2005 North Carolina Code - General Statutes § 147-64.6. Duties and responsibilities.

§ 147‑64.6.  Duties and responsibilities.

(a)       It is the policy of the General Assembly to provide for the auditing of State agencies by the impartial, independent State Auditor.

(b)       The duties of the Auditor are independently to examine into and make findings of fact on whether State agencies:

(1)       Have established adequate operating and administrative procedures and practices; systems of accounting, reporting and auditing; and other necessary elements of legislative or management control.

(2)       Are providing financial and other reports which disclose fairly, consistently, fully, and promptly all information needed to show the nature and scope of programs and activities and have established bases for evaluating the results of such programs and operations.

(3)       Are promptly collecting, depositing, and properly accounting for all revenues and receipts arising from their activities.

(4)       Are conducting programs and activities and expending funds made available in a faithful, efficient, and economical manner in compliance with and in furtherance of applicable laws and regulations of the State, and, if applicable, federal law and regulation.

(5)       Are determining that the authorized activities or programs effectively serve the intent and purpose of the General Assembly and, if applicable, federal law and regulation.

(c)       The Auditor shall be responsible for the following acts and activities:

(1)       Audits made or caused to be made by the Auditor shall be conducted in accordance with generally accepted auditing standards as prescribed by the American Institute of Certified Public Accountants, the United States General Accounting Office, or other professionally recognized accounting standards‑setting bodies.

(2)       Financial and compliance audits may be made at the discretion of the Auditor without advance notice to the organization being audited. Audits of economy and efficiency and program results shall be discussed in advance with the prospective auditee unless an unannounced visit is essential to the audit.

(3)       The Auditor, on his own initiative and as often as he deems necessary, or as requested by the Governor or the General Assembly, shall, to the extent deemed practicable and consistent with his overall responsibility as contained in this act, make or cause to be made audits of all or any part of the activities of the State agencies.

(4)       The Auditor, at his own discretion, may, in selecting audit areas and in evaluating current audit activity, consider and utilize, in whole or in part, the relevant audit coverage and applicable reports of the audit staffs of the various State agencies, independent contractors, and federal agencies. He shall coordinate, to the extent deemed practicable, the auditing conducted within the State to meet the needs of all governmental bodies.

(5)       The Auditor is authorized to contract with federal audit agencies, or any governmental agency, on a cost reimbursable basis, for the Auditor to perform audits of federal grants and programs administered by the State Departments and institutions in accordance with agreements negotiated between the Auditor and the contracting federal audit agencies or any governmental agency. In instances where the grantee State agency shall subgrant these federal funds to local governments, regional councils of government and other local groups or private or semiprivate institutions or agencies, the Auditor shall have the authority to examine the books and records of these subgrantees to the extent necessary to determine eligibility and proper use in accordance with State and federal laws and regulations.

The Auditor shall charge and collect from the contracting federal audit agencies, or any governmental agencies, the actual cost of all the audits of the grants and programs contracted by him to do. Amounts collected under these arrangements shall be deposited in the State Treasury and be budgeted in the Department of State Auditor and shall be available to hire sufficient personnel to perform these contracted audits and to pay for related travel, supplies and other necessary expenses.

(6)       The Auditor is authorized and directed in his reports of audits or reports of special investigations to make any comments, suggestions, or recommendations he deems appropriate concerning any aspect of such agency's activities and operations.

(7)       The Auditor shall charge and collect from each examining and licensing board the actual cost of each audit of such board. Costs collected under this subdivision shall be based on the actual expense incurred by the Auditor's office in making such audit and the affected agency shall be entitled to an itemized statement of such costs. Amounts collected under this subdivision shall be deposited into the general fund as nontax revenue.

(8)       The Auditor shall examine as often as may be deemed necessary the accounts kept by the Treasurer, and if he discovers any irregularity or deficiency therein, unless the same be rectified or explained to his satisfaction, report the same forthwith in writing to the General Assembly, with copy of such report to the Governor and Attorney General. In addition to regular audits, the Auditor shall check the treasury records at the time a Treasurer assumes office (not to succeed himself), and therein charge him with the balance in the treasury, and shall check the Treasurer's records at the time he leaves office to determine that the accounts are in order.

(9)       The Auditor may examine the accounts and records of any bank or financial institution relating to transactions with the State Treasurer, or with any State agency, or he may require banks doing business with the State to furnish him information relating to transactions with the State or State agencies.

(10)     The Auditor may, as often as he deems advisable, conduct a detailed review of the bookkeeping and accounting systems in use in the various State agencies which are supported partially or entirely from State funds. Such examinations will be for the purpose of evaluating the adequacy of systems in use by these agencies and institutions. In instances where the Auditor determines that existing systems are outmoded, inefficient, or otherwise inadequate, he shall recommend changes to the State Controller. The State Controller shall prescribe and supervise the installation of such changes, as provided in G.S. 143B‑426.39(2).

