The Government Accountability Office (GAO) has issued an update to the Federal Information System Controls Audit Manual (FISCAM), which provides auditors with a methodology and framework for evaluating information systems controls.
The new revision replaces the 2009 version of FISCAM. GAO said this update reflects changes in auditing standards, guidance, control criteria, and technology.
The announcement comes after GAO issued a draft version of the FISCAM update for public comment in July 2023.
“Given the extensive use of information systems in government operations, information system controls are integral to an entity’s internal control system – a continuous built-in component of operations, effected by people, that provides reasonable assurance, not absolute assurance, that an entity’s objectives will be achieved,” said Dawn Simpson, a director on GAO’s Financial Management and Assurance team. “An information system controls assessment is an essential component of an auditor’s examination of an entity’s internal control system.”
“This revision of FISCAM has gone through an extensive deliberative process, including focus groups; interviews with internal and external officials, stakeholders, and users; and the collection and incorporation of public comments,” Simpson added. “The views of all parties were thoroughly considered in finalizing the 2024 revision of FISCAM.”
GAO said the 2024 FISCAM revision is effective for engagements beginning on or after Oct. 1, 2024.
A key update to the guidance is that all sections are presented in a reorganized format that clearly differentiates between the introductory material, the planning phase, the testing phase, the reporting phase, the framework, and the methodology.
Additionally, GAO said that the framework is updated to align with the Standards for Internal Control in the Federal Government, also known as the Green Book. GAO also updated the appendixes to provide additional guidance to assist the auditor in applying the methodology and framework.
