(1) For the purposes of this part 1 the committee has the power to subpoena witnesses, take testimony under oath, and to assemble records and documents, by subpoena duces tecum or otherwise, with the same power and authority as courts of record and may apply to courts of record for the enforcement of these powers. The sheriff of any county shall serve any subpoena on written order of the committee in the same manner as process is served in civil actions. Witnesses subpoenaed to appear before the committee shall receive the same fees and expenses as witnesses in civil cases.
(2) (a) Notwithstanding any provision of law to the contrary, the state auditor or his or her designated representative shall have access at all times, except as provided by sections 39-1-116, 39-4-103, and 39-5-120, C.R.S., to all of the books, accounts, reports, vouchers, or other records or information in any department, institution, or agency, including but not limited to records or information required to be kept confidential or exempt from public disclosure upon subpoena, search warrant, discovery proceedings, or otherwise. When accessing confidential health records, the state auditor shall determine the necessity of accessing personal identifying health information for the purpose of achieving the audit objectives.
(b) Nothing in this subsection (2) shall be construed as authorizing or permitting the publication of information prohibited by law. Notwithstanding the approval of the committee to release work papers of the office of the state auditor pursuant to section 2-3-103 (3), no information required to be kept confidential pursuant to any other law shall be released in connection with an audit. The results of any audit or evaluation of information technology systems undertaken pursuant to section 2-3-103 (1.5) that are precluded from disclosure under section 24-6-402 (3)(a)(IV), C.R.S., shall not be released in connection with any such audit or evaluation. In addition to the penalty established in section 2-3-103.7, any person who unlawfully releases confidential information shall be subject to any criminal or civil penalty under any applicable law for the unlawful release of the information.
(c) Any officer or employee who fails or refuses to permit such access or examination for audit or who interferes in any way with such examination is guilty of a misdemeanor and, upon conviction thereof, shall be punished by a fine of not less than one hundred dollars nor more than one thousand dollars, or by imprisonment in the county jail for not less than one month nor more than twelve months, or by both such fine and imprisonment.
(3) In verifying any of the audits made, the state auditor has the right to ascertain the amounts on deposit in any bank or other depository belonging to any department, institution, or agency required to be audited and has the right to audit said account on the books of any such bank or depository. No bank or other depository is liable for making available to the state auditor any of the information required under this subsection (3).