State Codes and Statutes

Statutes > North-carolina > Chapter_147 > GS_147-64_6

§ 147‑64.6.  Duties andresponsibilities.

(a)        It is the policy ofthe General Assembly to provide for the auditing of State agencies by theimpartial, independent State Auditor.

(b)        The duties of theAuditor are independently to examine into and make findings of fact on whetherState agencies:

(1)        Have establishedadequate operating and administrative procedures and practices; systems ofaccounting, reporting and auditing; and other necessary elements of legislativeor management control.

(2)        Are providing financialand other reports which disclose fairly, consistently, fully, and promptly allinformation needed to show the nature and scope of programs and activities andhave established bases for evaluating the results of such programs andoperations.

(3)        Are promptlycollecting, depositing, and properly accounting for all revenues and receiptsarising from their activities.

(4)        Are conductingprograms and activities and expending funds made available in a faithful,efficient, and economical manner in compliance with and in furtherance ofapplicable laws and regulations of the State, and, if applicable, federal lawand regulation.

(5)        Are determining thatthe authorized activities or programs effectively serve the intent and purposeof the General Assembly and, if applicable, federal law and regulation.

(c)        The Auditor shallbe responsible for the following acts and activities:

(1)        Audits made orcaused to be made by the Auditor shall be conducted in accordance withgenerally accepted auditing standards as prescribed by the American Instituteof Certified Public Accountants, the United States General Accounting Office,or other professionally recognized accounting standards‑setting bodies.

(2)        Financial andcompliance audits may be made at the discretion of the Auditor without advancenotice to the organization being audited. Audits of economy and efficiency andprogram results shall be discussed in advance with the prospective auditeeunless an unannounced visit is essential to the audit.

(3)        The Auditor, on hisown initiative and as often as he deems necessary, or as requested by theGovernor or the General Assembly, shall, to the extent deemed practicable andconsistent with his overall responsibility as contained in this act, make orcause to be made audits of all or any part of the activities of the Stateagencies.

(4)        The Auditor, at hisown discretion, may, in selecting audit areas and in evaluating current auditactivity, consider and utilize, in whole or in part, the relevant auditcoverage and applicable reports of the audit staffs of the various Stateagencies, independent contractors, and federal agencies. He shall coordinate,to the extent deemed practicable, the auditing conducted within the State tomeet the needs of all governmental bodies.

(5)        The Auditor isauthorized to contract with federal audit agencies, or any governmental agency,on a cost reimbursable basis, for the Auditor to perform audits of federalgrants and programs administered by the State Departments and institutions inaccordance with agreements negotiated between the Auditor and the contractingfederal audit agencies or any governmental agency. In instances where thegrantee State agency shall subgrant these federal funds to local governments,regional councils of government and other local groups or private orsemiprivate institutions or agencies, the Auditor shall have the authority toexamine the books and records of these subgrantees to the extent necessary todetermine eligibility and proper use in accordance with State and federal lawsand regulations.

TheAuditor shall charge and collect from the contracting federal audit agencies,or any governmental agencies, the actual cost of all the audits of the grantsand programs contracted by him to do. Amounts collected under these arrangementsshall be deposited in the State Treasury and be budgeted in the Department ofState Auditor and shall be available to hire sufficient personnel to performthese contracted audits and to pay for related travel, supplies and othernecessary expenses.

(6)        The Auditor isauthorized and directed in his reports of audits or reports of specialinvestigations to make any comments, suggestions, or recommendations he deemsappropriate concerning any aspect of such agency's activities and operations.

(7)        The Auditor shallcharge and collect from each examining and licensing board the actual cost ofeach audit of such board. Costs collected under this subdivision shall be basedon the actual expense incurred by the Auditor's office in making such audit andthe affected agency shall be entitled to an itemized statement of such costs.Amounts collected under this subdivision shall be deposited into the generalfund as nontax revenue.

