Skip to main content

Federal Information System Controls Audit Manual (FISCAM) 2024 Revision

GAO-24-107026 Published: Sep 05, 2024. Publicly Released: Sep 05, 2024.
Jump To:

Fast Facts

Given the extensive use of information systems in government operations, it is essential that federal agencies have effective controls over these systems.

The Federal Information System Controls Audit Manual (FISCAM) provides auditors a methodology and framework for assessing the design, implementation, and operating effectiveness of these controls in accordance with the Yellow Book.

This September 2024 revision replaces the 2009 version of FISCAM. This update reflects changes in auditing standards, guidance, control criteria, and technology.

Graphic showing a cover for the Federal Information System Controls Audit Manual (FISCAM) September 2024.

Skip to Highlights

Highlights

GAO maintains the Federal Information System Controls Audit Manual (FISCAM). The 2024 revision of FISCAM has gone through an extensive deliberative process, including focus groups; interviews with internal and external officials, stakeholders, and users; and the collection and incorporation of public comments. The views of all parties were thoroughly considered in finalizing the 2024 revision of FISCAM.

For more information, please visit the main FISCAM page, or contact Dawn B. Simpson at (202) 512-3406.

Effective Date

The 2024 revision of FISCAM is effective for engagements beginning on or after October 1, 2024.

Full Report

GAO Contacts

Topics

AuditorsAuditing proceduresGovernment auditing standardsFederal Information Processing StandardsGovernment operationsInformation securityInformation security managementInformation systemsInternal controlsPrivacy