Federal Information System Controls Audit Manual (FISCAM)
GAO-09-232G: Published: Feb 2, 2009. Publicly Released: Feb 2, 2009.
Additional Materials:
- Full Report:
- Accessible Text:
Contact:
(202) 512-3317
contact@gao.gov
Office of Public Affairs
(202) 512-4800
youngc1@gao.gov
FISCAM presents a methodology for performing information system (IS) control audits of federal and other governmental entities in accordance with professional standards. This version supersedes the prior version, Federal Information System Controls Audit Manual: Volume I Financial Statement Audits, AIMD-12.19.6, January 1, 2001. The FISCAM is designed to be used primarily on financial and performance audits and attestation engagements performed in accordance with GAGAS, as presented in Government Auditing Standards (also know as the "Yellow Book"). The FISCAM is consistent with the GAO/PCIE Financial Audit Manual (FAM). Also, FISCAM control activities are consistent with NIST Special Publication 800-53 and all SP800-53 controls have been mapped to the FISCAM. The FISCAM, which is consistent with NIST and other criteria, is organized to facilitate effective and efficient IS control audits. Specifically, the methodology in the FISCAM incorporates the following: (1) A top-down, risk-based approach that considers materiality and significance in determining effective and efficient audit procedures; (2) Evaluation of entitywide controls and their effect on audit risk; (3) Evaluation of general controls and their pervasive impact on business process application controls; (4) Evaluation of security management at all levels (entitywide, system, and business process application levels); (5) A control hierarchy (control categories, critical elements, and control activities) to assist in evaluating the significance of identified IS control weaknesses; (6) Groupings of control categories consistent with the nature of the risk; and (7) Experience gained in GAO's performance and review of IS control audits, including field testing the concepts in this revised FISCAM.
Feb 18, 2021
-
Financial Audit:
Federal Deposit Insurance Corporation Funds' 2020 and 2019 Financial StatementsGAO-21-284R: Published: Feb 18, 2021. Publicly Released: Feb 18, 2021.
Nov 16, 2020
-
Financial Audit:
Bureau of Consumer Financial Protection's FY 2020 and FY 2019 Financial StatementsGAO-21-174R: Published: Nov 16, 2020. Publicly Released: Nov 16, 2020. -
Financial Audit:
Federal Housing Finance Agency's FY 2020 and FY 2019 Financial StatementsGAO-21-201R: Published: Nov 16, 2020. Publicly Released: Nov 16, 2020. -
Financial Audit:
Securities and Exchange Commission's FY 2020 and FY 2019 Financial StatementsGAO-21-192R: Published: Nov 16, 2020. Publicly Released: Nov 16, 2020.
Nov 10, 2020
-
Financial Audit:
IRS's FY 2020 and FY 2019 Financial StatementsGAO-21-162: Published: Nov 10, 2020. Publicly Released: Nov 10, 2020. -
Financial Audit:
Office of Financial Stability's (Troubled Asset Relief Program) FY 2020 and FY 2019 Financial StatementsGAO-21-173R: Published: Nov 10, 2020. Publicly Released: Nov 10, 2020.
Nov 9, 2020
-
Financial Audit:
Bureau of the Fiscal Service's FY 2020 and FY 2019 Schedules of Federal DebtGAO-21-124: Published: Nov 9, 2020. Publicly Released: Nov 9, 2020.
Nov 6, 2020
-
FY 2020 Excise Tax:
Agreed-Upon Procedures Related to Distributions to Trust FundsGAO-21-163R: Published: Nov 6, 2020. Publicly Released: Nov 6, 2020.
Oct 13, 2020
-
DOD Financial Management:
Continued Efforts Needed to Correct Material Weaknesses Identified in Financial Statement AuditsGAO-21-157: Published: Oct 13, 2020. Publicly Released: Oct 13, 2020.
Sep 30, 2020
-
Financial Management:
DOD Needs to Implement Comprehensive Plans to Improve Its Systems EnvironmentGAO-20-252: Published: Sep 30, 2020. Publicly Released: Sep 30, 2020.
Looking for more? Browse all our products here