This document has been superseded by GAO-09-232G. GAO published a manual to provide auditors guidance for evaluating internal controls over the integrity, confidentiality, and availability of data maintained in computer-based information systems. The manual's sections provide detailed guidance on evaluating and testing computer-based controls, including guidance on:(1) identifying the auditee's significant computer-supported operations, assessing the risk associated with these operations, and identifying the controls to be tested; (2) control objectives and commonly used control techniques, as well as audit procedures; and (3) common application control objectives and related control techniques, as well as suggested audit procedures. This 2001 release of the FISCAM document has been reformatted from the January 1999 version. It includes only formatting changes, refers to several different GAO documents, and adds hypertext links to GAO referenced documents; No other content has been modified or updated from the January 1999 release.
Skip to Highlights