§ 116-40.7. Internal auditors.
§ 116‑40.7. Internalauditors.
(a) Internal auditorswithin The University of North Carolina and its constituent institutions shallprovide independent reviews and analyses of various functions and programswithin The University of North Carolina that will provide managementinformation to promote accountability, integrity, and efficiency within TheUniversity of North Carolina.
(b) An internal auditorshall have access to any records, data, or other information of The Universityof North Carolina or the relevant constituent institution that the internalauditor believes necessary to carry out the internal auditor's duties.
(c) An internal auditorshall maintain, for 10 years, a complete file of all audit reports and reportsof other examinations, investigations, surveys, and reviews issued under theinternal auditor's authority. Audit work papers and other evidence and relatedsupportive material directly pertaining to the work of that auditor's officeshall be retained in accordance with Chapter 132 of the General Statutes. Topromote cooperation and avoid unnecessary duplication of audit effort, auditwork papers related to issued audit reports shall be, unless otherwiseprohibited by law, made available for inspection by duly authorizedrepresentatives of the State and federal governments in connection with somematter officially before them. Except as otherwise provided in this subsection,or upon subpoena issued by a duly authorized court or court official, auditwork papers shall be kept confidential and shall not be open to examination orinspection under G.S. 132‑6 until completion of the audit report that isbased on the working paper. Audit reports and the working papers on which theyare based shall be public records subject to examination and inspection to theextent that they do not include information that, under State law, isconfidential and exempt from Chapter 132 of the General Statutes or wouldcompromise the security systems of The University of North Carolina. At thetime that audit working papers are made available for public examination orinspection, the custodian of the audit working paper may redact the name andpersonally identifying information of a person who has initiated an allegationof (i) a violation of State or federal law or rule or regulation; (ii) fraud;(iii) misappropriation of State resources; (iv) substantial and specific dangerto the public health and safety; or (v) gross mismanagement, gross waste ofmonies, or gross abuse of authority, if that person requests that the person'sname and personally identifying information be kept confidential. (2004‑203, s. 46; 2007‑372,s. 3.)