Federal Information System Controls Audit Manual
The Federal Information System Controls Audit Manual (FISCAM) presents a methodology for auditing information system controls in federal and other governmental entities. This methodology is in accordance with professional standards.
As computer technology has advanced, federal agencies and other government entities have become dependent on computerized information systems to carry out their operations. To help ensure the proper operation of these systems, FISCAM provides auditors with specific guidance for evaluating the confidentiality, integrity, and availability of information systems consistent with
- Generally Accepted Government Auditing Standards, also known as the Yellow Book; and
- The Financial Audit Manual.
FISCAM is also consistent with National Institute of Standards and Technology's (NIST) guidelines for complying with the Federal Information Security Modernization Act of 2014 (FISMA). This law requires federal agencies to develop, document, and implement agency-wide programs to ensure information security. NIST Special Publication 800-53 provides recommended security controls for federal information systems and organizations, and appendix 3 of FISCAM provides a crosswalk to those controls.
How to Access FISCAM
Related Standards and Guidance
Government Auditing Standards, also known as the Yellow Book, provide a framework for conducting high quality audits with competence, integrity, objectivity, and independence.
The Financial Audit Manual presents a methodology to perform financial statement audits of federal entities in accordance with professional standards.
Standards for Internal Control in the Federal Government, known as the Green Book, sets standards for federal agencies on the policies and procedures they employ to ensure effective resource use in fulfilling their mission, goals, objectives, and strategic plan.
For technical or practice questions regarding the Federal Information System Controls Audit Manual, please e-mail FISCAM@gao.gov.