Overview
The Federal Information System Controls Audit Manual (FISCAM) presents a methodology for auditing information system controls in federal and other governmental entities. This methodology is in accordance with professional standards.
About FISCAM
As computer technology has advanced, federal agencies and other government entities have become dependent on computerized information systems to carry out their operations. To help ensure the proper operation of these systems, FISCAM provides auditors with specific guidance for evaluating the confidentiality, integrity, and availability of information systems consistent with
- Generally Accepted Government Auditing Standards, also known as the Yellow Book; and
- The Financial Audit Manual.
FISCAM is also consistent with National Institute of Standards and Technology's (NIST) guidelines for complying with the Federal Information Security Modernization Act of 2014 (FISMA). This law requires federal agencies to develop, document, and implement agency-wide programs to ensure information security. NIST Special Publication 800-53 provides recommended security controls for federal information systems and organizations, and appendix 3 of FISCAM provides a crosswalk to those controls.
How to Access FISCAM
You may download the entire FISCAM in PDF format. You may also download appendixes 1-3 as a zipped Word document to enter data to support the gathering and analysis of audit evidence.
GAO Contacts
For technical or practice questions regarding the Federal Information System Controls Audit Manual, please e-mail FISCAM@gao.gov.