Sand v. Doe

Full title: ROB SAND, Auditor of the State of Iowa, Appellee, v. JOHN DOE, in His…

Court: SUPREME COURT OF IOWA

Date published: Apr 30, 2021

959 N.W.2d 99 (Iowa 2021)

Opinion

No. 20-0477

04-30-2021

Rob SAND, Auditor of the State of Iowa, Appellee, v. John DOE, in His Official Capacity and Unnamed State Agency, State of Iowa, Appellants.

Thomas J. Miller, Attorney General, Jeffrey S. Thompson (argued), Solicitor General, Christopher J. Deist, Assistant Attorney General, for appellants. John McCormally (argued), Chief of Staff/General Counsel, Office of the Iowa Auditor of State, for appellee. Alan R. Ostergren, Des Moines, for amicus curiae Kirkwood Institute, Inc.

CHRISTENSEN, Chief Justice.

Thomas J. Miller, Attorney General, Jeffrey S. Thompson (argued), Solicitor General, Christopher J. Deist, Assistant Attorney General, for appellants.

John McCormally (argued), Chief of Staff/General Counsel, Office of the Iowa Auditor of State, for appellee.

Alan R. Ostergren, Des Moines, for amicus curiae Kirkwood Institute, Inc.

Christensen, C.J., delivered the opinion of the court, in which Appel, McDonald, Oxley, and McDermott, JJ., joined. Mansfield, J., filed a special concurrence in which Waterman, J., joined.

CHRISTENSEN, Chief Justice. In this case a state agency (Agency) and a state institution (Institution) that the Agency oversees reached out to Iowa Auditor of State Rob Sand (Auditor Sand) to discuss a potential transaction they were considering that was expected to create a multi-billion dollar obligation for the Agency. Following the meeting, Auditor Sand emailed Agency representatives and requested information on the potential investors involved in the transaction. The Agency would not provide the information, claiming it was confidential until the transaction was approved and finalized. The situation escalated, and Auditor Sand served a subpoena on the Agency for various categories of information related to the transaction. According to the subpoena, the requested documents were "relative to an audit." The district court enforced the subpoena. On appeal, the Agency claims the subpoena is invalid because Auditor Sand was not actually engaged in an audit. We disagree.

I. Background Facts and Proceedings.

In December of 2019, officials from the Institution requested Auditor Sand meet with them regarding a potential financial transaction between the Institution, the Agency, and a private consortium. The meeting took place in Auditor Sand's office on December 10, where an Agency representative and an Institution representative presented information about the transaction. That same day, the Institution, the Agency, and the private consortium signed a concessionaire agreement. The agreement required the concessionaire to finalize its financial plan with financial service firms to fund the $1.165 billion payment to the Institution at financial close, which was expected to occur between March 10, 2020 and March 12, 2020.¹ The transaction would not be considered complete until financial close. According to the agreement, if the Concessionaire failed to complete its obligation at financial close, the request for proposal (RFP) period would end and the Concessionaire would forfeit its closing deposit of $100 million to the Institution.

1 The parties agree that the case is not moot even though the transaction has closed.

On December 12, 2019, Auditor Sand emailed the Agency representative and Institution representative he met with regarding the transaction and asked for the names of potential investors in the transaction. He was directed to contact two different Agency representatives and subsequently forwarded them his original message. This led to the following email exchange, which provides in relevant part:

[AUDITOR SAND:] Please see below. [Agency representative] sent me your way. As a reminder, this Office has access to confidential documents. If you can send these material[s] over early

next week, that is fine. Enjoy your weekends!

....

Thanks again for the meeting and your time. I have found the contract online, but not the other bids. Apologies if I missed them, but please send them over. In addition, please send over the list of all investors, whether they make up the 21.5% from Iowa or they are elsewhere.² Also, if there's someone else I should aim requests to in the future in order to be more direct/efficient, let me know.

....

[AGENCY:] Auditor Sand: The RFP proposals of the three proposers who were not selected are considered confidential pending completion of the process, which will occur at financial close. Following completion of the process, the [Agency] and the [Institution] intend to publicly release the remaining RFP proposals with confidential trade secret information redacted, as required by law.

Information regarding the list of investors and their financial information has been identified as trade secret and is confidential in accordance with Iowa Code section 22.7(3) and other applicable law.

....

[AUDITOR SAND:] Thanks for the prompt response. Our office does not operate under Chapter 22, but rather Chapter 11. Confidentiality is immaterial under Iowa Code 11.41 ³ and we are legally granted access to all materials, without redaction.

Let me know if you have any questions. Again, next week is fine for production.

