NWOSA wrote:On March 22, 2022, the Office of the State Auditor (OSA) received the above-referenced IPRA request regarding Otero County and “additional concerns” to which Mr. Beck referred in his letter. Please note the OSA’s examination of these matters remains open and ongoing and the OSA is unable to provide the requested confidential audit documentation, which is excepted from disclosure as further described in this correspondence.
There are numerous reasons why the OSA cannot permit inspection of the requested confidential audit documentation as such documents are not public records for purposes of the IPRA in the context of authority governing the OSA and the practice of public accountancy.
The OSA is in the practice of public accountancy under New Mexico law and subject to applicable laws, rules, and professional standards. The Audit Act, at NMSA 1978, Section 12-6-5, provides final audit reports become public record upon their release. As part of its statutory duties, the OSA is required to promulgate reasonable regulations necessary to carry out the duties of the office, including regulations required for conducting audits in accordance with generally accepted auditing standards. NMSA 1978, § 12-6-12. Those regulations, at 2.2.2.15(A) NMAC, provide in part as follows:
(2) Confidentiality of sources: The identity of a person making a report and associated allegations made directly to the state auditor orally or in writing, or telephonically or in writing through the state auditor’s fraud hotline or website, or through any other means, alleging financial fraud, waste, or abuse in government is confidential audit information and may not be disclosed, except as required by Section 12-6-6 NMSA 1978.
(3) Confidentiality of files: A report alleging financial fraud, waste, or abuse in government that is made directly to the state auditor orally or in writing, or telephonically or in writing through the state auditor’s fraud hotline or website, any resulting special audit, performance audit, attestation engagement or forensic accounting or other non-attest engagement, and all records and files related thereto are confidential audit documentation and may not be disclosed by the OSA or the agency, except to an independent auditor, performance audit team or forensic accounting team in connection with a special audit, performance audit, attestation engagement, forensic accounting engagement, non-attest engagement, or other existing or potential engagement regarding the financial affairs or transactions of an agency. Any information related to a report alleging financial fraud, waste, or abuse in government provided to an independent auditor, performance audit team or forensic accounting team, is considered to be confidential audit or engagement documentation and is subject to confidentiality requirements, including but not limited to requirements under Subsections E and M in Section in 2.2.2.10 NMAC, the Public Accountancy Act, and the AICPA Code of Professional Conduct.
The Audit Rule is clear that confidential audit documentation cannot be considered public records as defined in NMSA 1978, Section 14-2-6(G), as to do so would undermine and erode the practice of public accountancy in New Mexico and prevent the OSA from fulfilling its statutory duty to comply with generally accepted auditing standards.
Additionally, New Mexico law is clear as to the ownership and confidentiality of audit documentation, which is another reason audit documentation cannot also be considered public records as defined in NMSA 1978, Section 14-2-6(G). Audit documentation is the property of the responsible certificate holder and is confidential, including under New Mexico’s Public Accountancy Act at NMSA 1978, Sections 61-28B-24 and 25. Public accountancy certificate holders in New Mexico have duties to maintain confidentiality of such information, including to maintain their professional licenses and to avoid potential liability.
If, for the sake of argument, a court were to determine such audit documentation was public record of the OSA, then exceptions to the IPRA as otherwise provided by law would apply to preclude disclosure of the audit documentation at issue. See NMSA 1978, § 14-2-1(H). Because the OSA is in the practice of public accountancy under NMSA 1978, Section 61-28B-17(B), laws, rules, and professional standards apply that all require confidentiality.
Other applicable statutory authority includes the following:
In the courts of the state, no certified public accountant or public accountant shall be permitted to disclose information obtained in the conduct of any examination, audit or other investigation made in a professional capacity …. NMSA 1978, § 38-6-6(C).
New Mexico’s Public Accountancy Act further provides:
A statement, record, schedule, working paper or memorandum made by a certificate or permit holder … shall be the property of the certificate or permit holder … except the report submitted by him to the client and except for a record that is part of the client’s records. NMSA 1978, § 61-28B-25(A).
And:
[A] certificate holder shall not voluntarily disclose information communicated to him …. Such information shall be deemed confidential…. NMSA 1978, § 61-28B-24.
The Public Accountancy Act clearly defines the ownership, confidentiality, and non-transferrable status of audit documentation, and as a result, such documentation cannot also be public records for purposes of the IPRA without creating a conflict in law that would erode public accountancy in New Mexico and prevent the OSA from accomplishing its constitutional and statutory purposes and mandates as an executive branch agency.
Additional persons responsible for the OSA’s position with respect to the confidentiality of the audit documentation at issue and authority governing the OSA and the practice of public accountancy are State Auditor Brian S. Colón, Esq., CFE and General Counsel Jesse Gallegos, Esq.
With this response complete, this IPRA request is closed.