(a) When the chief internal auditor of a state agency believes that senior management in the state agency has accepted a level of residual risk that may be unacceptable to the organization or that senior management has otherwise not taken appropriate action in response to a finding or recommendation by its internal auditors, the chief internal auditor shall discuss the matter with senior management and the general counsel to the state agency. If that decision regarding residual risk or the need for appropriate action in response to an audit finding or recommendation, or both, does not resolve the issue, the chief internal auditor and general counsel shall jointly report the matter to the next highest level of management as pertains to the state agency, including, but not limited to, the chair of the governing body overseeing the state agency, the agency secretary, the Governor’s office, or the appropriate constitutional officer.
(b) If the decision regarding residual risk or the need for appropriate action in response to an audit finding or recommendation that could have a significant impact on the state’s fiscal operations, the performance of a significant government program, or the delivery of a significant government service, or other similar significant or critical government services, as determined by the chief internal auditor, is still not resolved after making the disclosures required pursuant to subdivision (a), the chief internal auditor shall report the matter to the Joint Legislative Audit Committee and the State Auditor. At the direction of the Joint Legislative Audit Committee, the State Auditor shall investigate a disclosure made pursuant to subdivision (b) and report the results of the investigation in accordance with Chapter 6.5 (commencing with Section 8543) of Division 1. The disclosure requirements of this subdivision shall not apply to any chief internal auditor who reports and makes disclosures to an audit committee, as described in subdivision (b) of Section 13887.
(c) Any chief internal auditor who makes a disclosure pursuant to this section shall receive all protection available under the California Whistleblower Protection Act (Article 3 (commencing with Section 8547) of Chapter 6.5 of Division 1).
(Added by Stats. 2006, Ch. 452, Sec. 4. Effective January 1, 2007.)
Last modified: October 25, 2018