Overview
Since 1999, Federal Information System Controls Audit Manual (FISCAM) has provided guidance consistent with the Yellow Book to a wide range of auditors and audit organizations that conduct information system controls assessments.
FISCAM 2023 Exposure Draft
We are proposing an update to the FISCAM to reflect changes in auditing standards, guidance, control criteria, and technology since our last revision in February 2009.
We are seeking public comment on our proposed revision. Please send your written comments using our fillable form (DOCX, 12 pages) to FISCAM@gao.gov no later than October 18, 2023.
Current FISCAM
FISCAM presents a methodology for assessing the design, implementation, and operating effectiveness of information system controls. The FISCAM methodology is designed to be used primarily on financial audits, performance audits and attestation engagements in accordance with generally accepted government auditing standards. FISCAM is also consistent with the GAO/CIGIE Financial Audit Manual and NIST Special Publication 800-53.
GAO Contacts
For technical or practice questions regarding the FISCAM, please e-mail FISCAM@gao.gov or contact Dawn B. Simpson at (202) 512-3406 or SimpsonDB@gao.gov.