BILL ANALYSIS Ó SB 481 Page 1 Date of Hearing: June 17, 2015 ASSEMBLY COMMITTEE ON LOCAL GOVERNMENT Brian Maienschein, Chair SB 481 (Hueso) - As Amended April 8, 2015 SENATE VOTE: 29-0 SUBJECT: Local government: auditors: independence. SUMMARY: Prohibits the general counsel of a local government from having direct oversight over that local government's auditors. Specifically, this bill: 1)Prohibits the general counsel of a city, county, city and county, or district, or the employees of the general counsel from having direct oversight over the city, county, city and county, or district employees that conduct audits or that conduct audit activities of the respective agency. 2)Provides that all city, county, city and county, and district employees that conduct audits or that conduct audit activities of those respective agencies shall not be required to report to the general counsel or any employees of the general SB 481 Page 2 counsel. 3) Provides that no reimbursement is required by this act, pursuant to Section 6 of Article XIIIB of the California Constitution, because the only costs that may be incurred by a local agency or school district will be incurred because this act creates a new crime or infraction, eliminates a crime or infraction,4) or changes the penalty for a crime or infraction, within the meaning of Section 17556 of the Government Code, or changes the definition of a crime within the meaning of Section 6 of Article XIIIB of the California Constitution. EXISTING LAW: 1)Requires all city, county, city and county, and district employees that conduct audits or that conduct audit activities of those respective agencies to conduct their work under the general and specified standards prescribed by the Institute of Internal Auditors or the Government Auditing Standards issued by the Comptroller General of the United States, as appropriate. 2)Enumerates the following general standards for local governments' internal audits and audit activities: a) That auditors should be independent of the activities they audit; SB 481 Page 3 b) That audits should be performed with proficiency and due professional care; c) That the scope of the audit should encompass the examination and evaluation of the adequacy and effectiveness of the organization's system of internal control and the quality of performance in carrying out assigned responsibilities; d) That audit work should include planning the audit, examining and evaluating information, communicating results, and following up; and, e) That the chief auditor should properly manage the auditing department. 3)Provides that nothing in the above provisions is intended to limit the rights or obligations of auditors to conduct audits and audit activities in accordance with other laws and regulations that may apply to a particular entity, as appropriate. 4)Requires, pursuant to the California Public Records Act (CPRA), public records to be open to inspection and gives every person a right to inspect public records, with specific exceptions. SB 481 Page 4 5)Creates an exception for records that are subject to the "attorney client privilege," which allows communications between a public agency and its lawyers to be kept confidential. 6)Establishes requirements for internal auditor operations for state agencies in order to achieve independence and objectivity, as follows: a) For any state agency that does not report to a governing body, the internal auditor operations shall meet all of the following requirements: i) The chief internal auditor shall be accountable to the head or deputy head of the state agency; ii) The chief internal auditor shall report audit findings and recommendations made under his or her jurisdiction to the head or deputy head of the state agency and to the general counsel to the state agency, if applicable; and, iii) The operations shall be organizationally outside the staff or line management function of the unit under audit. SB 481 Page 5 b) For any state agency that is overseen by a governing body, the internal audit operations shall meet all of the following requirements: i) The chief internal auditor shall be accountable to the audit committee of the governing body; ii) The chief internal auditor shall report audit findings and recommendations made under his or her jurisdiction to the audit committee and the general counsel to the governing body; and, iii) The operations shall be organizationally outside the staff or line management function of the unit under audit. FISCAL EFFECT: According to the Senate Appropriations Committee, pursuant to Senate Rule 28.8, negligible state costs. COMMENTS: 1)Bill Summary. This bill prohibits the general counsel of a city, county, or district, or his or her employees, from having direct oversight over those agencies' employees who conduct audits. The bill also specifies that employees of those agencies who conduct audits must not be required to report to the general counsel or any employees of the general counsel. This bill is sponsored by San Diego City Auditor SB 481 Page 6 Eduardo Luna. 2)Author's Statement. According to the author, "SB 481 seeks to ensure transparency of government audit reports and the independence of internal auditors...This bill is a response to an existing practice that limits public access to audit reports. Some organizations require their internal auditors (to) be supervised by their general counsel. This structure, which requires an auditor to regularly report to the general counsel, weakens the independence and transparency of an auditor's work. Such a structure makes it easier for organizations to render a report inaccessible to the public. They can do this by claiming that a particular audit report is a privileged communication between an attorney and client. Once something is deemed a client-privileged communication, the public no longer has access to it. "Audits provide essential accountability and transparency over government programs and it is important that the public has access to them. This bill would address this issue by prohibiting a general counsel from having direct supervision over an auditor and ensure the public's access to these audit reports." 3)Background. Existing law requires city, county and district auditors to conduct their work under standards prescribed by the Institute of Internal Auditors or the Government Auditing Standards issued by the Comptroller General of the United SB 481 Page 7 States. The Institute of Internal Auditors (IIA) is an international professional association that publishes Standards for the Professional Practice of Internal Auditing, also known as the Red Book, for use in all types of organizations where internal auditors are found. The Red Book includes statements of basic requirements for the professional practice of internal auditing and for evaluating the effectiveness of its performance. The requirements are internationally applicable at organizational and individual levels. The United States Government Accountability Office (GAO) is an independent, nonpartisan agency that works for Congress and investigates how the federal government spends taxpayer dollars. The head of the GAO is the Comptroller General of the United States. The GAO publishes Generally Accepted Government Auditing Standards, also known as the Yellow Book, which provide a framework for conducting high quality audits with competence, integrity, objectivity, and independence. The Yellow Book is for use by auditors of government entities, entities that receive