2 A document related to the transaction on the Agency's public website represented that "21.5% of the [Institution]’s committed private placement financing comes from Iowa-based investors."

3 Iowa Code section 11.41 (2020) provides the auditor of state access to information required by law to be kept confidential when conducting an audit or examination.

Auditor Sand followed up several days later, resulting in the following exchange:

[AUDITOR SAND:] I'd also like details on the [Institution entity] that will be handling the payment and its investing, including for now how it is organized and whether it is agreed to be a public entity subject to disclosure requirements and to what degree. I'd also like to see any RFPs for independent investment managers and any subsequent contracts or other agreements.

....

[AGENCY:] Auditor Sand: The RFP process has yet to be completed, which will occur at financial close. Additional information regarding the RFP proposals will be made available following financial close, with confidential information redacted as required by law. Additionally, [Institution entity] has yet to be finally formed and incorporated, so there is no information to share at this time beyond that which was publicly disclosed as part of the December 10 meeting of the [Agency].

....

[AUDITOR SAND:] Please call me Rob, thank you. This is ... similar to what I requested for [Institution transaction], and those items were produced.

I'm not aware of any legal basis to withhold bids from the AOS Office due to where the RFP process may be, nor a basis to redact anything confidential. The same goes for information regarding investors and the organizational nature

and obligations of the [Institution entity]. Again, I point you to Iowa Code Chapter 11.41.

If I do not have these items by COB on January 3, we will serve a subpoena and an action to enforce it. Feel free to call if you think a discussion may help.

....

[AGENCY:] Auditor Sand: Iowa Code section 11.41 provides the Auditor of State with access to confidential information when conducting an audit or examination permitted or required by the Chapter. The [Agency] is not aware of any pending audit of the [Institution] under which your office would have access to this confidential information as permitted by section 11.41.

....

[AUDITOR SAND:] I would hope the [Agency] is aware that we conduct multiple audits for the [Agency] and its institutions every year, and that Chapter 11 not only specifically authorizes but requires we perform those audits. Bid testing and conflict-of-interest testing are normal parts of a financial audit. I'm not sure what better notifies one that an audit is underway than a request from one's auditor for normal audit documentation.

While I realize it might be unusual to receive a request from the Auditor of State rather than a staff member, my approach to running this office includes contributing to the actual audits as a part of the team. This is a request from my official office email account. Moreover, individuals from the [Agency] and the [Institution] reached out to me personally to discuss the [transaction] and answer questions. We met during normal business hours in my official office. I informed them at that time that I'd likely want to see all bid[s], and that I'd likely have additional requests.

I'm happy to continue a discussion around the parameters of Chapter 11 via email or via phone if you like. But ultimately, if I don't have the materials by January 3, we'll have a subpoena with a response date of January 4 followed promptly by an action to enforce.

On January 8, 2020, Auditor Sand served a subpoena on the Agency requesting thirteen categories of documents related to the transaction be provided to his office by January 22 as part of what he claimed was an audit. According to the subpoena, information received pursuant to it would be maintained as confidential under Iowa Code section 11.42. On January 14, the Agency acknowledged service of the subpoena. On January 21, Auditor Sand and representatives from the Agency discussed the subpoena on a phone call. Auditor Sand claims he agreed to rolling production of items that would take time to collect, but reasserted that the items requested via email on December 12, 2019, needed to be produced the following day. In a letter dated January 22, 2020, the Agency pointed Auditor Sand to publicly available resources for some of the subpoena requests. For the remaining subpoena requests, including the items requested on December 12, 2019, the Agency stated the Institution would work to provide available information once the transaction reached financial close.

On February 3, 2020, twenty days after the subpoena was acknowledged by the Agency, Auditor Sand filed an application with the district court, asking it to enforce the subpoena served on January 8. On February 13, the district court issued a ruling enforcing the subpoena and ordering all requested materials to be produced by February 17 at 5:00 p.m. The Agency submitted a motion to reconsider and to stay the order, claiming the original notice of application for enforcement of subpoena stated they had twenty days after service of the notice to file a motion or answer in response to the application. Thus, the Agency argued the deadline was February 25 based on the date service was accepted. It then filed a response to the application for enforcement of subpoena and a motion to quash arguing that Auditor Sand was not authorized to issue the subpoena because he was not engaged in an authorized audit, he subpoenaed the wrong party by subpoenaing the Agency rather than the Institution, and the subpoena was unduly burdensome.