(8)        The Auditor shallexamine as often as may be deemed necessary the accounts kept by the Treasurer,and if he discovers any irregularity or deficiency therein, unless the same berectified or explained to his satisfaction, report the same forthwith inwriting to the General Assembly, with copy of such report to the Governor and AttorneyGeneral. In addition to regular audits, the Auditor shall check the treasuryrecords at the time a Treasurer assumes office (not to succeed himself), andtherein charge him with the balance in the treasury, and shall check theTreasurer's records at the time he leaves office to determine that the accountsare in order.

(9)        The Auditor mayexamine the accounts and records of any bank or financial institution relatingto transactions with the State Treasurer, or with any State agency, or he mayrequire banks doing business with the State to furnish him information relatingto transactions with the State or State agencies.

(10)      The Auditor may, asoften as he deems advisable, conduct a detailed review of the bookkeeping andaccounting systems in use in the various State agencies which are supportedpartially or entirely from State funds. Such examinations will be for thepurpose of evaluating the adequacy of systems in use by these agencies andinstitutions. In instances where the Auditor determines that existing systemsare outmoded, inefficient, or otherwise inadequate, he shall recommend changesto the State Controller. The State Controller shall prescribe and supervise theinstallation of such changes, as provided in G.S. 143B‑426.39(2).

(11)      The Auditor shall,through appropriate tests, satisfy himself concerning the propriety of the datapresented in the Comprehensive Annual Financial Report and shall express theappropriate auditor's opinion in accordance with generally accepted auditingstandards.

(12)      The Auditor shallprovide a report to the Governor and Attorney General, and other appropriateofficials, of such facts as are in his possession which pertain to the apparentviolation of penal statutes or apparent instances of malfeasance, misfeasance,or nonfeasance by an officer or employee.

(13)      At the conclusion ofan audit, the Auditor or his designated representative shall discuss the auditwith the official whose office is subject to audit and submit necessaryunderlying facts developed for all findings and recommendations which may beincluded in the audit report. On audits of economy and efficiency and programresults, the auditee's written response shall be included in the final reportif received within 30 days from receipt of the draft report.

(14)      The Auditor shallnotify the General Assembly, the Governor, the Chief Executive Officer of eachagency audited, and other persons as the Auditor deems appropriate that anaudit report has been published, its subject and title, and the locations, includingState libraries, at which the report is available. The Auditor shall thendistribute copies of the report only to those who request a report. The copiesshall be in written or electronic form, as requested. He shall also file a copyof the audit report in the Auditor's office, which will be a permanent publicrecord; Provided, nothing in this subsection shall be construed as authorizingor permitting the publication of information whose disclosure is otherwiseprohibited by law.

(15)      It is not the intentof the audit function, nor shall it be so construed, to infringe upon ordeprive the General Assembly and the executive or judicial branches of Stategovernment of any rights, powers, or duties vested in or imposed upon them bystatute or the Constitution.

(16)      The Auditor shall beresponsible for receiving reports of allegations of the improper governmentalactivities as provided in G.S. 147‑64.6B. The Auditor shall adoptpolicies and procedures necessary to provide for the investigation or referralof these allegations.

(17)      Repealed by SessionLaws 2009‑136, s. 2, effective June 19, 2009.

(18)      The Auditor shall,after consultation and in coordination with the State Chief InformationOfficer, assess, confirm, and report on the security practices of informationtechnology systems. If an agency has adopted standards pursuant to G.S. 147‑33.111(a),the audit shall be in accordance with those standards. The Auditor's assessmentof information security practices shall include an assessment of network vulnerability.The Auditor may conduct network penetration or any similar procedure as theAuditor may deem necessary. The Auditor may enter into a contract with a Stateagency under G.S. 147‑33.111(c) for an assessment of networkvulnerability, including network penetration or any similar procedure. Anycontract with the Auditor for the assessment and testing shall be on a cost‑reimbursementbasis. The Auditor may investigate reported information technology securitybreaches, cyber attacks, and cyber fraud in State government. The Auditor shallissue public reports on the general results of the reviews undertaken pursuantto this subdivision but may provide agencies with detailed reports of thesecurity issues identified pursuant to this subdivision which shall not bedisclosed as provided in G.S. 132‑6.1(c). The Auditor shall provide theState Chief Information Officer with detailed reports of the security issuesidentified pursuant to this subdivision. For the purposes of this subdivisiononly, the Auditor is exempt from the provisions of Article 3 of Chapter 143 ofthe General Statutes in retaining contractors.

