Federal Information System Controls Audit Manual

Overview

Since 1999, Federal Information System Controls Audit Manual (FISCAM) has provided guidance consistent with the Yellow Book to a wide range of auditors and audit organizations that conduct information system controls assessments.

FISCAM 2023 Exposure Draft

We are proposing an update to the FISCAM to reflect changes in auditing standards, guidance, control criteria, and technology since our last revision in February 2009.

We are seeking public comment on our proposed revision. Please send your written comments using our fillable form (DOCX, 12 pages) to FISCAM@gao.gov no later than October 18, 2023.

View the 2023 Exposure Draft

Current FISCAM

FISCAM presents a methodology for assessing the design, implementation, and operating effectiveness of information system controls. The FISCAM methodology is designed to be used primarily on financial audits, performance audits and attestation engagements in accordance with generally accepted government auditing standards. FISCAM is also consistent with the GAO/CIGIE Financial Audit Manual and NIST Special Publication 800-53.

View the Current FISCAM

Resources

Yellow Book

Generally Accepted Government Auditing Standards (GAGAS), also known as the Yellow Book, provides the preeminent standards for government auditing.

The Green Book

Standards for Internal Control in the Federal Government, known as the Green Book, sets standards for federal agencies on the policies and procedures they employ to ensure effective resource use in fulfilling their mission, goals, objectives...

The Green Book

Financial Audit Manual

The Financial Audit Manual (FAM) presents a methodology for performing financial statement audits of federal entities in accordance with professional standards.

Financial Audit Manual

Artificial Intelligence

This report identifies key accountability practices—centered around the principles of governance, data, performance, and monitoring—to help federal agencies and others use AI responsibly.

A photo of GAO headquarters in Washington DC. The sign in the photo reads "Government Accountability Office."

Assessing Data Reliability

We published this guide to help auditors assess the reliability of data. It provides a risk-based framework for data reliability assessments that can be geared to the specific circumstances of each engagement.

GAO Contacts

For technical or practice questions regarding the FISCAM, please e-mail FISCAM@gao.gov or contact Dawn B. Simpson at (202) 512-3406 or SimpsonDB@gao.gov.