Section 25-43-1004 - Office of Internal Audit - Audits and duties - Definitions(a) The Office of Internal Audit is created within the Department of Inspector General.(b) As used in this section, "covered entities" means a department, agency, board, commission, division, institution, or other office of the state government located in the executive branch.(c) The Office of Internal Audit may audit and investigate covered entities or transactions of covered entities, and provide consultation activities at the request of covered entities.(d) Unless otherwise subject to audits by statutes, this subchapter does not apply to: (1) Members of the General Assembly;(2) Employees of the legislative branch;(3) Justices of the Supreme Court, judges of the Court of Appeals, or judges of inferior courts;(4) Employees of the judicial branch of the state government;(5) Constitutional offices or departments and employees of constitutional offices or departments; or(6) State-supported colleges and universities and employees of state-supported colleges and universities.(e) The Office of Internal Audit may:(1) Audit: (A) The financial and operating controls and the transactions of covered entities to determine the level of conformity with established laws, standards, rules, and procedures; and(B) The various functions within covered entities to appraise the efficiency and economy of operations and the effectiveness with which the functions achieve operational, reporting, and compliance objectives, including without limitation a review of established internal control activities;(2) Investigate reported or identified occurrences of fraud, embezzlement, theft, waste, abuse, or mismanagement of state resources;(3) Consult with covered entities to:(A) Resolve areas of concern; and(B) Establish appropriate internal controls to prevent errors or irregularities;(4) Coordinate control self-assessments of covered entities biennially;(5)(A) Conduct an annual project review and efficiency study of the Arkansas Department of Transportation, including without limitation a review of processes, procedures, procurement, projects, appeals, and expenditures.(B) The results of the study under subdivision (e)(5)(A) of this section shall be reported to the Legislative Council no later than October 1 of each year with the first report to be submitted on or before October 1, 2023; and(6) Perform other functions consistent with this section as directed by the Governor or Secretary of the Department of Inspector General.(f)(1) An audit by the Office of Internal Audit means an engagement in which evidence is assessed to provide opinions or conclusions regarding the operations, functions, processes, systems, or other subject matter of covered entities.(2) The Office of Internal Audit may provide audits such as performance auditing, operation auditing, investigations, and management requested audits.(3) The Office of Internal Audit shall determine the nature and scope of the audit.(4) An official written report is required at the completion of each audit or investigation performed by the Office of Internal Audit.(5) When a written report is prepared by the Office of Internal Audit at the conclusion of the audit or investigation, the written report shall be distributed to:(A) The Secretary of the Department of Inspector General;(B) The Governor's office;(C) Arkansas Legislative Audit;(D) The covered entity; and(E) Other appropriate parties as determined by the Office of Internal Audit.(g)(1) The Office of Internal Audit may perform consulting services that are advisory in nature and generally performed at the specific request of a covered entity, including without limitation system design, analysis of internal control or business process design, counsel, advice, facilitation, training, and participation on committees.(2) Communications relating to consulting services may be determined by the engagement client in the form of oral discussions, memorandums, letters, or a written report as needed.(h)(1) The Office of Internal Audit shall not be assigned duties or engage in any activities that the Office of Internal Audit would not normally be expected to audit.(2) The Office of Internal Audit shall adhere to the International Professional Practices Framework of the Institute of Internal Auditors and the Implementation Guides, Practice Guides, and Position Papers of the Institute of Internal Auditors.(i)(1) A covered entity shall cooperate fully with the Office of Internal Audit.(2) The Office of Internal Audit, with strict accountability for confidentiality and safeguarding records and information, may have full, free, and unrestricted access to all records, physical properties, and personnel of covered entities.(3) The Office of Internal Audit shall have access to all records, information, electronic or written data, reports, plans, projections, matters, contracts, memoranda, correspondence, and any other materials of a covered entity and shall be deemed to be an authorized representative and agent of each covered entity for the purposes of: (A) Examining and investigating the records of all contractors, subcontractors, grantees, or subgrantees of covered agencies, that relate to contracts, subcontracts, grants, or subgrants with covered entities; and(B) Obtaining access to any records of a covered entity or current or former employee of a covered entity in the possession of a third party, including without limitation bank account records, when those records are related to an ongoing investigation or audit.(j)(1) In the performance of the Office of Internal Audit's duties, the Office of Internal Audit may ascertain, inspect, confirm, copy, audit, and examine any financial records, documents, electronic data, or accounts of any financial institution, business, or nonprofit entity or any other person or entity regarding transactions or relationships with a covered entity.(2) A financial institution, business, nonprofit entity, or any other person or entity is not liable for making available to the Office of Internal Audit any of the information required under this section.(3) Records that are exempt from public disclosure of the entity's custodian are exempt from public disclosure of the Office of Internal Audit.(k)(1) In connection with an audit or investigation of any covered state entity or an audit related to any transactions or relationships with covered entities, the Office of Internal Audit may issue a subpoena for records or issue a summons and subpoena to any person whose testimony may be deemed necessary to appear before the Office of Internal Audit at a time and place and with papers, files, and records named in the summons or subpoena.(2) In conducting any audit or examination, the Office of Internal Audit may administer oaths.(3) The subpoena under subdivision (k)(1) of this section may be served by certified mail, return receipt requested, at the addressee's residence or business address or in person, by: (A) Representatives of the Office of Internal Audit;(B) The sheriff of the county in which the person, books, records, or documents subpoenaed are located; or(C) The Division of Arkansas State Police.(4) A sheriff serving a subpoena under subdivision (k)(3) of this section may receive the same fees for the service of process as provided by law for service of process issued by the circuit court.(l)(1) If a person refuses to obey a subpoena issued by the Office of Internal Audit, upon application by the Office of Internal Audit, the circuit court of the county in which the Office of Internal Audit is domiciled may issue an order to the person requiring the person to appear before the court to show cause as to why an order shall not be issued ordering such person to obey the subpoena, and the person may be adjudged in contempt of court.(2) If a person placed under oath or subpoenaed by the Office of Internal Audit knowingly gives false testimony that is material to an audit, that person shall be deemed guilty of perjury upon conviction by a court of competent jurisdiction.(m)(1) Except as provided in subdivision (m)(2) of this section, all internal audit documentation, including notes, memoranda, preliminary drafts of audit reports, and other data gathered in the preparation of internal audit reports by the Office of Internal Audit, are privileged and confidential and are exempt from the Freedom of Information Act of 1967, § 25-19-101 et seq.(2)(A) The exemption from the Freedom of Information Act of 1967, § 25-19-101 et seq., granted to the privileged and confidential materials described in subdivision (m)(1) of this section does not apply to completed internal audits of the Office of Internal Audit after a final report of the internal audit has been presented to: (i) The Secretary of the Department of Inspector General;(ii) The Governor or the Governor's designee;(iii) Arkansas Legislative Audit; and(B) The final report and copies of any supporting documentation are open to public inspection and copying, except for documents that are exempt from disclosure under other law, unsubstantiated allegations, or information included in control self-assessments.(n)(1) This section does not authorize the Office of Internal Audit to subpoena, compel the production of, or otherwise obtain any records or documents in the possession of Arkansas Legislative Audit, including without limitation work papers, drafts of reports, supporting documentation, communications with third parties, electronic data, or fraud interviews.(2) The Office of Internal Audit is subject to subpoenas issued by the Legislative Joint Auditing Committee under § 10-3-411 or the Legislative Auditor consistent with § 10-4-421, including all penalties contained in those laws.Added by Act 2021, No. 671,§ 3, eff. 7/28/2021.