The objective of this information systems audit at the University of North Carolina Chapel Hill (UNC-CH) was to assess the information technology general controls pursuant to the common information security framework adopted by the University of North Carolina system campuses. The audit found security deficiencies considered reportable under generally accepted government auditing standards. These deficiencies are reported to the University by a separate letter in accordance with these standards. These items should be kept confidential as provided by North Carolina General Statute 132-6.1(c). UNC-CH agreed with our findings and recommendations.