| | | Be it enacted by the People of the State of Maine as follows: |
|
| | | Sec. 1. 5 MRSA §243, sub-§8, as amended by PL 1999, c. 208, §1, is | | further amended to read: |
|
| | | 8. Audit. To perform audits of all accounts and financial | | records of any organization, institution or other entity | | receiving or requesting an appropriation or grant from State | | Government and to issue reports on such audits at such times as | the Legislature or the State Auditor may require; and |
|
| | | Sec. 2. 5 MRSA §243, sub-§9, as enacted by PL 1999, c. 208, §1, is | | amended to read: |
|
| | | 9. Single audit. To conduct financial and compliance audits | | of financial transactions and accounts kept by or for all state | | agencies subject to the Single Audit Act Amendments of 1996, 31 | | United States Code, Sections 7501 to 7507 (1998). The audits | | must be conducted in accordance with generally accepted | governmental auditing standards. |
|
| | | Sec. 3. 5 MRSA §243, sub-§10 is enacted to read: |
|
| | | 10.__Information system audit.__To conduct reviews and | | assessments of any computer system or network or security system | | established to safeguard a computer system that affects federal, | | state or local programs or quasi-governmental bodies subject to | | audit by the Department of Audit.__Assessments of system | | vulnerability, network penetration, potential security breaches | | and susceptibility to electronic attack and electronic fraud are | | nonpublic and confidential pursuant to section 244-D.__Results of | | the reviews that are not confidential may be released in the sole | | discretion of the State Auditor. |
|
| | | Sec. 4. 5 MRSA §244-C, sub-§2, as enacted by PL 1997, c. 703, §1, is | | amended to read: |
|
| | | 2. Information available to the Auditor. Notwithstanding any | | state law relating to the confidentiality of information, all | | information in any form in the files of any department, | | commission or agency of the State subject to an audit or | | investigation by the Auditor must be made available when | | necessary to the Auditor for performance of the Auditor's | | official duties. |
|
| | | A. Before beginning an audit or investigation that may require | | access to records containing confidential or privileged | | information, the Auditor shall consult with representatives of | | the department, commission or agency to discuss methods of | | identifying and protecting privileged or |
|
|
