Federal Information System Controls Audit Manual (FISCAM)
GAO-09-232G: Published: Feb 2, 2009. Publicly Released: Feb 2, 2009.
Additional Materials:
- Full Report:
- Accessible Text:
Contact:
(202) 512-3317
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
FISCAM presents a methodology for performing information system (IS) control audits of federal and other governmental entities in accordance with professional standards. This version supersedes the prior version, Federal Information System Controls Audit Manual: Volume I Financial Statement Audits, AIMD-12.19.6, January 1, 2001. The FISCAM is designed to be used primarily on financial and performance audits and attestation engagements performed in accordance with GAGAS, as presented in Government Auditing Standards (also know as the "Yellow Book"). The FISCAM is consistent with the GAO/PCIE Financial Audit Manual (FAM). Also, FISCAM control activities are consistent with NIST Special Publication 800-53 and all SP800-53 controls have been mapped to the FISCAM. The FISCAM, which is consistent with NIST and other criteria, is organized to facilitate effective and efficient IS control audits. Specifically, the methodology in the FISCAM incorporates the following: (1) A top-down, risk-based approach that considers materiality and significance in determining effective and efficient audit procedures; (2) Evaluation of entitywide controls and their effect on audit risk; (3) Evaluation of general controls and their pervasive impact on business process application controls; (4) Evaluation of security management at all levels (entitywide, system, and business process application levels); (5) A control hierarchy (control categories, critical elements, and control activities) to assist in evaluating the significance of identified IS control weaknesses; (6) Groupings of control categories consistent with the nature of the risk; and (7) Experience gained in GAO's performance and review of IS control audits, including field testing the concepts in this revised FISCAM.
Mar 29, 2019
Patient-Centered Outcomes Research Institute:
Review of the Audit of the Financial Statements for Fiscal Year 2018GAO-19-413R: Published: Mar 29, 2019. Publicly Released: Mar 29, 2019.
Mar 28, 2019
-
Financial Audit:
Fiscal Years 2018 and 2017 Consolidated Financial Statements of the U.S. GovernmentGAO-19-294R: Published: Mar 28, 2019. Publicly Released: Mar 28, 2019.
Mar 26, 2019
-
Management Report:
Areas for Improvement in the Federal Reserve Banks' Information System ControlsGAO-19-304R: Published: Mar 26, 2019. Publicly Released: Mar 26, 2019. -
Management Report:
Improvements Needed in the Bureau of the Fiscal Service's Information System ControlsGAO-19-302R: Published: Mar 26, 2019. Publicly Released: Mar 26, 2019.
Feb 14, 2019
-
Financial Audit:
Federal Deposit Insurance Corporation Funds' 2018 and 2017 Financial StatementsGAO-19-295R: Published: Feb 14, 2019. Publicly Released: Feb 14, 2019.
Jan 31, 2019
-
National Nuclear Security Administration:
Additional Actions Needed to Collect Common Financial DataGAO-19-101: Published: Jan 31, 2019. Publicly Released: Jan 31, 2019.
Jan 10, 2019
-
Improper Payments:
Selected Agencies Need Improvements in Their Assessments to Better Determine and Document Risk SusceptibilityGAO-19-112: Published: Jan 10, 2019. Publicly Released: Jan 10, 2019.
Dec 7, 2018
-
Improper Payments:
Additional Guidance Needed to Improve Oversight of Agencies with Noncompliant ProgramsGAO-19-14: Published: Dec 7, 2018. Publicly Released: Dec 7, 2018. -
Treasury Judgment Fund:
Transparency and Reliability Needed in Reporting Fund Balances and ActivitiesGAO-19-44: Published: Dec 7, 2018. Publicly Released: Dec 7, 2018.
Nov 15, 2018
-
Financial Audit:
Bureau of Consumer Financial Protection's Fiscal Years 2018 and 2017 Financial StatementsGAO-19-184R: Published: Nov 15, 2018. Publicly Released: Nov 15, 2018.
Looking for more? Browse all our products here
Explore our Key Issues on Auditing and Financial Management
- Department of Energy's Contract Management for the National Nuclear Security Administration and Office of Environmental Management - High Risk Issue
- DHS Management - High Risk Issue
- DOD Business Systems Modernization - High Risk Issue
- DOD Financial Management - High Risk Issue
- Federal Financial Accountability
- Medicaid - High Risk Issue
- Medicare - High Risk Issue
- Reducing Government-wide Improper Payments
- U.S. Government's Environmental Liability - High Risk Issue
Explore our other Key Issues here