(19)      Whenever the Auditorbelieves that information received or collected by the Auditor may be evidenceof a violation of any of the provisions of Chapter 138A of the GeneralStatutes, Chapter 120C of the General Statutes, or Article 14 of Chapter 120 ofthe General Statutes, the Auditor shall report that information to the StateEthics Commission and the Secretary of State as appropriate. The Auditor shallbe bound by interpretations issued by the State Ethics Commission as to whetheror not any information reported by the Auditor under this subdivision involvesor may involve a violation of Chapter 138A of the General Statutes, Chapter120C of the General Statutes, or Article 14 of Chapter 120 of the GeneralStatutes. Nothing in this subdivision shall be construed to limit the Auditor'sauthority under subdivision (1) of this subsection.

(d)        Reports and WorkPapers. – The Auditor shall maintain for 10 years a complete file of all auditreports and reports of other examinations, investigations, surveys, and reviewsissued under the Auditor's authority. Audit work papers and other evidence andrelated supportive material directly pertaining to the work of the Auditor'soffice shall be retained according to an agreement between the Auditor andState Archives. To promote intergovernmental cooperation and avoid unnecessaryduplication of audit effort, and notwithstanding the provisions of G.S. 126‑24,pertinent work papers and other supportive material related to issued auditreports may be, at the discretion of the Auditor and unless otherwiseprohibited by law, made available for inspection by duly authorizedrepresentatives of the State and federal government who desire access to andinspection of such records in connection with some matter officially beforethem, including criminal investigations.

Except as provided in thissection, or upon an order issued in Wake County Superior Court upon 10 days'notice and hearing finding that access is necessary to a proper administrationof justice, audit work papers and related supportive material shall be keptconfidential, including any interpretations, advisory opinions, or otherinformation or materials furnished to or by the State Ethics Commission underthis section.  (1983,c. 913, s. 2; 1985 (Reg. Sess., 1986), c. 1024, ss. 24, 25; 1987, c. 738, s.62; 1989, c. 236, s. 2; 1999‑188, s. 2; 2001‑142, s. 2; 2001‑424,ss. 9.1(a), 15.2(c); 2002‑126, s. 27.2(b); 2002‑159, s. 48; 2004‑129,s. 46; 2008‑215, ss. 1(a), 2, 3; 2009‑136, s. 2.)

State Codes and Statutes

Statutes > North-carolina > Chapter_147 > GS_147-64_6

§ 147‑64.6.  Duties andresponsibilities.

(a)        It is the policy ofthe General Assembly to provide for the auditing of State agencies by theimpartial, independent State Auditor.

(b)        The duties of theAuditor are independently to examine into and make findings of fact on whetherState agencies:

(1)        Have establishedadequate operating and administrative procedures and practices; systems ofaccounting, reporting and auditing; and other necessary elements of legislativeor management control.

(2)        Are providing financialand other reports which disclose fairly, consistently, fully, and promptly allinformation needed to show the nature and scope of programs and activities andhave established bases for evaluating the results of such programs andoperations.

(3)        Are promptlycollecting, depositing, and properly accounting for all revenues and receiptsarising from their activities.

(4)        Are conductingprograms and activities and expending funds made available in a faithful,efficient, and economical manner in compliance with and in furtherance ofapplicable laws and regulations of the State, and, if applicable, federal lawand regulation.

(5)        Are determining thatthe authorized activities or programs effectively serve the intent and purposeof the General Assembly and, if applicable, federal law and regulation.

(c)        The Auditor shallbe responsible for the following acts and activities:

(1)        Audits made orcaused to be made by the Auditor shall be conducted in accordance withgenerally accepted auditing standards as prescribed by the American Instituteof Certified Public Accountants, the United States General Accounting Office,or other professionally recognized accounting standards‑setting bodies.

