ISA-2015-6090

This audit was conducted to determine whether information technology controls at North Carolina Central University (NCCU) are adequate pursuant to the common information security framework adopted by the University of North Carolina system campuses. The audit disclosed deficiencies considered reportable under generally accepted government auditing standards. Due to their sensitivity, these items were reported to NCCU by separate letter in accordance with these standards. These items should be kept confidential as provided in North Carolina General Statute 132-6.1(c). Our audit also identified a matter for further consideration, recommending that the University of North Carolina Board of Governors assess the authority given to the University of North Carolina - General Administration for oversight of information technology security at member institutions.