The Government Accountability Office (GAO) is seeking public input through Oct. 18 on work that the watchdog agency plans to update its guidelines on evaluating information systems controls.
Those guidelines – encompassed in the Federal Information Systems Controls Audit Manual – will be updated to reflect changes in auditing standards, guidance, control criteria, and technology, GAO said. FISCAM was last updated in 2009.
“FISCAM presents a methodology for assessing the design, implementation, and operating effectiveness of information system controls,” GAO explained. It said the “FISCAM methodology is designed to be used primarily on financial audits, performance audits and attestation engagements in accordance with generally accepted government auditing standards.”
FISCAM is also consistent with the GAO/CIGIE Financial Audit Manual and NIST Special Publication 800-53, the agency said.
“Information in computer systems is essential to practically every aspect of government operations,” GAO said. “FISCAM guides auditors in using government standards to evaluate the effectiveness of controls over these systems. Effective controls can help safeguard data, prevent the disruption of government services, and much more.”
The agency pointed to an “exposure draft” on its proposed changes to the manual that reflect input already received from stakeholders. The proposed changes cover numerous areas of the manual, including planning, testing, and reporting phases.
Comments should be delivered to FISCAM@gao.gov.