North Carolina Statutes

Chapter 18C North Carolina State Lottery

§ 18C-122 Independent audits

(a) At the beginning of each calendar year, the Commission shall engage an independent firm experienced in security procedures, including computer security and systems security, to conduct a comprehensive study and evaluation of all aspects of security in the operation of the Commission and of the Lottery. At a minimum, such a security assessment should include a review of network vulnerability, application vulnerability, application code review, wireless security, security policy and processes, security/privacy program management, technology infrastructure and security controls, security organization and governance, and operational effectiveness.

(b) The portion of the security audit report containing the overall evaluation of the Commission and of lottery games in terms of each aspect of security shall be presented to the Commission, to the Governor, and to the General Assembly.

(c) The portion of the security audit report containing specific recommendations shall be confidential, shall be presented only to the Director and to the Commission, and shall be exempt from Chapter 132 of the General Statutes. The Commission may hear the report of such an audit, discuss, and take action on any recommendations to address that audit under G.S. 143‑318.11(a)(1).

(d) Biennially at the end of the fiscal year, the Commission shall engage an independent auditing firm that has experience in evaluating the operation of lotteries to perform an audit of the Lottery. The results of this audit shall be presented to the Commission, to the Governor, and to the General Assembly. (2005‑344, s. 1; 2005‑276, s. 31.1(i).)

Sections:  Previous  18C-113  18C-114  18C-115  18C-116  18C-117 through 18C-119  18C-120  18C-121  18C-122  18C-123 through 18C-129  18C-130  18C-131  18C-132  18C-133  18C-134  18C-135 through 18C-139  Next