The district court stayed its order. On February 28, the district court held a hearing in which the Agency's counsel conceded at the hearing that chapter 11 grants the auditor of state "broad scope and broad power." However, counsel explained the Agency needed assurance as to whether or not Auditor Sand was engaged in an authorized audit, because of "a legitimate concern with my client that this could be viewed as not being part of an audit or examination and, therefore, we could lose confidentiality if we turn it over." Thus, the question before the district court was whether the requests and subpoena were part of an audit. The Agency was also concerned Auditor Sand would jeopardize the transaction by publicizing confidential information.

Following the hearing, the district court entered an order sustaining the subpoena. The district court's order provides, in relevant part:

The [Agency] asserts that the Auditor's request is not part of a formal audit or examination because the request came prior to the entrance conference for the FY 2020 audit, and because the Auditor never specifically mentioned the 2020 audit when making his initial request for documents. The [Agency] concedes, however, that the Auditor would have the authority to audit the [transaction] specifically. The [Agency] also concedes that if the Auditor made his request after the entrance examination, the Board would produce the requested documents and would not be asking to quash the subpoena. Both parties agree that members of the auditor's staff reside in [the location of the Institution], working on the [Institution's] audit year round, receiving a rolling production of documents relating to the audit. Under these facts, the court finds that the Auditor's request, and subsequent subpoena, was made as a part of the authorized FY 2020 audit. According[ly], the court also finds that any documents produced by the [Agency] or the [Institution] must be protected by the confidentiality requirements of Chapter 11.

The district court limited its order to enforce production only of documents actually in the possession of the [Agency]. Defendants, John Doe in his official capacity and the Agency, filed the present appeal and have not yet produced the documents Auditor Sand initially requested on December 12, 2019.

II. Standard of Review.

We review a district court's order enforcing an agency's subpoena for abuse of discretion. State ex rel. Miller v. Publishers Clearing House, Inc. , 633 N.W.2d 732, 736 (Iowa 2001) (en banc); Citizens’ Aide/Ombudsman v. Grossheim , 498 N.W.2d 405, 407 (Iowa 1993). We review a district court's ruling on statutory construction for correction of errors at law. Iowa Individual Health Benefit Reins. Ass'n v. State Univ. of Iowa , 876 N.W.2d 800, 804 (Iowa 2016).

III. Analysis.

As a preliminary matter, we must first address whether Iowa Code section 679A.19 (2020), which mandates arbitration between certain governmental agencies, applies to the present case. For the reasons discussed below, we conclude section 679A.19 does not apply.

A. Iowa Code Section 679A.19. First, we must decide whether Iowa Code section 679A.19 applies to the present controversy. Iowa Code section 679A.19 provides,

Any litigation between administrative departments, commissions or boards of the state government is prohibited. All disputes between said governmental agencies shall be submitted to a board of arbitration of three members to be composed of two members to be appointed by the departments involved in the dispute and a third member to be appointed by the governor. The decision of the board shall be final.

The purpose of the statute is to reduce taxpayers’ cost of resolving disputes between two state agencies. Individual Health Benefit Reins. Ass'n , 876 N.W.2d at 811. Section 679A.19 only applies to administrative departments, commissions, and boards of state government. Id. at 809–10. In this case, litigation is between a state agency and the auditor of state.

In State ex rel. Turner v. Iowa State Highway Commission , we determined the office of attorney general does not fall within section 679A.19 ’s provisions because the attorney general is a constitutional officer. 186 N.W.2d 141, 145 (Iowa 1971), abrogated on other grounds by Rants v. Vilsack , 684 N.W.2d 193 (Iowa 2004). In doing so, we explained, "[I]n our judgment, the Legislature did not contemplate in the enactment of [ section 679A.19 ], that executive officers should come within the proscription of the section." Id. That same reasoning applies here to Auditor Sand as a constitutional officer. See Iowa Const. art. IV, § 22 ("A secretary of state, an auditor of state and a treasurer of state shall be elected by the qualified electors ...."); Iowa Admin. Code r. 81–25.1 (2020) ("The auditor of state is a constitutional officer of the state of Iowa ....").

Moreover, the Iowa Code differentiates "constitutional offices" from "departments." Compare Iowa Code § 7E.2(1) ("The elective constitutional and statutory officers who do not head operating departments each head a staff to be termed the ‘office ’ of the respective elective officer"), with id. § 7E.2(2) ("The principal administrative unit of the executive branch is a ‘department ’ and there may be one or more ‘independent agencies. ’ "). If the legislature intended for "offices" to be included within the provisions of section 679A.19, it presumably would have done so, as it has done in other statutes. See, e.g. , id. § 19B.1(2) (" ‘State agency ’ means an office, bureau, division, department, board, or commission in the executive branch of state government."); id. § 8G.3(1) (" ‘Agency ’ means a state department, office, board, commission, bureau, division, institution, or public institution of higher education."); id. § 17A.2(1) (" ‘Agency ’ means each board, commission, department, officer or other administrative office or unit of the state.").

