Guidance for External Auditors Working at Stanford University
On this page:
General Information
Stanford University’s policy is that we will provide all
available information pertinent to the scope of approved external
audits in a reasonable period of time. However, this policy
requires preparation and cooperation by the external auditor.
This guidance is designed to provide you with the basics you need to
carry out your work successfully.
You should arrange with the Stanford Internal Audit Department
(650-725-0074) or (email) to obtain approval
prior to beginning any fieldwork on
campus. Approval normally requires an Entrance Conference with
the Executive Director of Internal Audit and Institutional Compliance,
or his/her representative, at which we will ask you to describe the
intended scope, objectives, and time frame for your planned audit.
Before contacting any University staff, you must be able to answer
three questions about your work:
- What audit organization are you affiliated,
- What is the purpose of the audit procedures you are performing,
and
- Has your audit been approved by and coordinated with Internal
Audit.
Before contacting departmental staff to obtain information, you should
first try to obtain the information from central University data
sources. Internal Audit will provide instructions on how to do
this, or, in some cases, will assist you obtain the information, or
provide you with the data directly.
If it becomes necessary to contact Stanford staff, they will make
reasonable efforts to provide the information you need in an acceptable
time frame. If you have pressing time constraints, you should
carefully explain those constraints to the person(s) from whom you are
requesting information, and should work with Internal Audit to
facilitate access to the needed information if delays arise.
In some cases, Stanford requires that auditors make their
information requests in writing. Normally, this occurs if the
information being requested requires special analyses or extensive
efforts to obtain, or is sensitive. You should keep this in mind
when planning your audit.
Remember that Stanford staff may not know who you are, what you are
looking for, or why. We recommend that you preface all contacts
with a brief explanation of the basic rationale for and scope of your
audit procedures. This is especially important if the information
is being requested by phone or electronic mail. Furthermore, we
recommend that you be as specific in your requests as possible.
Sometimes, if you tell the staff clearly what information you are
trying to locate or what issue you are trying to address, they can
direct you to a better source than the one you are looking for.
Be careful about using jargon. Words that make perfect sense to
you, such as Final Cost Objective, or Object Code, may make no sense to
Stanford staff. Likewise, if we use Stanford jargon with you,
please ask for clarification.
If you have problems reaching someone at Stanford, feel free to
request assistance from Internal Audit. Often we can help you
identify an alternative, and more easily contacted, source.
Finally, please be polite and considerate. Stanford staff have
been instructed to refuse to answer any questions which appear to be
inappropriate to the scope of the audit being conducted, or which are
asked in an inappropriate manner. In such cases, Internal Audit
will be called to intervene.
Thank you for your understanding and cooperation.
The Stanford Internal Audit Department
<top>
Requests for IT Access
For External Agents who need access to
<top>