Why It Matters
The Government Accountability Office (GAO) released a revised Federal Information System Controls Audit Manual (FISCAM) on Monday, June 29 (GAO-26-108633), replacing the 2024 version. The new 493-page manual updates FISCAM's methodology to reflect changes in auditing standards and current security control frameworks. For auditors, agency IT leaders and oversight officials, the revision sets the baseline Washington expects auditors to use when evaluating information system controls under the Yellow Book, the Government Auditing Standards.
The Big Picture
FISCAM is technical guidance, not an investigative report, developed jointly by GAO and the Council of the Inspectors General on Integrity and Efficiency (CIGIE) alongside their Financial Audit Manual. Auditors use it for financial audits, attestation engagements and performance audits.
The manual covers three control categories, user, application and general, covering how agencies secure systems, protect data and validate financial transactions. Because Inspectors General operate inside individual agencies while GAO serves as Congress's independent watchdog, their joint standards carry weight across the federal audit community.
FISCAM is aimed at auditors, not the agencies themselves, giving GAO auditors and Inspectors General a shared framework to evaluate IT security and financial controls consistently, whether at the Department of Defense or Health and Human Services. The manual originated as a GAO-initiated guidance document, not a congressionally mandated audit, reflecting GAO's own judgment on audit best practices rather than a response to a specific directive.
The Bottom Line
The June revision reflects GAO's assessment of where audit methodology stands as of mid-2026, incorporating the latest NIST security guidance, Financial Audit Manual updates and Government Auditing Standards. Auditors will use it as the reference document for designing audits and evaluating whether agencies have adequate information system controls.
GAO's Financial Management and Assurance office, led by Director Dawn B. Simpson, oversaw the revision. The GAO's Office of Public Affairs, managed by Sarah Kaczmarek, serves as the media contact for questions about the manual.
Access the Legis1 platform for comprehensive political news, data, and insights.
Spot something wrong? Report an issue with this article
