Ezel / AG Opinions / NC
NC NC AG Advisory Opinion (1993-03-05) 1993-03-05

Can the NC State Auditor audit the NC Department of Insurance for the Comprehensive Annual Financial Report when the Auditor's office had staff with recent management responsibility there?

Short answer: No. G.S. 147-64.12(b) bars the State Auditor from auditing a program where the office had management responsibility or employment in the prior two years. CAFR test work, federal-funds schedule review, and internal-control review all count as 'audit' under G.S. 147-64.4(1).
Currency note: this opinion is from 1993
Subsequent statutory amendments, court decisions, or later AG opinions may have changed the analysis. Treat this page as historical context, not current legal advice. Verify current law before relying on any specific rule, deadline, or remedy mentioned here.
Disclaimer: This is an official North Carolina Attorney General advisory opinion. AG opinions are persuasive authority but not binding precedent like a court ruling. This summary is for informational purposes only and is not legal advice. Consult a licensed North Carolina attorney for advice on your specific situation.
About this page: The plain-English summary, reader guidance, and Q&A below were written by Ezel based on the official AG opinion. The original opinion (linked at the bottom of this page) is the authoritative source for any reliance.

Plain-English summary

NC State Auditor Ralph Campbell asked AG Michael Easley three questions, all turning on the same statute: G.S. 147-64.12(b), which bars the State Auditor from conducting an audit on any program or activity for which the Auditor had management responsibility or was employed in during the preceding two years. The three Department of Insurance (DOI) activities at issue were:

  1. CAFR test work. Could the Auditor's office perform the test work at DOI needed to issue the office's opinion on the state's Comprehensive Annual Financial Report (CAFR)?

  2. Federal financial assistance schedule review. Could the Auditor's office review the DOI's schedule of federal financial assistance received?

  3. Internal control review. Could the Auditor's office review DOI's internal control structure?

The AG answered all three the same way: no. Each activity is an "audit" within the meaning of G.S. 147-64.4(1), and each is barred by the two-year cooling-off rule for activities tied to a department where Auditor staff had recently held management roles.

The reasoning for each question worked through the statutory definition of "audit." Under G.S. 147-64.4(1), an "audit" is an "independent review or examination of government organizations, programs, activities, and functions." It can include one or more of three elements: financial and compliance, economy and efficiency, and program results.

For CAFR test work, the Auditor's letter described the purpose as obtaining "reasonable assurance that the financial statements are free from material misstatements." The AG read that as squarely within the "financial and compliance" element: a determination of whether the financial reports of an audited entity are presented fairly. G.S. 147-64.6(c)(11) reinforces this by giving the Auditor responsibility to conduct tests to verify the CAFR data. Because the test work fits the definition, the two-year rule applies.

For the federal-funds schedule review, the Auditor's office argued that the review was small (about 8 hours, DOI had no major federal program) and was "not what is considered an audit under our professional standards." The AG was unmoved by the professional-standards argument: the statutory definition of "audit" controls, not external professional standards. The schedule review fit the "financial and compliance" element because its purpose was "reasonable assurance that there have been no material instances of noncompliance." So the two-year rule applies here too.

For internal-control review, the Auditor's purpose was to "gain an understanding of [the Department's] ability to prevent and detect material instances of noncompliance." Whether that fit the "financial and compliance" or the "economy and efficiency" element of audit, it fit the statutory definition. Two-year rule applies.

The opinion has practical bite. The State Auditor must keep track of where staff have recently worked, and assignments must rotate to avoid the conflict. For an agency like DOI, where Auditor staff had recently held management positions, the prohibition applies for two full years from the date of the staff's departure, not from the date of the Auditor's audit decision. The Auditor must either wait out the two years, restructure the staff assignment so no conflicted person works on the engagement, or contract out the work to an independent CPA firm.

Currency note

This opinion was issued in 1993. Subsequent statutory amendments, court decisions, or later AG opinions may have changed the analysis. Treat this page as historical context, not current legal advice. Verify current law before relying on any specific rule, deadline, or remedy mentioned here. The State Auditor's enabling statute, Chapter 147, Article 5A, has been substantively amended multiple times since 1993, including changes to the definition of "audit" and updates to align with federal Yellow Book and AICPA professional standards. Anyone with a current question about Auditor independence should consult the current G.S. 147-64.4 and 147-64.12, plus the current State Auditor policies on conflicts and rotation.

