What does ISYSCON stand for?

This version supersedes the prior version, Federal Information System Controls Audit Manual: Volume I Financial Statement Audits, AIMD-12.

This principle-based framework defines the highest levels of ethics, integrity, communications, monitoring, and information system controls.

COSO identifies two broad groupings of information system control activities that organizations should assess: General controls apply to all information systems and support secure and continuous operation.

Although FDIC has made significant progress improving its information system controls, old and new weaknesses could limit the corporation's ability to effectively protect the confidentiality, integrity, and availability of its financial systems and information.

The firm's ISAAS professionals provide a broad range of information technology-related services, including assessing information system controls and processes, evaluating and improving information security, advising on client/server application controls, assisting internal audit functions, providing in-depth analysis of electronic data, and developing business continuity plans.

GAO noted other less significant matters involving FDIC's internal controls, including information system controls, and will be reporting separately to FDIC management on these matters.

GAO also found that SEC has not effectively implemented information system controls to protect the integrity, confidentiality, and availability of its financial and sensitive data, increasing the risk of unauthorized disclosure, modification, or loss of the data, possibly without detection.

A key reason for SEC's information system control weaknesses is that the commission has not fully developed and implemented a comprehensive agency information security program to provide reasonable assurance that effective controls are established and maintained and that information security receives sufficient management attention.