Furthermore, the auditor of state is given express statutory authority to issue subpoenas and apply to the district court to enforce them. Iowa Code section 11.51 provides,

The auditor of state shall, in all matters pertaining to an authorized audit or examination, have power to issue subpoenas of all kinds, administer oaths and examine witnesses, either orally or in writing, and the expense attending the same, including the expense of taking oral examinations, shall be paid as other expenses of the auditor.

Iowa Code section 11.52 gives the auditor of state's subpoena power teeth by providing,

In case any witness duly subpoenaed refuses to attend, or refuses to produce documents, books, and papers, or attends and refuses to make oath or affirmation, or, being sworn or affirmed, refuses to testify, the auditor of state or the auditor's designee may apply to the district court, or any judge of said district having jurisdiction thereof, for the enforcement of attendance and answers to questions as provided by law in the matter of taking depositions.

Based on the specific grant of authority in section 11.52 for the auditor of state to apply to a district court to enforce a subpoena and the auditor of state's designation as a constitutional officer, we conclude section 679A.19 is not applicable to the present controversy.

B. Iowa Code Chapter 11. Next, we must determine whether the district court abused its discretion in granting Auditor Sand's motion to enforce the subpoena. A district court will grant a motion to enforce an agency's subpoena if the subpoena is: "(1) within the statutory authority of the agency, (2) reasonably specific, (3) not unduly burdensome, and (4) reasonably relevant to the matters under investigation." Grossheim , 498 N.W.2d at 406 (quoting Iowa City Hum. Rts. Comm'n v. Roadway Express, Inc. , 397 N.W.2d 508, 510 (Iowa 1986) ). The Agency only challenges the first factor on appeal, arguing Auditor Sand was not actually engaged in an audit when he issued the subpoena because the transaction was not yet complete. For the reasons discussed below, we affirm the district court's order to enforce the subpoena.

Iowa Code section 11.2(1) provides, "The auditor of state shall annually, and more often if deemed necessary, audit the state and all state officers and departments receiving or expending state funds ...." The Iowa Code grants the auditor of state broad access to all information when conducting an audit, as the statute establishes:

1. The auditor of state, when conducting any audit or examination required or permitted by this chapter, shall at all times have access to all information, records, instrumentalities, and properties used in the performance of the audited or examined entities’ statutory duties or contractual responsibilities. All audited or examined entities shall cooperate with the auditor of state in the performance of the audit or examination and make available the information, records, instrumentalities, and properties upon the request of the auditor of state.

2. Auditors shall have the right while conducting audits or examinations to have full access to all papers, books, records, and documents of any officers or employees ....

3. If the information, records, instrumentalities, and properties sought by the auditor of state are required by law to be kept confidential, the auditor of state shall have access to the information, records, instrumentalities, and properties, but shall maintain the confidentiality of all such information and is subject to the same penalties as the lawful custodian of the information for dissemination of the information. However, the auditor of state shall not have access to the income tax returns of individuals.

Id. § 11.41. Additionally, the auditor of state has the power to issue subpoenas "in all matters pertaining to an authorized audit or examination" and apply to the district court for enforcement. Id. §§ 11.51–.52.

Chapter 11 does not define the term "audit." We have described an audit as "a snapshot of a client's financial condition at a given time." Eldred v. McGladrey, Hendrickson & Pullen , 468 N.W.2d 218, 220–21 (Iowa 1991). The district court looked to Black's Law Dictionary's definition of an audit, which defines it as "[a] formal examination of an individual's or organization's accounting records, financial situation, or compliance with some other set of standards." Audit , Black's Law Dictionary (11th ed. 2019). Chapter 11 defines an "examination" as "procedures that are less in scope than an audit but which are directed toward reviewing financial activities and compliance with legal requirements." Iowa Code § 11.1(b ). Therefore, we know an audit is greater in scope than an examination.

We can gain further insight on what an audit entails by looking at the auditor of state's reporting requirements. The auditor of state is required to make and file a report of all audits and examinations. Id. § 11.4. The report shall include, if applicable:

a. The financial condition of the state or department.

b. Whether, in the auditor's opinion,

(1) Funds have been expended for the purpose for which appropriated.

(2) The department so audited or examined is efficiently conducted, and if the maximum results for the money expended are obtained.

