Go to USC home page USC Logo Insert page title here
UNIVERSITY OF SOUTH CAROLINA
Internal Audit Homepage
 |
Audit Charter
Audit Staff
Audit Reports
Conflict of Interest
Flowcharts
  Brochure
 
  Links
 
  Internal Audit Policies
University Policies
 

CONFIDENTIALITY OF INFORMATION

General

The nature of internal audit work requires that, to the extent permitted by law, we have unrestricted access to all sources of information, property, and personnel at the University. Because we often work with sensitive matters or information that is not subject to public disclosure, we must take careful precautions to maintain the confidentiality of these items.

Our correspondence (including audit reports) and working papers are generally classified as public information. We should not include items in our working papers or communications that are protected by privacy laws or that could result in legal liability for the University or the individual who prepared the document.

Information that we obtain and documents that we prepare must not be given to anyone other than individuals within the University who have a need to know or the State Auditor’s staff except with the specific approval of the Director of Internal Audit. Unauthorized disclosure of confidential information from the personnel files can result in disciplinary action.

While we may be compelled to provide copies of items from our working papers, we should refer requests for other information to the office that is responsible for those records, for example, Employee Records is responsible for personnel information. Subpoenas, other court orders, and requests under the Freedom of Information Act, should be referred to the University Counsel.

Confidential Information

Federal and state privacy laws require that many types of information be protected from public disclosure. Penalties range from a possible misdemeanor conviction and fine for the individual who made the disclosure to loss of all funds the University receives from the US Department of Education until we can show voluntarily compliance with privacy laws.

Confidential information includes, but is not limited to:

  • social security number;
  • certain information from an individual’s personnel file;
  • medical records;
  • student records;
  • library users’ records.

We should never include social security numbers in our working papers that leave our possession. If our audit procedures involve the review of confidential records, we should document the results of the review in a way that protects the privacy of the individual involved. For example, when scheduling the results of a review of financial aid or student health records, we should use a code number or initials to identify the records tested.

While we sometimes work with the State Auditor and SLED when conducting misuse reviews, we can not provide them with certain pieces of information without a court order or written consent of the individual involved. University Counsel should approve requests for such information before it can be released.

Sensitive Information

In some projects, we may review information that is not specifically protected by privacy laws but is propriety or sensitive. Examples include records relating to research in process, contract negotiations, employee benefits, or past due accounts. We should handle these items in the same manner as confidential information

[Back to Table of Contents]
RETURN TO TOP
USC LINKS: DIRECTORY MAP EVENTS VIP
SITE INFORMATION
Columbia, SC 29208 • 803-777-2752• Webmaster © University of South Carolina Board of Trustees