Federal Information System Controls Audit Manual (FISCAM)

U.S. Government Accountability Office

Federal Information System Controls Audit Manual (FISCAM)

GAO-09-232G: Published: Feb 2, 2009. Publicly Released: Feb 2, 2009.

Highlights

View Report (PDF, 601 pages)

Share This:

Additional Materials:

Full Report:
- View Report (PDF, 601 pages)
Accessible Text:
- (HTML text file)

Contact:

Robert F. Dacey
(202) 512-3317
contact@gao.gov

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

FISCAM presents a methodology for performing information system (IS) control audits of federal and other governmental entities in accordance with professional standards. This version supersedes the prior version, Federal Information System Controls Audit Manual: Volume I Financial Statement Audits, AIMD-12.19.6, January 1, 2001. The FISCAM is designed to be used primarily on financial and performance audits and attestation engagements performed in accordance with GAGAS, as presented in Government Auditing Standards (also know as the "Yellow Book"). The FISCAM is consistent with the GAO/PCIE Financial Audit Manual (FAM). Also, FISCAM control activities are consistent with NIST Special Publication 800-53 and all SP800-53 controls have been mapped to the FISCAM. The FISCAM, which is consistent with NIST and other criteria, is organized to facilitate effective and efficient IS control audits. Specifically, the methodology in the FISCAM incorporates the following: (1) A top-down, risk-based approach that considers materiality and significance in determining effective and efficient audit procedures; (2) Evaluation of entitywide controls and their effect on audit risk; (3) Evaluation of general controls and their pervasive impact on business process application controls; (4) Evaluation of security management at all levels (entitywide, system, and business process application levels); (5) A control hierarchy (control categories, critical elements, and control activities) to assist in evaluating the significance of identified IS control weaknesses; (6) Groupings of control categories consistent with the nature of the risk; and (7) Experience gained in GAO's performance and review of IS control audits, including field testing the concepts in this revised FISCAM.

View Report (PDF)

Find Recent Work on Auditing and Financial Management »

Explore Related Key Issues »

Sep 10, 2020

Grants Management:
Agencies Provided Many Types of Technical Assistance and Applied Recipients' Feedback
GAO-20-580: Published: Aug 11, 2020. Publicly Released: Sep 10, 2020.

Sep 9, 2020

Defense Real Property:
DOD-Wide Strategy Needed to Address Control Issues and Improve Reliability of Records
GAO-20-615: Published: Sep 9, 2020. Publicly Released: Sep 9, 2020.

Jun 10, 2020

Civil Monetary Penalties:
Review of Federal Agencies' Compliance with the 2019 Annual Inflation Adjustment Requirements
GAO-20-538R: Published: Jun 10, 2020. Publicly Released: Jun 10, 2020.

Jun 8, 2020

Inspectors General:
Independence Principles and Considerations for Reform
GAO-20-639R: Published: Jun 8, 2020. Publicly Released: Jun 8, 2020.

May 21, 2020

Congressional Award Foundation:
Review of the Audit of the Financial Statements for Fiscal Year 2019
GAO-20-539R: Published: May 21, 2020. Publicly Released: May 21, 2020.

Mar 31, 2020

Management Report:
Improvements Needed in the Bureau of the Fiscal Service's Information System Controls Related to the Schedule of Federal Debt
GAO-20-376R: Published: Mar 31, 2020. Publicly Released: Mar 31, 2020.
Management Report:
Improvements Needed in the Bureau of the Fiscal Service’s Information System Controls Related to the Schedules of the General Fund
GAO-20-399R: Published: Mar 31, 2020. Publicly Released: Mar 31, 2020.

Looking for more? Browse all our products here

Explore our Key Issues on Auditing and Financial Management

Explore our other Key Issues here