Internal Audit

• Overview
• About Internal Audit
• Documents
• Information Security and IT Audit
• Resources, External Links
• Contact Information

Institutional Compliance Program

• Overview
• Compliance Initiative
• Offices and Officers
• Code of Conduct
• Committee Highlights
• Relevant Policies
• Compliance Helpline

STARS

• Overview
• STARS Help

Related Pages

• Business Affairs
• Office of the General Counsel
• Information Security Office

• Internal Audit & Institutional Compliance
• About Internal Audit

About Internal Audit

Mission

The mission of the Internal Audit Department is to assist University management and the Stanford Board of Trustees in identifying, avoiding and, where necessary, mitigating risks.

Charter

The Department's charter, as approved by the Board of Trustees, follows:

The Internal Audit Department’s primary role is to serve Stanford University management and the Board of Trustees in the identification, evaluation, and mitigation of organizational risk.  The Department annually carries out a systematic assessment to ensure that its work is focused on the highest enterprise-wide risks.

The scope of the Internal Audit Department’s work includes examining, evaluating, and, as necessary, recommending improvements to the University’s internal controls.  Internal controls encompass the policies, procedures, activities, and information systems through which University schools, departments, and associated organizations, such as the Stanford Linear Accelerator Center and Stanford Management Company, ensure:

• Reliability, integrity, and security of information;
• Compliance with laws and regulations;
• Compliance with University’ policies and procedures, including the Code of Conduct;
• Safeguarding of assets;
• Economical and efficient use of resources; and
• Accomplishment of established objectives and goals for operations or programs.

The Internal Audit Department shall have direct and timely access to all University books, records, information systems, data, and personnel, as required to satisfy its audit objectives.

The Executive Director of Internal Audit and Institutional Compliance shall have authority to make specific reports directly to the University President and Provost and shall have direct access to the Board of Trustees through the Chair of the Audit and Compliance Committee.

<top>

Responsibilities

Department responsibilities include examining and evaluating the policies, procedures and systems which are in place to ensure:

• reliability and integrity of information;
• compliance with policies, plans, procedures, laws, and regulations;
• safeguarding of assets;
• economical and efficient use of resources; and
• accomplishment of established objectives and goals for operations or programs.
  

Primary Clients

Internal

• Board of Trustees
• Faculty, staff and students
• General Counsel
• University management

External

• Defense Contract Audit Agency
• Department of Energy Inspector General
• Donors
• Independent Public Accountants
• Office of Naval Research
• Sponsoring Agencies
  

Types of Services

Services provided to internal and external clients include:

• Recommendations
  • Internal controls
  • Economical and efficient use of resources
• Opinions
  • Degree of compliance
  • Adequacy of financial records
• Measurements of Compliance
  • University policies and procedures
  • Government laws and regulations
  • Sponsored grant and contract requirements
  • Donor restrictions on use of funds
• Special Projects
  • Risk and controls assessment
  • Management advisory services
  • Conflicts of interest reviews
  • Financial irregularity reviews
• Professional Development
  • Internal control techniques
  • Risk and controls self assessment
    
  <top>
  
  

Answers to Typical Questions About Auditing at Stanford

1. Who are the auditors at Stanford?

Internal auditors are Stanford employees reporting to the Executive Director of Internal Audit and Institutional Compliance.

External auditors include independent public accounting firms, the Defense Contract Audit Agency (DCAA), and others who carry out engagements including the annual financial statement audit, reviews of Stanford's compliance with government rules and regulations, and audits of indirect costs associated with government sponsored research.

The Internal Audit Department performs liaison functions for all external auditors working on campus.

2. How are internal audits scheduled?

The Internal Audit Department periodically performs assessments of University operating units and control functions to identify areas of potential institutional risk. Based on these assessments and discussions with management, the Executive Director of Internal Audit and Institutional Compliance recommends an annual audit plan, which is approved by the Committee on Audit and Complaince of the Board of Trustees.

The Internal Audit Department also responds to special requests from University and department management, inquiries received from members of the Stanford community through the University's Code of Conduct for Business Activities (Administrative Guide Memo #1), and special requests for audits from external agencies.

3. What does a typical internal audit include?

Common elements of an internal audit engagement include the following:

• Scheduling an opening conference to discuss audit objectives, timing, and intended report format and distribution
• Evaluating internal control systems
• Testing to ensure proper operation of internal control systems
• Developing conclusions based on test results
• Reviewing audit issues and draft audit reports with management and staff
• Preparing and distributing an audit report which generally include management's responses to the issues raised
• Following up to ensure all issues raised in audit reports have been addressed

For details of the above look in Internal Audit Standard Operating Procedures

4. How can I best work with auditors at Stanford?

Each audit engagement has a defined scope and objectives. Any auditor requesting information from you should be able to explain the audit's purpose and objectives so you can understand the reasons for questions being asked and provide accurate answers.

When you understand the audit's purpose, you can assist by either providing relevant information or, if you are not the best source of the requested information, directing the auditor to the right person or office.

If you have questions or concerns about information being requested, it is appropriate to discuss those concerns with the auditor, an Internal Audit manager, or the Executive Director of Internal Audit and Institutional Compliance.

5. Who audits the Internal Audit Department?

The Internal Audit Department follows the Standards of the Institute of Internal Auditors (IIA). Accordingly, periodically an outside review team performs a peer review and assesses the quality of our function and makes recommendations directly to the Committee on Audit and compliance.

6. How do you help ensure quality client service?

At the completion of each audit engagement, the Executive Director of Internal Audit and Institutional Compliance requests primary audit clients to complete and return a client service evaluation form to identify areas for improving our service. The Executive Director also welcomes comments at any time regarding the quality, timeliness, and responsiveness of internal and external audit engagements.

7. How can I contact the Internal Audit Department?

The Internal Audit Department is organized with managers and staff responsible for the University, Stanford Management Company, School of Medicine, SLAC, Stanford Hospital & Clinics, and Lucile Packard Children's Hospital. The Executive Director of Internal Audit and Institutional Compliance and all auditors may be reached by calling (650) 725-0074, faxing (650) 725-0073, email to Internal-Audit@lists.stanford.edu, or by sending inter-campus mail to: Mail Stop 6212.

<top>