North Carolina § 18C-122 Independent audits

North Carolina Statutes

§ 18C-122 — Independent audits

North Carolina § 18C-122

Ch. 18CNorth Carolina State Lottery

Art. 3North Carolina State Lottery Director

This text of North Carolina § 18C-122 (Independent audits) is published on Counsel Stack Legal Research, covering North Carolina primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook

N.C. Gen. Stat. § 18C-122 (2026).

Text

(a)Biennially, at the beginning of the calendar year, the Commission shall engage an independent firm experienced in security procedures, including computer security and systems security, to conduct a comprehensive study and evaluation of all aspects of security in the operation of the Commission and of the Lottery. At a minimum, such a security assessment should include a review of network vulnerability, application vulnerability, application code review, wireless security, security policy and processes, security/privacy program management, technology infrastructure and security controls, security organization and governance, and operational effectiveness.

(b)The portion of the security audit report containing the overall evaluation of the Commission and of lottery games in terms of eac

Free access — add to your briefcase to read the full text and ask questions with AI

(a) Biennially, at the beginning of the calendar year, the Commission shall engage an independent firm experienced in security procedures, including computer security and systems security, to conduct a comprehensive study and evaluation of all aspects of security in the operation of the Commission and of the Lottery. At a minimum, such a security assessment should include a review of network vulnerability, application vulnerability, application code review, wireless security, security policy and processes, security/privacy program management, technology infrastructure and security controls, security organization and governance, and operational effectiveness.
(b) The portion of the security audit report containing the overall evaluation of the Commission and of lottery games in terms of each aspect of security shall be presented to the Commission, to the Governor, and to the General Assembly.
(c) The portion of the security audit report containing specific recommendations shall be confidential, shall be presented only to the Director and to the Commission, and shall be exempt from Chapter 132 of the General Statutes. The Commission may hear the report of such an audit, discuss, and take action on any recommendations to address that audit under G.S. 143-318.11(a)(1). The Commission may hear reports on the following matters under G.S. 143-318.11(a)(1), all of which shall be exempt from Chapter 132 of the General Statutes:
(1) Information regarding any vulnerabilities listed in subsection (a) of this section.
(2) Information that could impair or adversely impact the security of the Lottery or the Commission in carrying out its responsibilities as directed in this Chapter.
(3) Information that could be used to provide an unfair advantage to a player or jeopardize the integrity of any lottery game.
(d) Biennially at the end of the fiscal year, in addition to the audits required by G.S. 18C-116 and by subsection (a) of this section, beginning in 2010, the Commission shall engage an independent auditing firm that has experience in evaluating the operation of lotteries to perform an audit of the Lottery. The results of this audit shall be presented to the Commission, to the Governor, and to the General Assembly. (2005-344, s. 1; 2005-276, s. 31.1(i); 2009-357, s. 15; 2023-42, s. 4(i).)
§§ 18C-123 through 18C-129: Reserved for future codification purposes.