When setting up a UDOC for an auditor in CORE, does the auditor need a temporary state email?

No. An auditor can use a valid business audit email. Typically the entities doing audits of agencies in CORE are other state/gov entities, and so their email credentials reflect this. Agencies may also contract for third-party auditor services; however, and in these cases, the auditors should be entered with their relevant business-related auditor email address. Their department code must be the agency under which they are completing their auditing services. In all circumstances, the Controller for each agency is accountable for periodic review and attestation of all user access for their Department, including for auditors.

NOTE: It is best practice to type in Auditor into the Locality field on the Header of the UDOC unless they are a state employee, in which case use their EID.