Regulation 20 — Audit Regulations 2020
Original Rule Text
20. Confidentiality of information and protection of personal identifiable/sensitive information acquired during audit
(1) The documents classified as ‘confidential’ or ‘secret’ or ‘top secret’ shall be made available to Audit and shall be dealt with by Audit in accordance with the standing laws and instructions of the Government for handling and custody of such documents and information.
(2) If certain privileged or confidential information or Personally Identifiable Information (PII) prohibited from general disclosure by law is obtained in course of an audit, Audit should maintain confidentiality of that information and ensure that any audit products do not become a means of compromising such privilege or confidentiality of the information. However, this does not preclude Audit from including the names of departments, organisations, parties concerned in audit reports, as per extant orders of the Comptroller and Auditor General and consistent with applicable laws.
(3) Information about an auditable entity acquired in the course of audit shall not be used for purposes other than the discharge of Comptroller and Auditor General’s audit mandate. However, Audit is not precluded from reporting offences against the law to appropriate prosecuting authorities wherever necessary. Instances of fraud or corruption, as noticed during Audit, shall be reported to concerned authorities by Audit, as per instructions issued by the Comptroller and Auditor General.
What This Means
Audit teams must maintain the confidentiality of classified documents (confidential, secret, top secret) and Personally Identifiable Information (PII) obtained during audits, handling them in accordance with government security laws. Information acquired during audit cannot be used for any purpose other than discharging the CAG's audit mandate. However, if the audit team discovers instances of fraud or corruption, they are required to report these to the appropriate prosecuting or concerned authorities.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Key Points
- 1Classified documents (confidential/secret/top secret) must be provided to Audit but handled per government security instructions
- 2PII and privileged information must not be disclosed through audit reports unless consistent with applicable laws
- 3Information acquired during audit can only be used for audit purposes — not for any other purpose
- 4Fraud and corruption discovered during audit must be reported to appropriate authorities
- 5Audit reports may include names of departments, organizations, and parties as per CAG's extant orders
Practical Example
During an audit of the Defence Ministry's procurement contracts, the audit team obtains documents classified as 'Secret.' The team stores these documents in the prescribed manner with restricted access, and the audit report discusses findings without compromising classified details. When the team discovers evidence of collusion between a vendor and a procurement officer, they report it to the Central Vigilance Commission as required.
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.
Frequently Asked Questions
Can the audit team include the names of individuals in its reports?▼
What should an auditor do if they discover fraud during an audit?▼
Can audit data be shared with other government departments for non-audit purposes?▼
This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.