(2)        Financial andcompliance audits may be made at the discretion of the Auditor without advancenotice to the organization being audited. Audits of economy and efficiency andprogram results shall be discussed in advance with the prospective auditeeunless an unannounced visit is essential to the audit.

(3)        The Auditor, on hisown initiative and as often as he deems necessary, or as requested by theGovernor or the General Assembly, shall, to the extent deemed practicable andconsistent with his overall responsibility as contained in this act, make orcause to be made audits of all or any part of the activities of the Stateagencies.

(4)        The Auditor, at hisown discretion, may, in selecting audit areas and in evaluating current auditactivity, consider and utilize, in whole or in part, the relevant auditcoverage and applicable reports of the audit staffs of the various Stateagencies, independent contractors, and federal agencies. He shall coordinate,to the extent deemed practicable, the auditing conducted within the State tomeet the needs of all governmental bodies.

(5)        The Auditor isauthorized to contract with federal audit agencies, or any governmental agency,on a cost reimbursable basis, for the Auditor to perform audits of federalgrants and programs administered by the State Departments and institutions inaccordance with agreements negotiated between the Auditor and the contractingfederal audit agencies or any governmental agency. In instances where thegrantee State agency shall subgrant these federal funds to local governments,regional councils of government and other local groups or private orsemiprivate institutions or agencies, the Auditor shall have the authority toexamine the books and records of these subgrantees to the extent necessary todetermine eligibility and proper use in accordance with State and federal lawsand regulations.

TheAuditor shall charge and collect from the contracting federal audit agencies,or any governmental agencies, the actual cost of all the audits of the grantsand programs contracted by him to do. Amounts collected under these arrangementsshall be deposited in the State Treasury and be budgeted in the Department ofState Auditor and shall be available to hire sufficient personnel to performthese contracted audits and to pay for related travel, supplies and othernecessary expenses.

(6)        The Auditor isauthorized and directed in his reports of audits or reports of specialinvestigations to make any comments, suggestions, or recommendations he deemsappropriate concerning any aspect of such agency's activities and operations.

(7)        The Auditor shallcharge and collect from each examining and licensing board the actual cost ofeach audit of such board. Costs collected under this subdivision shall be basedon the actual expense incurred by the Auditor's office in making such audit andthe affected agency shall be entitled to an itemized statement of such costs.Amounts collected under this subdivision shall be deposited into the generalfund as nontax revenue.

(8)        The Auditor shallexamine as often as may be deemed necessary the accounts kept by the Treasurer,and if he discovers any irregularity or deficiency therein, unless the same berectified or explained to his satisfaction, report the same forthwith inwriting to the General Assembly, with copy of such report to the Governor and AttorneyGeneral. In addition to regular audits, the Auditor shall check the treasuryrecords at the time a Treasurer assumes office (not to succeed himself), andtherein charge him with the balance in the treasury, and shall check theTreasurer's records at the time he leaves office to determine that the accountsare in order.

(9)        The Auditor mayexamine the accounts and records of any bank or financial institution relatingto transactions with the State Treasurer, or with any State agency, or he mayrequire banks doing business with the State to furnish him information relatingto transactions with the State or State agencies.

(10)      The Auditor may, asoften as he deems advisable, conduct a detailed review of the bookkeeping andaccounting systems in use in the various State agencies which are supportedpartially or entirely from State funds. Such examinations will be for thepurpose of evaluating the adequacy of systems in use by these agencies andinstitutions. In instances where the Auditor determines that existing systemsare outmoded, inefficient, or otherwise inadequate, he shall recommend changesto the State Controller. The State Controller shall prescribe and supervise theinstallation of such changes, as provided in G.S. 143B‑426.39(2).

(11)      The Auditor shall,through appropriate tests, satisfy himself concerning the propriety of the datapresented in the Comprehensive Annual Financial Report and shall express theappropriate auditor's opinion in accordance with generally accepted auditingstandards.

