Federal Information System Controls Audit Manual (FISCAM) 2024 Revision

GAO-24-107026 Published: Sep 05, 2024. Publicly Released: Sep 05, 2024.

Fast Facts

Given the extensive use of information systems in government operations, it is essential that federal agencies have effective controls over these systems.

The Federal Information System Controls Audit Manual (FISCAM) provides auditors a methodology and framework for assessing the design, implementation, and operating effectiveness of these controls in accordance with the Yellow Book.

This September 2024 revision replaces the 2009 version of FISCAM. This update reflects changes in auditing standards, guidance, control criteria, and technology.

Graphic showing a cover for the Federal Information System Controls Audit Manual (FISCAM) September 2024.

Highlights

GAO maintains the Federal Information System Controls Audit Manual (FISCAM). The 2024 revision of FISCAM has gone through an extensive deliberative process, including focus groups; interviews with internal and external officials, stakeholders, and users; and the collection and incorporation of public comments. The views of all parties were thoroughly considered in finalizing the 2024 revision of FISCAM.

For more information, please visit the main FISCAM page, or contact Dawn B. Simpson at (202) 512-3406.

Effective Date

The 2024 revision of FISCAM is effective for engagements beginning on or after October 1, 2024.

Full Report

Full Report (506 pages)

GAO Contacts

Dawn B. Simpson

Director

simpsondb@gao.gov

(202) 512-3406

Office of Public Affairs

Sarah Kaczmarek

Acting Managing Director

kaczmareks@gao.gov

(202) 512-4800

Topics

Auditing and Financial Management

Information systemsGovernment auditing standardsInformation securityInternal controlsPrivacyInformation security managementAuditorsFederal Information Processing StandardsInformation technologySoftware