(3) The work of the departments so audited or examined needlessly conflicts with or duplicates the work done by any other department.

c. All illegal or unbusinesslike practices.

d. Any recommendations for greater simplicity, accuracy, efficiency, or economy in the operation of the business of the several departments and institutions.

e. Any other information which, in the auditor's judgment, may be of value.

Id. § 11.4(1). Chapter 11 additionally mandates the auditor of state's reports "make recommendations as may be deemed of advantage and to the best interests of the taxpayers of the state." Id. § 11.28.

There is also a question as to whether an audit may be conducted on a transaction prior to its financial close. The Agency claims Auditor Sand's request threatened to upend the transaction at the final hour. However, accountants have been chastised for failing to ensure the legality of transactions, and the public tends to blame the auditor of state for negative consequences resulting from a business failure. See, e.g. , Lincoln Sav. & Loan Ass'n v. Wall , 743 F. Supp. 901, 920 (D.D.C. 1990) (finding a savings and loan institution entered into multiple improper transactions, thus asking, "[w]here also were the outside accountants and attorneys when these transactions were effectuated?"); Eldred , 468 N.W.2d at 221.

The Government Auditing Standards outline various forward-looking objectives an audit may have, such as "prospective analysis audit objectives" which "provide analysis or conclusions about information that is based on assumptions about events that may occur in the future, along with possible actions that the entity may take in response to the future events." U.S. Gov't Accountability Off., GAO–18–568G, Government Auditing Standards 12 (2018), https://www.gao.gov/assets/files.gao.gov/assets/gao-18-568g.pdf [https://perma.cc/JU56-7ZP8] [hereinafter Government Auditing Standards ]. An auditor may base conclusions on:

a. current and projected trends and future potential impact on government programs and services and their implications for program or policy alternatives;

b. program or policy alternatives, including forecasting program outcomes under various assumptions;

c. policy or legislative proposals, including advantages, disadvantages, and analysis of stakeholder views;

d. prospective information prepared by management;

e. budgets and forecasts that are based on (1) assumptions about expected future events and (2) stakeholders’ and management's expected reaction to those future events; and

f. management's assumptions on which prospective information is based.

Id. at 14. Compliance objectives include analyzing whether "incurred or proposed costs are in compliance with applicable laws, regulations, contracts, or grant agreements." Id.

Auditor Sand argues bid testing and conflict-of-interest testing are normal parts of an audit and allowed under section 11.4. See Iowa Code § 11.4 (requiring an audit report to include "all illegal or unbusinesslike practices," whether the work of the auditee is "efficiently conducted" or "needlessly conflicts with or duplicates the work done by any other department," and "[a]ny other information which, in the auditor's judgment, may be of value"). At the hearing, Auditor Sand argued that he has performed a similar audit on an Institution transaction prior to financial close, which resulted in a one-page report stating that the transaction was reviewed, appears to comply with the law, and is in the best interests of Iowa taxpayers.

Auditor Sand further asserts the fact that the transaction creates a huge financial liability for the Institution and taxpayers makes it worthy of scrutiny prior to financial close. Although the auditor of state's office has staff working in the Institution's city on the Institution year-round, Auditor Sand claims a lack of scrutiny of the Institution's transaction could be perceived as a failure to do his job. This would be especially true in light of the one-on-one meeting the defendants initiated regarding the multi-billion dollar transaction. Furthermore, the Institution had publicly posted that approximately 21.5% of the investors in the transaction were Iowa-based, thus reasonably leading to the inference that the investors had been chosen and conflict-of-interest testing was appropriate. Auditor Sand asserts he has the authority to audit an agency transaction prior to financial close. "When an agency or state officer is charged with the responsibility of implementing a statute and has interpreted a statute in a particular way, that interpretation is entitled to considerable weight ...." Hennessey v. Cedar Rapids Cmty. Sch. Dist. , 375 N.W.2d 270, 273 (Iowa 1985) (giving official interpretation of a statute by the auditor of state weight at least comparable to that given to state agencies). See generally Hawkeye Land Co. v. Iowa Utils. Bd. , 847 N.W.2d 199 (Iowa 2014) (discussing analysis for determining interpretive authority of an agency).

