Since 1999, Federal Information System Controls Audit Manual (FISCAM) has provided guidance consistent with the Yellow Book to a wide range of auditors and audit organizations that conduct information system controls assessments.
FISCAM 2023 Exposure Draft
We are proposing an update to the FISCAM to reflect changes in auditing standards, guidance, control criteria, and technology since our last revision in February 2009.
FISCAM presents a methodology for assessing the design, implementation, and operating effectiveness of information system controls. The FISCAM methodology is designed to be used primarily on financial audits, performance audits and attestation engagements in accordance with generally accepted government auditing standards. FISCAM is also consistent with the GAO/CIGIE Financial Audit Manual and NIST Special Publication 800-53.