Federal Information System Controls Audit Manual
Fast Facts
Given the extensive use of information systems in government operations, it is essential that federal agencies have effective controls over these systems.
The Federal Information System Controls Audit Manual (FISCAM) provides auditors a methodology and framework for assessing the design, implementation, and operating effectiveness of information system controls in accordance with the Yellow Book.
This June 2026 revision replaces the 2024 version of FISCAM.

Federal Information System Controls Audit Manual cover page.
Highlights
The U.S. Government Accountability Office (GAO) and the Council of the Inspectors General on Integrity and Efficiency (CIGIE) worked jointly on this revision of the Federal Information System Controls Audit Manual (FISCAM), marking a major milestone in partnership and a shared commitment to strengthening and clarifying audit guidance.
For more information, please visit the main FISCAM page, or contact Dawn B. Simpson at simpsondb@gao.gov.