government awards, and other audit organizations performing Yellow Book audits. According to the 2011 revision of the Yellow Book, "Government auditing is essential in providing accountability to legislators, oversight bodies, those charged with governance, and the public. Audits provide an independent, objective, nonpartisan assessment of the stewardship, performance, or SB 481 Page 8 cost of government policies, programs, or operations, depending upon the type and scope of the audit." The Yellow Book explains that a government audit organization can be structurally located within or outside the audited entity. "Audit organizations that are external to the audited entity and report to third parties are considered to be external audit organizations. Audit organizations that are accountable to senior management and those charged with governance of the audited entity, and do not generally issue their reports to third parties external to the audited entity, are considered internal audit organizations." However, "Some government audit organizations represent a unique hybrid of external auditing and internal auditing in their oversight role for the entities they audit. These audit organizations have external reporting requirements consistent with the reporting requirements for external auditors while at the same time being part of their respective agencies. These audit organizations often have a dual reporting responsibility to their legislative body as well as to the agency head and management." Neither the Red Book nor the Yellow Book prohibits audits from being reported to a general counsel. SB 481 Page 9 4)California Public Records Act. The CPRA requires public records to be open to inspection during office hours and gives every person a right to inspect public records, with specific exceptions. One exception to the CPRA's disclosure requirements applies to records that are subject to the "attorney client privilege," which allows communications between a public agency and its lawyers to be kept confidential. Generally, the final reports of local agencies' internal audits are public records that are open to inspection, pursuant to the CPRA. 5)Independence for Auditors. SB 1452 (Speier), Chapter 452, Statutes of 2006, enacted a number of provisions to update auditing standards for local and state auditors, and to ensure the independence of internal auditors for state agencies specifically. SB 1452 was the result of hearings by the Senate Select Committee on Government Cost Control, which found evidence that auditors for the Department of Corrections and Rehabilitation were pressured to overlook certain expenditures, or that their findings were dismissed or eliminated from the Department's final report. Provisions of SB 1452 protecting internal auditors of state agencies included the following requirements: a) For state agencies that don't report to a governing body: SB 481 Page 10 i) The chief internal auditor must be accountable to the head or deputy head of the state agency; ii) The chief internal auditor must report his or her audit findings and recommendations to the head or deputy head of the state agency and to the general counsel to the state agency, if applicable (emphasis added); and, iii) The operations must be organizationally outside the staff or line management function of the unit under audit. b) For state agencies that are overseen by a governing body: i) The chief internal auditor must be accountable to an audit committee of the governing body; ii) The chief internal auditor must report his or her audit findings and recommendations to the audit committee and the general counsel to the governing body (emphasis added); and, iii) The operations must be organizationally outside the staff or line management function of the unit under SB 481 Page 11 audit. Local agency auditors are not subject to these requirements. Local agency auditors can be appointed by the local governing board, or they can be elected. In addition, some local jurisdictions have independent audit committees. 6)Policy Considerations. The Committee may wish to consider the following: a) Prevalence. The author and sponsor have provided two examples of local agencies where the auditor reports directly to the agency's general counsel. The Committee may wish to ask the author or sponsor to provide examples showing that these reporting relationships have resulted in curtailed independence for those auditors or where this reporting relationship led to the denial of a CPRA request based on attorney-client privilege. The Committee may wish to consider whether, absent a prevalent statewide problem, this bill is necessary. b) Reporting to General Counsel. Current law requires internal auditors of state agencies to report their findings and recommendations to their general counsels. This bill prohibits local agency auditors from reporting to their general counsels. This language is intended to address two stated concerns: maintaining independence for local auditors, and ensuring transparency of local public records (in this case, audits or audit information). This SB 481 Page 12 bill's language could create confusion regarding whether it applies to the submission of reports to a general counsel or whether it applies to a reporting relationship with a general counsel. The Committee may wish to consider striking this language or clarifying the language to specify a reporting relationship between audit staff and general counsel. c) Attorney-Client Privilege. The Senate Governance and Finance Committee, in its analysis of this bill, noted the following: "?by prohibiting any local government internal audit activities from being conducted under the auspices of a general counsel, SB 481 may prevent local governments from performing internal audits that may justifiably be privileged communications. For example, should a local agency be prevented from having its general counsel's office conduct an internal audit of personnel policies and practices to determine whether they expose the agency to potential legal liabilities? The Committee may wish to consider amending SB 481 to specify definitions or criteria that distinguish between legitimate and illegitimate applications of the attorney-client privilege to internal audits." 7)Arguments in Support. City of San Diego City Auditor Eduardo Luna, sponsor of this measure, writes, "Audits provide essential accountability and transparency over government programs. Given its importance, the public's ability to access these reports are paramount. However, certain practices limit the public's access to these audit reports. One such practice is the transmittal of internal audit reports to the organization's General Counsel. When reports are issued to the General Counsel, those reports are then classified as attorney-client privileged communications, SB 481 Page 13 thereby limiting public disclosure. SB 481 is a good government bill and will ensure the public has access to the audit reports by prohibiting employees who perform audits from reporting organizationally to the General Counsel." 8)Arguments in Opposition. None on file. REGISTERED SUPPORT / OPPOSITION: Support City of San Diego City Auditor Eduardo Luna [SPONSOR] City of Berkeley City Auditor Ann-Marie Hogan City of Calexico City of El Centro City Manager Ruben A. Duran El Centro Chamber of Commerce and Visitors Bureau Imperial County Board of Supervisors SB 481 Page 14 Opposition None on file Analysis Prepared by:Angela Mapp / L. GOV. / (916) 319-3958