(12)      The Auditor shallprovide a report to the Governor and Attorney General, and other appropriateofficials, of such facts as are in his possession which pertain to the apparentviolation of penal statutes or apparent instances of malfeasance, misfeasance,or nonfeasance by an officer or employee.

(13)      At the conclusion ofan audit, the Auditor or his designated representative shall discuss the auditwith the official whose office is subject to audit and submit necessaryunderlying facts developed for all findings and recommendations which may beincluded in the audit report. On audits of economy and efficiency and programresults, the auditee's written response shall be included in the final reportif received within 30 days from receipt of the draft report.

(14)      The Auditor shallnotify the General Assembly, the Governor, the Chief Executive Officer of eachagency audited, and other persons as the Auditor deems appropriate that anaudit report has been published, its subject and title, and the locations, includingState libraries, at which the report is available. The Auditor shall thendistribute copies of the report only to those who request a report. The copiesshall be in written or electronic form, as requested. He shall also file a copyof the audit report in the Auditor's office, which will be a permanent publicrecord; Provided, nothing in this subsection shall be construed as authorizingor permitting the publication of information whose disclosure is otherwiseprohibited by law.

(15)      It is not the intentof the audit function, nor shall it be so construed, to infringe upon ordeprive the General Assembly and the executive or judicial branches of Stategovernment of any rights, powers, or duties vested in or imposed upon them bystatute or the Constitution.

(16)      The Auditor shall beresponsible for receiving reports of allegations of the improper governmentalactivities as provided in G.S. 147‑64.6B. The Auditor shall adoptpolicies and procedures necessary to provide for the investigation or referralof these allegations.

(17)      Repealed by SessionLaws 2009‑136, s. 2, effective June 19, 2009.

(18)      The Auditor shall,after consultation and in coordination with the State Chief InformationOfficer, assess, confirm, and report on the security practices of informationtechnology systems. If an agency has adopted standards pursuant to G.S. 147‑33.111(a),the audit shall be in accordance with those standards. The Auditor's assessmentof information security practices shall include an assessment of network vulnerability.The Auditor may conduct network penetration or any similar procedure as theAuditor may deem necessary. The Auditor may enter into a contract with a Stateagency under G.S. 147‑33.111(c) for an assessment of networkvulnerability, including network penetration or any similar procedure. Anycontract with the Auditor for the assessment and testing shall be on a cost‑reimbursementbasis. The Auditor may investigate reported information technology securitybreaches, cyber attacks, and cyber fraud in State government. The Auditor shallissue public reports on the general results of the reviews undertaken pursuantto this subdivision but may provide agencies with detailed reports of thesecurity issues identified pursuant to this subdivision which shall not bedisclosed as provided in G.S. 132‑6.1(c). The Auditor shall provide theState Chief Information Officer with detailed reports of the security issuesidentified pursuant to this subdivision. For the purposes of this subdivisiononly, the Auditor is exempt from the provisions of Article 3 of Chapter 143 ofthe General Statutes in retaining contractors.

(19)      Whenever the Auditorbelieves that information received or collected by the Auditor may be evidenceof a violation of any of the provisions of Chapter 138A of the GeneralStatutes, Chapter 120C of the General Statutes, or Article 14 of Chapter 120 ofthe General Statutes, the Auditor shall report that information to the StateEthics Commission and the Secretary of State as appropriate. The Auditor shallbe bound by interpretations issued by the State Ethics Commission as to whetheror not any information reported by the Auditor under this subdivision involvesor may involve a violation of Chapter 138A of the General Statutes, Chapter120C of the General Statutes, or Article 14 of Chapter 120 of the GeneralStatutes. Nothing in this subdivision shall be construed to limit the Auditor'sauthority under subdivision (1) of this subsection.

