The Green Book standard and its documents to management

    • Position themselves to plan their compliance for the next fiscal year

    • Work to be insync with Uniform Administrative Rules Section 200.303

    • Understand the gaps and shortcomings in Green Book compliance

  • Key Issues on the Agenda


    • The GB Context
    • COSO 2013 to The Green Book
    • Understanding the "Real" Risks
    • Dr. Deming's 14 Quality Concepts
    • Understanding the "Real" Risks
    • Dr. Kotter's Steps for Change


    • COSO Internal Control Framework
    • The Green Book


    • Categories of IT Controls
    • Information Technology Frameworks
    • COBIT 5.0


    • Define Objectives and Risk Tolerances
    • Categorizing Your Controls
    • Assessment of the "Big Three"
    • Elements of the Federal Enterprise Model
    • Integration Mapping


    • Risk Assessment
    • Inventory Your Controls
    • Policies vs Procedures
    • Maturity Model: Policy - Standard - Procedure
    • Continuous Improvement
    • Management by Walking Around
    • Proactive Root Cause Analyst
    • Control Self Assessments


    • Competence
    • The Facts
    • Monitoring and Analytics
    • Whistleblower Hotlines
    • Interviewing using the S.P.I.N. Methodology
    • Root Cause Analysis
    • Communication Challenges
    • Categories of Lies
    • Internal Control Reliability Model


    • Program Organization
    • Green Book Program Management & Scope
    • Responsibilities of the Internal Control Team
    • Scope Management
    • Project Management Killers


    • Overall Assessment of a System of Internal Control
    • Points for Risk Management
    • Characteristics of ELC Documentation
    • IT General Controls Risk Assessment
    • Financial Statement Risk Assessment
    • Have you defined deficiencies?
    • Categories of "Control Deficiencies"
    • Defensive Strategy "Business Resilience"


    • Remediate and Re-Test
    • Types of Testing
    • Evaluate the Stages of "Control Effectiveness"
    • Testing Controls


  • NASBA Program Disclosure

    Program Level of Understanding: Basic

    Prerequisites: None

    Advance Preparation: None

    Delivery Format: Group Internet Based

    NASBA Field(s) of Study: Auditing, Information Technology

    CPE Credits: 18, based on 50 minutes of instruction per hour

bottom of page