Employee Links


FISCAM & Application Reviews

Kompsys > Vulnerability Assessments > FISCAM & Application Reviews

KOMPSYS information assurance group provides support for financial auditors performing Federal Financial Statement Audits.


To complete this work we follow the GAO’s Federal Information System Controls Audit Manual (FISCAM) which outlines audit procedures for conducting IT audit work for financial statement audits.  We conduct our general and application controls reviews using the newest version of FISCAM, which was released by the GAO in February 2009. The new version includes eight general and application control areas:


  • Security Management (SM)
  • Access Controls (AC)
  • Configuration Management (CM)
  • Segregation of Duties (SD)
  • Continuity Planning (CP)
  • Application Level General Controls
  • Business Process Controls
  • Interface Controls

In addition to application control work performed in support of financial statement audits, we also perform:


  • Pre-implementation
  • Post implementation
  • Certification and accreditations
  • Independent validation and verification