Background and statutory framework

The NC State Auditor's office is an independent constitutional office charged with auditing state and local government finances. The Auditor's enabling statutes (Chapter 147, Article 5A) define the scope and powers of the office and impose conflict-of-interest restrictions on the Auditor's work.

G.S. 147-64.12(b) is the cooling-off rule. It bars the Auditor from conducting an audit on a program or activity for which the Auditor (or the Auditor's office) had management responsibility or in which the Auditor was employed during the preceding two years. The rule serves the same purpose as the AICPA's independence rules for CPA firms: an auditor who recently managed or worked in the audited entity is too close to it to be independent. The auditor would be auditing their own past work, which destroys the credibility of the audit opinion.

G.S. 147-64.4(1) defines "audit" broadly. The statutory definition is anchored to "independent review or examination" and lists three possible elements: financial and compliance (whether the financial reports are presented fairly and the entity complies with applicable laws), economy and efficiency (whether the entity uses its resources economically and efficiently), and program results (whether the entity achieves the desired results of its programs). An "audit" can include one, two, or all three of these elements. The breadth of the definition is intentional: the legislature wanted the cooling-off rule to apply to all forms of substantive review work, not just to a narrowly-defined "audit" as the term might be used in private-sector CPA practice.

The State Auditor's office in 1993 was preparing to issue the office's opinion on NC's Comprehensive Annual Financial Report (CAFR). The CAFR is the state's primary annual financial statement, compiled across all state agencies, and the Auditor's opinion on the CAFR is the headline product of the office's financial-audit function. The CAFR audit requires test work at individual agencies to verify their underlying financial data. For each agency, the Auditor's office samples transactions, examines internal controls, and performs other procedures to confirm the agency's financial statements are accurate.

The DOI was one agency the Auditor's office needed to test for the CAFR. But the office had recent staff with management responsibility at DOI, which raised the cooling-off question. Auditor Campbell wanted the AG's opinion on whether the three planned activities (CAFR test work, federal-funds schedule review, internal-control review) would violate the cooling-off rule.

The AG's analysis on each question hinged on whether the planned activity fit the statutory definition of "audit." The answer in each case was yes. The CAFR test work fit the "financial and compliance" element directly (testing whether financial reports are presented fairly). The federal-funds schedule review fit the "financial and compliance" element (testing whether the entity complies with federal-program rules). The internal-control review fit either the "financial and compliance" or the "economy and efficiency" element (testing whether the entity has controls to prevent noncompliance and operate efficiently).

The Auditor's argument that the federal-funds review was "not what is considered an audit under our professional standards" did not move the AG. Professional standards from AICPA, GAO Yellow Book, and similar sources are useful guides to audit methodology, but they do not control the statutory definition. The legislature defined "audit" broadly in G.S. 147-64.4(1) precisely to capture all substantive review activity, regardless of how the activity might be labeled under professional standards. A 1-hour review can still be an "audit" if it has the character of an independent examination.

The practical implication is operational. The Auditor's office must track staff prior employment carefully, and audit assignments must rotate to keep conflicted staff away from engagements covering programs where they recently worked. For agencies where the office has had recent staff turnover from management positions, the cooling-off may require waiting two years from the staff's departure, structuring the engagement so the conflicted staff are walled off, or contracting the work to an independent CPA firm.

The opinion is also a useful illustration of how an attorney general opinion can serve as a check on agency self-interpretation. The Auditor's own internal view (the schedule review is not an "audit" under professional standards) was understandable but legally incorrect. The AG opinion forced the Auditor to follow the statutory definition rather than the office's preferred professional-standards reading.

Common questions

What is the State Auditor's two-year cooling-off rule?

G.S. 147-64.12(b) bars the State Auditor from conducting an audit on a program or activity for which the Auditor had management responsibility or in which the Auditor was employed during the preceding two years. The rule protects audit independence by keeping recently-conflicted personnel away from audits of the entities where they recently worked.

What counts as an "audit" under the cooling-off rule?