The Agency argues we must demand a clear beginning and end to a Chapter 11 audit to ensure compliance with section 11.41 ’s confidentiality provision. Section 11.41 gives the auditor of state, when conducting an audit, access to information the law requires to be kept confidential and requires the auditor of state to maintain its confidentiality until a report is issued. Iowa Code § 11.41 ; see also id. § 11.42 (requiring information received in the course of an audit to be kept confidential until completion of the audit and issuance of a report). The auditor of state may be subject to penalties if confidential information is redisseminated. Id. § 11.41. Auditor Sand concedes not every action he takes is considered part of an audit. However, when the auditor of state serves a subpoena on a state agency that provides it is requesting information "relative to an audit," the confidentiality provisions of sections 11.41 and 11.42 apply.

We agree with the Agency that the initial email request from Auditor Sand to Agency and Institution representatives was not an audit. The Agency had a reasonable concern about whether the confidentiality provisions of chapter 11 would apply. The initial emails were casual ("Please call me Rob") and could be construed as requests for follow-up information from the meeting rather than formal demands for documents as part of an audit. Audits generally require specific objectives and identified standards against which the objectives are measured. See, e.g. , Government Auditing Standards , at 7 ("All GAGAS engagements begin with objectives, and those objectives determine the type of engagement to be conducted and the applicable standards to be followed."). That does not mean the auditor of state is necessarily required to provide a formal engagement letter identifying those objectives and standards to initiate an audit, as suggested by the Agency.

We need not decide the exact moment the request for information turned into an audit. However, it certainly happened by the time a subpoena was served on the Agency. Furthermore, we need not determine whether or not the subpoena was served as part of the fiscal year 2020 audit of the Institution. Iowa Code section 11.2 directs the auditor of state to conduct an audit of the Agency "annually, and more often if deemed necessary," clearly placing the determination of when additional audits are necessary with the auditor of state. The subpoena stated it was served as part of an audit and the confidentiality provisions of chapter 11 would attach. At that point, it is clear that Auditor Sand had determined an audit was necessary, and any confidentiality concerns of the Agency would have been misplaced. Despite the Agency's concern that Auditor Sand could have jeopardized the transaction by publicizing confidential information, section 11.42 permits him to put confidential information in his postaudit public report.

The Agency also argues the district court's finding that Auditor Sand was engaged in an audit renders the qualifying language in Iowa Code section 11.51 meaningless. Under section 11.51, the auditor of state is empowered to "issue subpoenas of all kinds" when engaged in "an authorized audit or examination." Id. The Agency argues the confidentiality provisions in sections 11.41(3) ⁴ and 11.42 ⁵ are not triggered unless the auditor of state is engaged in an "authorized" audit. The auditor of state is not empowered to audit every entity. For example, the auditor of state cannot audit a private entity that receives no public funds. See id. § 11.24(3) (granting the auditor of state the ability to review private entities that receive public funds in certain circumstances). To do so would be an unauthorized audit. Additionally, the auditor of state is not always authorized to audit local governments. See id. § 11.6 (providing that local governments may hire a private certified public accountant to perform their required annual audits). Thus, a private entity receiving no public funds and a local government that hires a private certified public accountant to perform its audit are not subject to the auditor of state's subpoena power because the auditor of state would not be engaged in an authorized audit.

4 If the information, records, instrumentalities, and properties sought by the auditor of state are required by law to be kept confidential, the auditor of state ... shall maintain the confidentiality of all such information and is subject to the same penalties as the lawful custodian of the information for dissemination of the information.
Iowa Code § 11.41(3).

5 "[I]nformation received during the course of any audit or examination, including allegations of misconduct or noncompliance, and all audit or examination work papers shall be maintained as confidential." Iowa Code § 11.42(1). The auditor of state may disclose confidential information as necessary to complete the audit and, to the extent he or she is required by law, to report the information or testify in court. Id. § 11.42. However, once the audit is complete a report must be prepared and all the information in the report becomes public information. Id.

This is not the case for the Agency, as the law establishes "[t]he auditor of state shall annually, and more often if deemed necessary, audit the state and all state officers and departments receiving or expending state funds." Id. § 11.2. Here, Auditor Sand served a subpoena as part of an audit on a state agency he is authorized to audit as often as deemed necessary. For these reasons, we conclude the district court's determination that Auditor Sand was engaged in an authorized audit does not render the term "authorized" meaningless in section 11.51.

We also reject the Agency's claim that the district court abused its discretion by relying in part on its concession that Auditor Sand has authority to audit the transaction specifically or as a performance audit. It claims the concession is irrelevant because Auditor Sand requested the documents as part of a financial audit in his emails. The district court reasonably considered the concession in its order because it shows the Agency is not objecting to the relevancy of the audit—only to the form and timing of the requests.

