Which manual provides methodologies for performing IS controls audits?

The Federal Information System Control Audit Manual is specifically designed to provide methodologies and guidance for conducting audits of information systems controls. It outlines a framework for auditors to assess the effectiveness of controls that safeguard federal information systems, ensuring compliance with relevant regulations and standards.

This manual includes best practices for evaluating the design and operational effectiveness of systems' internal controls, particularly in the context of information security. By utilizing this manual, auditors can establish a systematic approach to auditing that comprehensively addresses the risks and requirements associated with federal information systems.

In contrast, the Financial Audit Manual focuses on financial controls rather than specific information systems controls, and NIST Security Guidelines provide broader cybersecurity frameworks rather than audit-specific methodologies. OMB Circular No A-130 outlines policy for the management of federal information resources and while it discusses information security, it does not serve as an audit guide. Thus, the Federal Information System Control Audit Manual is the most relevant resource for conducting IS controls audits.