This audit evaluated the policies and procedures of the University of North Carolina General Administration (UNC-GA) that govern the IT hosting services it provides to six university campuses to operate their financial systems. Auditors found that UNC-GA has not defined and communicated key security and availability standards, creating an environment where hosting services may not meet the business requirements of the universities served. UNC-GA has also not clearly defined responsibilities related to long-term preservation of data, creating an elevated risk of losing historical student and financial data. Items regarding access controls, due to their sensitivity, were reported to the UNC-GA by separate letter and should be kept confidential as provided in North Carolina G.S. 132-6.1(c). UNC-GA agreed with our recommendations. Details about each item are provided in the Findings and Recommendations section of the report.