A. The appointing authority of each agency that currently performs internal audits shall:
(1) Designate an individual to act as a chief internal auditor;
(2) Implement an effective program of internal audits that includes, as the agency head determines to be necessary, professional and support staff that have the technical proficiency and educational background appropriate for the performance of audits; and
(3) Seek from the Legislature sufficient funding to cover the related costs incurred by the agency in the performance of these duties.
B. The chief internal auditor of an agency shall:
(1) Report directly to the agency head;
(2) Develop an annual audit plan to carry out internal audits;
(3) Provide written policies and procedures to guide the performance of internal audits;
(4) In conjunction with the Committee on Fraud, Waste, and Abuse's biannual self-assessment evaluation, maintain an ongoing internal quality assurance program to evaluate the operation of internal audits;
(5) Prepare internal audit reports that shall:
(a) Be submitted to the Governor and agency head; and
(b) Be available for review, except for any part of a report that is privileged from disclosure under the Public Information Act;
(6) Conduct follow-up reviews of internal audit findings to ascertain that appropriate action has been taken on findings contained in internal audit reports; and
(7) Make available and coordinate a continuing professional education program to ensure that the agency's internal auditors have access to current information concerning internal audit policies, procedures, and techniques and to provide general technical and audit assistance to the agency's internal auditors.
C. Each agency that performs internal audits shall establish a program that is conducted in accordance with internal auditing standards.
D. The chief internal auditor and the internal audit staff, shall:
(1) Subject to the approval of the appointing authority, have access to all personnel and any data, records, and other information of the State agency that the chief internal auditor deems necessary to carry out the internal audit; and
(2) Maintain the confidentiality of any public records that are made confidential by law and be subject to the same penalties as the custodian of the public records for a violation of a confidentiality law applicable to the records.