Skip to main content

Federal Information System Controls Audit Manual

Jump To:


Since 1999, Federal Information System Controls Audit Manual (FISCAM) has provided guidance consistent with the Yellow Book to a wide range of auditors and audit organizations that conduct information system controls assessments.

FISCAM 2023 Exposure Draft

We are proposing an update to the FISCAM to reflect changes in auditing standards, guidance, control criteria, and technology since our last revision in February 2009.

We are seeking public comment on our proposed revision. Please send your written comments using our fillable form (DOCX, 12 pages) to no later than October 18, 2023.

View the 2023 Exposure Draft

Current FISCAM

FISCAM presents a methodology for assessing the design, implementation, and operating effectiveness of information system controls. The FISCAM methodology is designed to be used primarily on financial audits, performance audits and attestation engagements in accordance with generally accepted government auditing standards. FISCAM is also consistent with the GAO/CIGIE Financial Audit Manual and NIST Special Publication 800-53.

View the Current FISCAM


GAO Contacts

For technical or practice questions regarding the FISCAM, please e-mail or contact Dawn B. Simpson at (202) 512-3406 or