ISA-2020-6010

The purpose of this audit was to determine if the University of North Carolina (UNC) System Office developed and issued information technology (IT) guidance in accordance with the UNC Policy Manual. In 2018, the UNC Board of Governors adopted three IT policies to create consistent standards for IT practices among the UNC System Office and constituent institutions. These policies were related to Information Security, IT Governance, and User Identity and Access Control. The results of our audit identified a deficiency over developing and issuing guidance for IT governance that is considered reportable under Government Auditing Standards. Specifically, the UNC System Office has not fully developed and issued guidance for IT governance. Details about this deficiency are provided in the Findings and Recommendations section of the report.