G.S. 147-64.4(1) defines "audit" broadly: any "independent review or examination of government organizations, programs, activities, and functions" that includes one or more of financial-and-compliance, economy-and-efficiency, or program-results elements. The definition is broad on purpose: the legislature wanted to capture all substantive review work, not just narrowly-defined audits.

Does professional-standards definitions of "audit" matter?

No. The statutory definition controls. Professional standards from AICPA, GAO Yellow Book, or similar sources can guide audit methodology, but they do not narrow the statutory definition. A short review can still be an "audit" if it has the character of an independent examination of government activity.

What can the Auditor's office do if it has recent staff at an agency it needs to audit?

Several options. The office can wait out the two-year cooling-off period. The office can assign non-conflicted staff to the engagement, with walls to keep the conflicted staff out of the audit. The office can contract the work to an independent CPA firm. What the office cannot do is have the conflicted staff perform the audit.

Was this rule unique to NC, or is it a broader principle?

The cooling-off principle is broadly applied in auditor independence rules. The AICPA Code of Professional Conduct has analogous rules for private-sector CPA firms. The GAO Yellow Book has parallel rules for federal auditors. NC's G.S. 147-64.12(b) implements a specifically-NC version, but the underlying concern (recently-conflicted staff destroy audit independence) is universal.

Source

Original opinion text

  1. Would it be inconsistent with N.C.G.S. §147-64.12(b) for your office to perform the test work at the Department of Insurance that is necessary to issue your opinion on the CAFR?

Answer: It is our conclusion that the answer to this questions is "yes".

Subsection (b) of this statute prohibits the Auditor's conducting an audit on a program or activity for which he had management responsibility or in which he was employed during the preceding two years. "Audit" is defined under N.C.G.S. §147-64.4(1) as "[a]n independent review or examination of government organizations, programs, activities, and functions." An audit may include one, two or three of the following elements: financial and compliance; economy and efficiency; and program results.

Although the test work performed by your office at the Department of Insurance has been limited, the purpose of the CAFR audit work, as stated in your letter, is to obtain "reasonable assurance that the financial statements are free from material misstatements." This review appears to be contemplated under the "financial and compliance" element of an audit, as described in N.C.G.S. §147-64.4(1)a., in that it is a determination of "whether the financial reports of an audited entity are presented fairly." The Auditor, moreover, is expressly granted the responsibility to conduct appropriate tests to "satisfy himself concerning the propriety of the data presented in the Comprehensive Annual Financial Report. . . ." N.C.G.S. §147-64.6(c)(11). In our opinion your office should not conduct this test work at the Department of Insurance for a period of two years.

  1. Would it be inconsistent with the provisions of N.C.G.S. §147-64.12(b) for your office to review a schedule of federal financial assistance received by the Department of Insurance?

Answer: It is our conclusion that the answer to this question is also "yes."

According to your letter, the Single Audit work for the Department of Insurance has been limited to approximately eight hours for review because the Department does not have a major federal financial assistance program. You also stated that the Auditor's work in reviewing the schedule of federal funds received by the Department "is not what is considered an audit under our professional standards." Notwithstanding this conclusion by your office, the action of reviewing a schedule of federal financial assistance received by the Department of Insurance also appears to be contemplated under the "financial and compliance" element of an audit. As stated in your letter, the purpose of the audit procedures is "to provide reasonable assurance that there have been no material instances of noncompliance." Our opinion again is that your office should not review a schedule of federal financial assistance received by the Department of Insurance for a period of two years.

  1. Would it be inconsistent with the provisions of N.C.G.S. §147-64.12(b) for your office to review the internal control structure of the Department of Insurance?

Answer: We conclude that this question must also be answered in the affirmative.

You stated that your office has reviewed the internal control structure of the Department of Insurance on a periodic basis because the agency is without major federal assistance programs. The purpose of this review is "to gain an understanding of [the Department's] ability to prevent and detect material instances of noncompliance." Whether this review represents a "financial and compliance" element of an audit or an "economy and efficiency" element of an audit, the review seems to come within the purview of the statutory definition of "audit." Your office, therefore, should not conduct such a review for a period of two years.

If you have questions concerning this response, please feel free to contact us at 733-6118.

MICHAEL F. EASLEY
Attorney General

Jo Anne Sanford
Special Deputy Attorney General

Sue Y. Little
Associate Attorney General