AB 326 adds Section 89045.5 to the Education Code, requiring an external financial audit of each California State University campus at least once every three years and declaring that all audits of the CSU or any campus must be available to the public. The bill expressly requires these external audits notwithstanding other laws or existing financial audits.
This change increases the frequency and independence of financial review for individual campuses and opens both internal and external audit reports to public inspection. Practically, the measure raises questions about who pays for and contracts the audits, how sensitive material will be handled when released, and how campuses will manage duplication with existing internal audits required under Section 89045.
At a Glance
What It Does
The bill requires an external financial audit of each CSU campus at least once every three years and makes all audits of the CSU or its campuses available to the public. It adds a new Section 89045.5 to the Education Code and uses a 'notwithstanding' clause to prioritize the external-audit requirement over conflicting provisions.
Who It Affects
The immediate subjects are the Trustees of the California State University, campus business and finance offices, the CSU internal audit staff, external audit firms that would perform the work, and anyone who uses audit reports—legislators, watchdogs, journalists, donors, and the public. CSU campuses will carry the administrative and financial burden of scheduling, responding to, and publishing audits.
Why It Matters
This bill shifts CSU oversight toward more frequent, independent campus-level assurance and expands transparency by putting audit reports in the public domain. Those changes could improve accountability but also expose sensitive information, increase costs for campuses, and create operational and legal questions about procurement, timing, and redaction.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
Under current law, the CSU system maintains an internal audit function and performs audits at intervals set in Section 89045. AB 326 inserts a new, standalone duty: each CSU campus must undergo an external financial audit at least once every three years.
The statute frames that requirement with a 'notwithstanding any other law' clause, which indicates the Legislature intends this triannual schedule to prevail over conflicting audit timetables or authorities.
The bill also requires that every audit of the CSU or any campus—whether conducted by the system’s internal audit staff under Section 89045 or the new external audits—be "available to the public." The text is terse: it does not define the mechanism for public release, the timing of disclosure, the format, or whether and how sensitive or confidential information must be redacted before publication.Operationally, the statute leaves procurement, scheduling, and funding unspecified. It does not assign responsibility for contracting external auditors (the Trustees would be the logical actor but the statute does not say so), nor does it appropriate money.
That silence means campuses or the Chancellor’s Office must decide how to pay for and run these audits, whether to stagger campus audits, and how to incorporate external work with existing internal audit cycles. Those implementation choices will determine cost, duplication, and the practical value of additional external assurance.Finally, because the bill brings internal audits into the public sphere, it raises real questions about confidentiality: audits often contain personnel, student, donor, or information-system details that statutes or contracts may currently protect.
AB 326 does not establish exceptions or a redaction process, so campuses will need policy guidance or administrative procedures to reconcile public availability with privacy, FERPA, donor confidentiality, and other legal limits on disclosure.
The Five Things You Need to Know
AB 326 adds Section 89045.5 to the Education Code, creating the new legal requirement.
It requires an external financial audit of each CSU campus at least once every three years, explicitly using a 'notwithstanding' clause.
It makes all audits of the CSU or any campus—including internal audits under Section 89045—available to the public.
The bill does not specify who hires external auditors, how audits should be procured, nor does it appropriate funding for the required audits.
The statute is silent on publication mechanics, timing, and redaction, leaving unresolved how campuses will protect legally sensitive information before public release.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Triannual external financial audits of each campus
Subdivision (a) imposes a floor: each CSU campus must receive an external financial audit at least once every three years. The provision is campus-specific rather than system-level, so smaller and larger campuses alike require separate external reviews. The use of 'notwithstanding any other law' signals the Legislature’s intent to prioritize this schedule over conflicting audit cycles, which could override internal timetables or other statutory audit regimes.
Public availability of all CSU audits
Subdivision (b) requires that all audits of the CSU or any campus—including internal audits performed pursuant to Section 89045 and the new external audits—be available to the public. The text does not define 'available' (for example whether posted online, subject to public records requests, or both), nor does it provide standards for redacting confidential material. That leaves campuses to develop disclosure procedures within the constraints of existing state and federal confidentiality laws.
Unspecified procurement, funding, timing, and confidentiality rules
The bill contains no language about who contracts auditors, how audits are scheduled across campuses, or how the required work will be funded. It also does not resolve conflicts with privacy laws like FERPA, contractual nondisclosure terms, or other statutory exemptions. Those omissions create practical decision points for the Trustees and the Chancellor’s Office and invite follow-up policies or administrative rules to operationalize the statute.
This bill is one of many.
Codify tracks hundreds of bills on Education across all five countries.
Explore Education in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Students and families — gain greater transparency into campus finances and fiscal management, which can inform choices and advocacy.
- State policymakers and oversight bodies — receive more frequent, independent campus-level financial assurance to inform legislative oversight and budgeting decisions.
- Watchdog organizations, journalists, and the public — get legal cover to access audit findings that were previously internal or harder to obtain.
- External audit firms — create potential recurring contract opportunities performing triannual campus audits across 23 campuses.
Who Bears the Cost
- CSU campuses and the Chancellor’s Office — must absorb the direct cost of external audits, publication, and staff time to respond to audit findings unless the Legislature provides funding.
- Internal audit staff — face increased transparency and scrutiny, additional effort to prepare workpapers for public release, and potential duplication of effort alongside external auditors.
- Donors, research partners, and contractors — risk disclosure of commercially sensitive or confidential information if audit reports are released without effective redaction.
- Campus administration and legal teams — will bear the compliance burden of establishing redaction and publication protocols and defending decisions about disclosure.
Key Issues
The Core Tension
The bill pits two legitimate goals against each other: more frequent, independent auditing and full public access enhance fiscal accountability, but they also raise real costs and risk exposing confidential information; the statute advances transparency without providing the funding, procedural rules, or confidentiality safeguards needed to implement that transparency cleanly.
AB 326 advances transparency but does so in a highly skeletal form. By mandating triannual external audits per campus and public release of all audit reports, the bill creates a host of implementation tasks and legal tensions that it does not resolve.
Key unanswered questions include who selects and pays auditors, whether audits are staggered or concurrent, how to avoid redundant work between internal and external teams, and how to marshal limited campus resources to meet recurring external audit demands.
The public-disclosure mandate is equally blunt. Audits commonly include personnel records, student data, proprietary contract terms, and other information that state or federal law may protect.
The statute provides no redaction standard, no timing rule for release relative to final audit reports, and no carve-outs for legally protected material. That ambiguity will force administrators into precautionary redaction or legal disputes, and it may chill candid internal reporting if staff fear public exposure.
Finally, absent appropriation language, campuses will either reallocate existing funds to meet the mandate or seek new state funding—choices that will shape how comprehensively and consistently the law is implemented across the system.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.