Auditor Sand asserts the distinctions between a performance audit and financial audit are fluid. For example, staff in the financial audit division may work on a performance engagement and vice versa. Government Auditing Standards likewise separate financial audits from performance audits and explain "some engagements may have objectives that could be met using more than one approach." Government Auditing Standards , at 7. According to the standards, a financial audit will include reports on internal control over financial reporting and compliance with laws, regulations, and contracts. Id. at 8. Reports on internal control and legal compliance are key categories of a performance audit as well. Id. at 11. Consequently, the district court did not abuse its discretion in relying in part on the Agency's concession Auditor Sand is authorized to conduct a performance audit when enforcing the subpoena.

Lastly, we address the Agency's claim that the district court determined year-round presence of the auditor of state's staff is evidence that the auditor of state is effectively always engaged in the annual financial audit of the Institution. This misconstrues the district court's order. The district court's order did not conclude every action the auditor of state takes is considered part of the financial audit. Rather, the district court determined the subpoena was part of an authorized audit. Consequently, the district court did not abuse its discretion in considering this fact when enforcing the subpoena.

IV. Conclusion.

For these reasons, we affirm the district court's order to enforce the subpoena.

AFFIRMED.

Appel, McDonald, Oxley, and McDermott, JJ., join this opinion. Mansfield, J., files a special concurrence in which Waterman, J., joins.

MANSFIELD, Justice (specially concurring). I specially concur. I join in division III.A of the court's opinion. As to division III.B, I concur as to result only because I have a narrower view of the Iowa State Auditor's authority than the majority does.

The State Auditor claims to have sweeping authority to gather confidential information. Give us the information we ask for first ; then we'll connect it to an audit. The State Auditor's counsel described this two-step process to the district court as follows:

[F]or State agencies, the auditor is supposed to have access to all information at all times.

....

An audit begins with requests for information. And from there, the auditors determine where ... we need to go[.]

At oral argument in this case, the State Auditor denied there were any legal limits on his ability to obtain documents in the possession of a state employee (other than individual income tax returns). Thus, for example, health care records at the University of Iowa Hospitals & Clinics, student academic records at Iowa State University, and faculty research files at the University of Northern Iowa would all be fair game. So would confidential security information in the possession of the Iowa Department of Public Safety or the Iowa Department of Homeland Security and Emergency Management. In sum, any request for documents in the custody of a state employee must be granted, because the document request is the commencement of the audit.

This approach reverses the proper order set forth in Iowa Code chapter 11. The State Auditor is authorized to conduct audits and examinations. See Iowa Code § 11.2 (2020). And, while conducting such audits or examinations , the State Auditor shall have full access to information. Id. § 11.41. In other words, the existence of an authorized audit or examination entitles the State Auditor to have access to information; the State Auditor does not get to make free-standing requests for information which, ipso facto , create an audit. The job is auditor, not "investigator."⁶

6 See Oriana House, Inc. v. Montgomery , 108 Ohio St.3d 419, 424-25, 844 N.E.2d 323, 328 (2006) (explaining that under Ohio law, the state auditor's subpoena power is limited by the words "in the performance of any audit"); see also Iowa Code § 11.51 (providing that the State Auditor "in all matters pertaining to an authorized audit or examination" shall have "power to issue subpoenas of all kinds").

Iowa has other officials to perform investigations: law enforcement agencies to conduct criminal investigations, and the 150 members of the general assembly and their staff to investigate policy decisions made by state entities. Iowa also has a state ombudsman to investigate "any administrative action of any agency." Id. § 2C.9(1). An administrative action "means any policy or action taken by an agency or failure to act pursuant to law." Id. § 2C.1(1).

What our state would otherwise lack is a centralized auditing office, i.e., a counterpart to the federal U.S. Government Accountability Office. That is the role of the State Auditor.

An audit begins with objectives. See U.S. Gov't Accountability Off., GAO–18–568G, Government Auditing Standards 7 (2018) [hereinafter Government Auditing Standards ] ("All GAGAS engagements begin with objectives, and those objectives determine the type of engagement to be conducted and the applicable standards to be followed."). An audit generally looks at what has already happened. See Op. Iowa Att'y Gen. No. 92–6–3(L) (June 3, 1992), 1992 WL 470358, at *2 ("[W]e find the dictionary definition of the word ‘audit’ is ‘a formal or official examination of an account book.’ " (quoting Webster's Seventh New Collegiate Dictionary 58 (1967))). One typically does not "audit" a transaction that has not yet occurred with the possible goal of blocking that transaction.