(d)        Reports and WorkPapers. – The Auditor shall maintain for 10 years a complete file of all auditreports and reports of other examinations, investigations, surveys, and reviewsissued under the Auditor's authority. Audit work papers and other evidence andrelated supportive material directly pertaining to the work of the Auditor'soffice shall be retained according to an agreement between the Auditor andState Archives. To promote intergovernmental cooperation and avoid unnecessaryduplication of audit effort, and notwithstanding the provisions of G.S. 126‑24,pertinent work papers and other supportive material related to issued auditreports may be, at the discretion of the Auditor and unless otherwiseprohibited by law, made available for inspection by duly authorizedrepresentatives of the State and federal government who desire access to andinspection of such records in connection with some matter officially beforethem, including criminal investigations.

Except as provided in thissection, or upon an order issued in Wake County Superior Court upon 10 days'notice and hearing finding that access is necessary to a proper administrationof justice, audit work papers and related supportive material shall be keptconfidential, including any interpretations, advisory opinions, or otherinformation or materials furnished to or by the State Ethics Commission underthis section.  (1983,c. 913, s. 2; 1985 (Reg. Sess., 1986), c. 1024, ss. 24, 25; 1987, c. 738, s.62; 1989, c. 236, s. 2; 1999‑188, s. 2; 2001‑142, s. 2; 2001‑424,ss. 9.1(a), 15.2(c); 2002‑126, s. 27.2(b); 2002‑159, s. 48; 2004‑129,s. 46; 2008‑215, ss. 1(a), 2, 3; 2009‑136, s. 2.)


State Codes and Statutes

State Codes and Statutes

Statutes > North-carolina > Chapter_147 > GS_147-64_6

§ 147‑64.6.  Duties andresponsibilities.

(a)        It is the policy ofthe General Assembly to provide for the auditing of State agencies by theimpartial, independent State Auditor.

(b)        The duties of theAuditor are independently to examine into and make findings of fact on whetherState agencies:

(1)        Have establishedadequate operating and administrative procedures and practices; systems ofaccounting, reporting and auditing; and other necessary elements of legislativeor management control.

(2)        Are providing financialand other reports which disclose fairly, consistently, fully, and promptly allinformation needed to show the nature and scope of programs and activities andhave established bases for evaluating the results of such programs andoperations.

(3)        Are promptlycollecting, depositing, and properly accounting for all revenues and receiptsarising from their activities.

(4)        Are conductingprograms and activities and expending funds made available in a faithful,efficient, and economical manner in compliance with and in furtherance ofapplicable laws and regulations of the State, and, if applicable, federal lawand regulation.

(5)        Are determining thatthe authorized activities or programs effectively serve the intent and purposeof the General Assembly and, if applicable, federal law and regulation.

(c)        The Auditor shallbe responsible for the following acts and activities:

(1)        Audits made orcaused to be made by the Auditor shall be conducted in accordance withgenerally accepted auditing standards as prescribed by the American Instituteof Certified Public Accountants, the United States General Accounting Office,or other professionally recognized accounting standards‑setting bodies.

(2)        Financial andcompliance audits may be made at the discretion of the Auditor without advancenotice to the organization being audited. Audits of economy and efficiency andprogram results shall be discussed in advance with the prospective auditeeunless an unannounced visit is essential to the audit.

(3)        The Auditor, on hisown initiative and as often as he deems necessary, or as requested by theGovernor or the General Assembly, shall, to the extent deemed practicable andconsistent with his overall responsibility as contained in this act, make orcause to be made audits of all or any part of the activities of the Stateagencies.

(4)        The Auditor, at hisown discretion, may, in selecting audit areas and in evaluating current auditactivity, consider and utilize, in whole or in part, the relevant auditcoverage and applicable reports of the audit staffs of the various Stateagencies, independent contractors, and federal agencies. He shall coordinate,to the extent deemed practicable, the auditing conducted within the State tomeet the needs of all governmental bodies.

(5)        The Auditor isauthorized to contract with federal audit agencies, or any governmental agency,on a cost reimbursable basis, for the Auditor to perform audits of federalgrants and programs administered by the State Departments and institutions inaccordance with agreements negotiated between the Auditor and the contractingfederal audit agencies or any governmental agency. In instances where thegrantee State agency shall subgrant these federal funds to local governments,regional councils of government and other local groups or private orsemiprivate institutions or agencies, the Auditor shall have the authority toexamine the books and records of these subgrantees to the extent necessary todetermine eligibility and proper use in accordance with State and federal lawsand regulations.

