Guidance for External Auditors Working at Stanford University
On this page:
General Information
Stanford University’s
policy is that we will provide all
available information pertinent to the scope of approved external
audits in a reasonable period of time. However, this policy
requires preparation and cooperation by the external auditor.
This guidance is designed to provide you with the basics you need to
carry out your work successfully.
You should arrange with the
Stanford Internal Audit Department
(650-725-0074) or (email)
to obtain approval
prior to beginning any fieldwork on
campus. Approval normally requires an Entrance Conference
with
the Associate Vice President
of Internal Audit and Institutional Compliance,
or his/her representative, at which we will ask you to describe the
intended scope, objectives, and time frame for your planned audit.
Before contacting any University staff, you must be able to answer
three questions about your work:
- What audit organization are
you affiliated,
- What is the purpose of the
audit procedures you are performing,
and
- Has your audit been approved
by and coordinated with Internal
Audit.
Before contacting departmental staff to obtain information, you should
first try to obtain the information from central University data
sources. Internal Audit & Institutional Compliance
will
provide instructions on how to do
this, or, in some cases, will assist you obtain the information, or
provide you with the data directly.
If it becomes necessary to contact Stanford staff, they will make
reasonable efforts to provide the information you need in an acceptable
time frame. If you have pressing time constraints, you should
carefully explain those constraints to the person(s) from whom you are
requesting information, and should work with Internal Audit &
Institutional Compliance to
facilitate access to the needed information if delays arise.
In some cases, Stanford
requires that auditors make their
information requests in writing. Normally, this occurs if the
information being requested requires special analyses or extensive
efforts to obtain, or is sensitive. You should keep this in
mind
when planning your audit.
Remember that Stanford staff may not know who you are, what you are
looking for, or why. We recommend that you preface all
contacts
with a brief explanation of the basic rationale for and scope of your
audit procedures. This is especially important if the
information
is being requested by phone or electronic mail. Furthermore,
we
recommend that you be as specific in your requests as
possible.
Sometimes, if you tell the staff clearly what information you are
trying to locate or what issue you are trying to address, they can
direct you to a better source than the one you are looking for.
Be careful about using jargon. Words that make perfect sense
to
you, such as Final Cost Objective, or Object Code, may make no sense to
Stanford staff. Likewise, if we use Stanford jargon with you,
please ask for clarification.
If you have problems reaching
someone at Stanford, feel free to
request assistance from Internal Audit & Institutional
Compliance. Often we can help you
identify an alternative, and more easily contacted, source.
Finally, please be aware that Stanford staff have
been instructed to refuse to answer any questions which appear to be
inappropriate to the scope of the audit being conducted, or which are
asked in an inappropriate manner. In such cases, Internal
Audit
& Institutional Compliance will be called to
intervene.
Thank you for your
understanding and cooperation.
The Stanford Internal Audit
& Institutional Compliance Department
<top>
Requests for IT Access
For External Agents who need
access to
<top>