The Government Auditing Standards likewise make clear the essentially backward-looking nature of government audits. See Government Auditing Standards , at 7–9, 11–15 (describing financial audits and performance audits). As noted by the majority, one type of performance audit may have "prospective analysis" as an objective. Id. at 12. Objectives of a prospective analysis include forecasting how future events will impact government programs and budgets, evaluating management's own forecasts, and weighing "program or policy alternatives" and "policy or legislative proposals, including advantages, disadvantages, and analysis of stakeholder views." Id. at 14. Thus, prospective analysis falls into two categories: (1) forecasting and (2) evaluating policy alternatives or proposals. But the State Auditor does not contend he was doing either of these things. He wasn't forecasting and he wasn't evaluating a proposal, but instead was probing for information on a pending transaction that hadn't happened yet.

Iowa Code section 11.5B further supports the notion that "audit" is supposed to have a circumscribed meaning. This section provides that as to many agencies, including the one involved in this case, the State Auditor "shall be reimbursed ... for performing audits or examinations." Iowa Code § 11.5B. This charge-back provision is logical if we read these terms in their traditional accounting sense. It is reasonable for regular, formal reviews of an agency (or more limited versions of the same) to be charged to the agency's budget as part of the regular cost of doing business. But it would be disconcerting to an agency if it could be forced after the fact to pay for the costs of another office's ad hoc investigations that it had no way to anticipate and budget for.

The most significant error the court makes is when it selectively quotes from a 1985 decision to support the position that this court will defer to the State Auditor's view of his own audit authority. In Hennessey v. Cedar Rapids Community School District , we said,

When an agency or state officer is charged with the responsibility of implementing a statute and has interpreted a statute in a particular way, that interpretation is entitled to considerable weight, especially if it is of long standing, without legislative intervention.

375 N.W.2d 270, 273 (Iowa 1985). The court lops off the last part of this statement so it reads instead, "When an agency or state officer is charged with the responsibility of implementing a statute and has interpreted a statute in a particular way, that interpretation is entitled to considerable weight." In any event, the issue in Hennessey was a technical point of government accounting, not the fundamental question of the State Auditor's overall authority.

Since Renda v. Iowa Civil Rights Commission , we have generally not deferred to an agency or officer's view of their own authority. 784 N.W.2d 8, 10–11 (Iowa 2010) ; see also City of Des Moines v. Iowa Dep't of Transp. , 911 N.W.2d 431, 439 (Iowa 2018) ("[W]e are not persuaded here that the legislature clearly vested the IDOT with interpretive authority to determine its own authority."). I would not defer to the State Auditor's view of his audit authority any more than I would defer to the Governor's view of her executive authority. If the intra-governmental controversy is justiciable, it is our job to resolve it without deference to either side.

All this being said, I too would affirm the order enforcing the State Auditor's subpoena. I would do so for the following three reasons.

First, in early December 2019, the agency reached out to the State Auditor, made a presentation on the prospective transaction to him, and offered to provide additional information if requested. Thus, the agency arguably initiated an audit process on its own for the transaction.

Second, given the size and scope of the transaction, an audit of the transaction for bid-testing and conflict-of-interest purposes would have been warranted. In this special case, in light of the size and scope of the transaction, a preclosing audit would be appropriate. The taxpayers of Iowa, who bear the ultimate financial risk for this transaction, are entitled to know if the agency got the best deal available and if anyone had a conflict of interest. Many of the items in the subpoena are pertinent to these subjects.

Third, although the subpoena appears to me to be somewhat broader and more burdensome than necessary for these purposes, the agency made no effort to challenge specific subpoena items. Instead, it asked the district court for an all-or-nothing ruling. So, while the State Auditor's subpoena reads more like a litigation subpoena than something a CPA might prepare, that is not a reason to disturb the district court's order.

* * *

The government in our state possesses considerable power. Take the judicial branch. Our court has the "power to issue all writs and process necessary to secure justice to parties." Iowa Const. art. V, § 4. We are "conservators of the peace throughout the state." Id. § 7. But all of that power can be wielded only when we are carrying out a traditional judicial role. We do not get to tell officials what to do unless we are deciding an actual court case.

So too with the State Auditor. He has great power to obtain essentially any document in the hands of a state employee except an individual tax return. See Iowa Code § 11.41. But that power is regulated; it can only be exercised in the context of a bona fide audit or examination. Id. ⁷

7 Iowa has not adopted a statute as in Massachusetts that requires privatization contracts to be submitted to the state auditor for advance review and an opportunity to object. See Mass. Gen. Laws Ann. ch. 7 §§ 52 –55 (West, Westlaw current through chapter 3 of 2021 1st Ann. Sess.).

For these reasons, I specially concur.

Waterman, J., joins this special concurrence.