TheAuditor shall charge and collect from the contracting federal audit agencies,or any governmental agencies, the actual cost of all the audits of the grantsand programs contracted by him to do. Amounts collected under these arrangementsshall be deposited in the State Treasury and be budgeted in the Department ofState Auditor and shall be available to hire sufficient personnel to performthese contracted audits and to pay for related travel, supplies and othernecessary expenses.

(6)        The Auditor isauthorized and directed in his reports of audits or reports of specialinvestigations to make any comments, suggestions, or recommendations he deemsappropriate concerning any aspect of such agency's activities and operations.

(7)        The Auditor shallcharge and collect from each examining and licensing board the actual cost ofeach audit of such board. Costs collected under this subdivision shall be basedon the actual expense incurred by the Auditor's office in making such audit andthe affected agency shall be entitled to an itemized statement of such costs.Amounts collected under this subdivision shall be deposited into the generalfund as nontax revenue.

(8)        The Auditor shallexamine as often as may be deemed necessary the accounts kept by the Treasurer,and if he discovers any irregularity or deficiency therein, unless the same berectified or explained to his satisfaction, report the same forthwith inwriting to the General Assembly, with copy of such report to the Governor and AttorneyGeneral. In addition to regular audits, the Auditor shall check the treasuryrecords at the time a Treasurer assumes office (not to succeed himself), andtherein charge him with the balance in the treasury, and shall check theTreasurer's records at the time he leaves office to determine that the accountsare in order.

(9)        The Auditor mayexamine the accounts and records of any bank or financial institution relatingto transactions with the State Treasurer, or with any State agency, or he mayrequire banks doing business with the State to furnish him information relatingto transactions with the State or State agencies.

(10)      The Auditor may, asoften as he deems advisable, conduct a detailed review of the bookkeeping andaccounting systems in use in the various State agencies which are supportedpartially or entirely from State funds. Such examinations will be for thepurpose of evaluating the adequacy of systems in use by these agencies andinstitutions. In instances where the Auditor determines that existing systemsare outmoded, inefficient, or otherwise inadequate, he shall recommend changesto the State Controller. The State Controller shall prescribe and supervise theinstallation of such changes, as provided in G.S. 143B‑426.39(2).

(11)      The Auditor shall,through appropriate tests, satisfy himself concerning the propriety of the datapresented in the Comprehensive Annual Financial Report and shall express theappropriate auditor's opinion in accordance with generally accepted auditingstandards.

(12)      The Auditor shallprovide a report to the Governor and Attorney General, and other appropriateofficials, of such facts as are in his possession which pertain to the apparentviolation of penal statutes or apparent instances of malfeasance, misfeasance,or nonfeasance by an officer or employee.

(13)      At the conclusion ofan audit, the Auditor or his designated representative shall discuss the auditwith the official whose office is subject to audit and submit necessaryunderlying facts developed for all findings and recommendations which may beincluded in the audit report. On audits of economy and efficiency and programresults, the auditee's written response shall be included in the final reportif received within 30 days from receipt of the draft report.

(14)      The Auditor shallnotify the General Assembly, the Governor, the Chief Executive Officer of eachagency audited, and other persons as the Auditor deems appropriate that anaudit report has been published, its subject and title, and the locations, includingState libraries, at which the report is available. The Auditor shall thendistribute copies of the report only to those who request a report. The copiesshall be in written or electronic form, as requested. He shall also file a copyof the audit report in the Auditor's office, which will be a permanent publicrecord; Provided, nothing in this subsection shall be construed as authorizingor permitting the publication of information whose disclosure is otherwiseprohibited by law.

(15)      It is not the intentof the audit function, nor shall it be so construed, to infringe upon ordeprive the General Assembly and the executive or judicial branches of Stategovernment of any rights, powers, or duties vested in or imposed upon them bystatute or the Constitution.

