GAO issues new standards for management controls

There's one sure way to get a negative General Accounting Office or inspector general report about your agency: Don't have effective internal controls in place.

Federal managers who want to make sure their controls are adequate may want to read a new 21-page guide GAO issued this month: "Standards for Internal Control in the Federal Government" (AIMD-00-21.3.1).

GAO has updated the guide, originally created in response to the Federal Managers' Financial Integrity Act of 1982, to reflect the increasing importance of information technology in federal operations.

An internal control is any business practice that helps safeguard or make more efficient use of an agency's assets. Keeping your computer password secret is an internal control. So is splitting up responsibility for authorizing, processing and reviewing transactions. Giving different people those tasks reduces the risk of error or fraud.

"Internal control should be recognized as an integral part of each system that management uses to regulate and guide its operations rather than as a separate system within an agency," GAO said. "Internal control is management control that is built into the entity as a part of its infrastructure to help managers run the entity and achieve their aims on an ongoing basis."

In addition to standard internal control mandates-conducting risk assessments to identify places in which internal controls are necessary, requiring adherence to internal control procedures, communicating the importance of controls to employees and monitoring compliance-GAO focuses on controls for information systems.

Internal controls for such systems should include backup and recovery procedures, system software controls, firewalls, password policies, documentation requirements and computerized edit checks to review the soundness of data in transactions, GAO recommended. But in the end, GAO cautioned that internal controls do not provide absolute assurance that things won't go wrong.

"Human mistakes, judgment errors and acts of collusion to circumvent control can affect meeting agency objectives," GAO warned.

Click here to get a copy of the new GAO guide in PDF format, which requires Adobe Acrobat to read.