The 17 principle requirements of the Green Book are as follows:
Control Environment
1. The oversight body and management should demonstrate a commitment to integrity and ethical values.
2. The oversight body should oversee the entity’s internal control system.
3. Management should establish an organizational structure, assign responsibility, and delegate authority to achieve the entity’s objectives.
4. Management should demonstrate a commitment to recruit, develop, and retain competent individuals.
5. Management should evaluate performance and hold individuals accountable for their internal control responsibilities.
Risk Assessment
6. Management should define objectives clearly to enable the identification of risks and define risk tolerances.
7. Management should identify, analyze, and respond to risks related to achieving the defined objectives.
8. Management should consider the potential for fraud when identifying, analyzing, and responding to risks.
9. Management should identify, analyze, and respond to significant changes that could impact the internal control system.
Control Activities
10. Management should design control activities to achieve objectives and respond to risks.
11. Management should design the entity’s information system and related control activities to achieve objectives and respond to risks.
12. Management should implement control activities through policies.
Information and Communication
13. Management should use quality information to achieve the entity’s objectives.
14. Management should internally communicate the necessary quality information to achieve the entity’s objectives.
15. Management should externally communicate the necessary quality information to achieve the entity’s objectives.
Monitoring
16. Management should establish and operate monitoring activities to monitor the internal control system and evaluate the results.
17. Management should remediate identified internal control deficiencies on a timely basis.