(16)      The Auditor shall beresponsible for receiving reports of allegations of the improper governmentalactivities as provided in G.S. 147‑64.6B. The Auditor shall adoptpolicies and procedures necessary to provide for the investigation or referralof these allegations.

(17)      Repealed by SessionLaws 2009‑136, s. 2, effective June 19, 2009.

(18)      The Auditor shall,after consultation and in coordination with the State Chief InformationOfficer, assess, confirm, and report on the security practices of informationtechnology systems. If an agency has adopted standards pursuant to G.S. 147‑33.111(a),the audit shall be in accordance with those standards. The Auditor's assessmentof information security practices shall include an assessment of network vulnerability.The Auditor may conduct network penetration or any similar procedure as theAuditor may deem necessary. The Auditor may enter into a contract with a Stateagency under G.S. 147‑33.111(c) for an assessment of networkvulnerability, including network penetration or any similar procedure. Anycontract with the Auditor for the assessment and testing shall be on a cost‑reimbursementbasis. The Auditor may investigate reported information technology securitybreaches, cyber attacks, and cyber fraud in State government. The Auditor shallissue public reports on the general results of the reviews undertaken pursuantto this subdivision but may provide agencies with detailed reports of thesecurity issues identified pursuant to this subdivision which shall not bedisclosed as provided in G.S. 132‑6.1(c). The Auditor shall provide theState Chief Information Officer with detailed reports of the security issuesidentified pursuant to this subdivision. For the purposes of this subdivisiononly, the Auditor is exempt from the provisions of Article 3 of Chapter 143 ofthe General Statutes in retaining contractors.

(19)      Whenever the Auditorbelieves that information received or collected by the Auditor may be evidenceof a violation of any of the provisions of Chapter 138A of the GeneralStatutes, Chapter 120C of the General Statutes, or Article 14 of Chapter 120 ofthe General Statutes, the Auditor shall report that information to the StateEthics Commission and the Secretary of State as appropriate. The Auditor shallbe bound by interpretations issued by the State Ethics Commission as to whetheror not any information reported by the Auditor under this subdivision involvesor may involve a violation of Chapter 138A of the General Statutes, Chapter120C of the General Statutes, or Article 14 of Chapter 120 of the GeneralStatutes. Nothing in this subdivision shall be construed to limit the Auditor'sauthority under subdivision (1) of this subsection.

(d)        Reports and WorkPapers. – The Auditor shall maintain for 10 years a complete file of all auditreports and reports of other examinations, investigations, surveys, and reviewsissued under the Auditor's authority. Audit work papers and other evidence andrelated supportive material directly pertaining to the work of the Auditor'soffice shall be retained according to an agreement between the Auditor andState Archives. To promote intergovernmental cooperation and avoid unnecessaryduplication of audit effort, and notwithstanding the provisions of G.S. 126‑24,pertinent work papers and other supportive material related to issued auditreports may be, at the discretion of the Auditor and unless otherwiseprohibited by law, made available for inspection by duly authorizedrepresentatives of the State and federal government who desire access to andinspection of such records in connection with some matter officially beforethem, including criminal investigations.

Except as provided in thissection, or upon an order issued in Wake County Superior Court upon 10 days'notice and hearing finding that access is necessary to a proper administrationof justice, audit work papers and related supportive material shall be keptconfidential, including any interpretations, advisory opinions, or otherinformation or materials furnished to or by the State Ethics Commission underthis section.  (1983,c. 913, s. 2; 1985 (Reg. Sess., 1986), c. 1024, ss. 24, 25; 1987, c. 738, s.62; 1989, c. 236, s. 2; 1999‑188, s. 2; 2001‑142, s. 2; 2001‑424,ss. 9.1(a), 15.2(c); 2002‑126, s. 27.2(b); 2002‑159, s. 48; 2004‑129,s. 46; 2008‑215, ss. 1(a), 2, 3; 2009‑136, s. 2.)