(11)     The Auditor shall, through appropriate tests, satisfy himself concerning the propriety of the data presented in the Comprehensive Annual Financial Report and shall express the appropriate auditor's opinion in accordance with generally accepted auditing standards.

(12)     The Auditor shall provide a report to the Governor and Attorney General, and other appropriate officials, of such facts as are in his possession which pertain to the apparent violation of penal statutes or apparent instances of malfeasance, misfeasance, or nonfeasance by an officer or employee.

(13)     At the conclusion of an audit, the Auditor or his designated representative shall discuss the audit with the official whose office is subject to audit and submit necessary underlying facts developed for all findings and recommendations which may be included in the audit report. On audits of economy and efficiency and program results, the auditee's written response shall be included in the final report if received within 30 days from receipt of the draft report.

(14)     The Auditor shall notify the General Assembly, the Governor, the Chief Executive Officer of each agency audited, and other persons as the Auditor deems appropriate that an audit report has been published, its subject and title, and the locations, including State libraries, at which the report is available. The Auditor shall then distribute copies of the report only to those who request a report. The copies shall be in written or electronic form, as requested. He shall also file a copy of the audit report in the Auditor's office, which will be a permanent public record; Provided, nothing in this subsection shall be construed as authorizing or permitting the publication of information whose disclosure is otherwise prohibited by law.

(15)     It is not the intent of the audit function, nor shall it be so construed, to infringe upon or deprive the General Assembly and the executive or judicial branches of State government of any rights, powers, or duties vested in or imposed upon them by statute or the Constitution.

(16)     The Auditor shall be responsible for receiving reports of allegations of the improper governmental activities set forth in G.S. 126‑84. The Auditor shall provide a telephone hotline to receive such allegations and informant may choose whether to remain anonymous. The Auditor shall implement the necessary policies and procedures to investigate hotline allegations and recommend appropriate action. When the allegation involves issues of substantial and specific danger to the public health and safety, the Auditor shall notify the appropriate agency immediately. In addition, the Auditor shall publicize the hotline number periodically and shall report findings to the agencies involved.

All records maintained by the State Auditor which involve unsubstantiated allegations of improper governmental activities set forth in G.S. 126‑84 shall be destroyed within four years from the date such allegation was received.

(17)     The Auditor or the Auditor's designee, in conjunction with the State Controller and the State Budget Officer or their designees, shall handle the resolution of fee disputes between the Office of Information Technology Services and the State agencies receiving information technology services from the Office.

(18)     The Auditor shall, after consultation and in coordination with the State Chief Information Officer, assess, confirm, and report on the security practices of information technology systems. If an agency has adopted standards pursuant to G.S. 147‑33.111(a), the audit shall be in accordance with those standards. The Auditor's assessment of information security practices shall include an assessment of network vulnerability. The Auditor may conduct network penetration or any similar procedure as the Auditor may deem necessary. The Auditor may enter into a contract with a State agency under G.S. 147‑33.111(c) for an assessment of network vulnerability, including network penetration or any similar procedure. Any contract with the Auditor for the assessment and testing shall be on a cost‑reimbursement basis. The Auditor may investigate reported information technology security breaches, cyber attacks, and cyber fraud in State government. The Auditor shall issue public reports on the general results of the reviews undertaken pursuant to this subdivision but may provide agencies with detailed reports of the security issues identified pursuant to this subdivision which shall not be disclosed as provided in G.S. 132‑6.1(c). The Auditor shall provide the State Chief Information Officer with detailed reports of the security issues identified pursuant to this subdivision. For the purposes of this subdivision only, the Auditor is exempt from the provisions of Article 3 of Chapter 143 of the General Statutes in retaining contractors.

(d)       Reports and Work Papers. – The Auditor shall maintain for 10 years a complete file of all audit reports and reports of other examinations, investigations, surveys, and reviews issued under his authority. Audit work papers and other evidence and related supportive material directly pertaining to the work of his office shall be retained according to an agreement between the Auditor and State Archives. To promote intergovernmental cooperation and avoid unnecessary duplication of audit effort, and notwithstanding the provisions of G.S. 126‑24, pertinent work papers and other supportive material related to issued audit reports may be, at the discretion of the Auditor and unless otherwise prohibited by law, made available for inspection by duly authorized representatives of the State and federal government who desire access to and inspection of such records in connection with some matter officially before them, including criminal investigations.

Except as provided above, or upon subpoena issued by a duly authorized court or court official, audit work papers shall be kept confidential. (1983, c. 913, s. 2; 1985 (Reg. Sess., 1986), c. 1024, ss. 24, 25; 1987, c. 738, s. 62; 1989, c. 236, s. 2; 1999‑188, s. 2; 2001‑142, s. 2; 2001‑424, ss. 9.1(a), 15.2(c); 2002‑126, s. 27.2(b); 2002‑159, s. 48; 2004‑129, s. 46.)