Search Stanford:
 

Internal Audit

• Overview
• About Internal Audit
• Documents
• Information Security and IT Audit
• Resources, External Links
• Contact Information

Institutional Compliance Program

• Overview
• Compliance Initiative
• Offices and Officers
• Code of Conduct
• Committee Highlights
• Relevant Policies
• Compliance Helpline

STARS

• Overview
• STARS Help

Related Pages

• Business Affairs
• Office of the General Counsel
• Information Security Office

• Internal Audit & Institutional Compliance
• Documents
• Audit Survival Guide

Audit Survival Guide

No matter what department you call home, chances are that you will at some time be asked to participate in an audit. This section contains some suggestions to help you understand what assistance is required and how to provide it quickly and easily, with the least intrusion into your normal work.

As a general rule, all external audits being conducted at Stanford are reviewed by and coordinated with Stanford's Internal Audit Department. The IAD review assures an understanding of the objectives and scope of the audit, and assists the auditors in achieving legitimate objectives with the least impact on University operations. Wherever possible, IAD will schedule an opening conference with the auditors and Stanford staff most likely to be involved in the audit, to facilitate full communication of audit objectives, schedule, and protocol.

FIRST QUESTIONS

When you are contacted by an auditor, you should first ask and obtain answers to the following questions:

1. Which audit organization do you represent?

2. What type of audit is this?

3. Has this audit been properly coordinated through Stanford IAD?

If your department has identified an individual as an audit contact point, that person should be advised. It is also appropriate to advise your supervisor or manager if you are contacted by an auditor.

The earlier sections of this Guide provide information to help you assess the answers to questions 1 and 2. Auditors who are unable to provide a clear description of their affiliation and the purpose of their audit should be referred immediately to an audit liaison representative in Stanford's Internal Audit Department.

In addition, all auditors working at Stanford should also be able to assure you of prior review and coordination with Stanford's Internal Audit Department. If their answer to question #3 above is "no," or "I don't know," they should be referred immediately to the appropriate IAD audit liaison representative. No further departmental involvement is needed until that coordination takes place!

AUDIT GROUNDRULES

Assuming the auditor can provide adequate assurances that the audit has been properly coordinated, a protocol for providing information to auditors has been established. The fundamental principle is that Stanford has agreed to provide all available information pertinent to the scope of approved audits in a reasonable period of time. In return, Stanford requests observance of the following conventions:

1. All information that is thought to be contained in central sources will be sought from those sources before any efforts are made to obtain the data from departmental sources. This should prevent unnecessary intrusions on departmental staff. Stanford IAD provides assistance to all external auditors in tapping central data sources.

2. Copies of published or publicly available information may be provided to auditors upon request. No permanent record needs to be made of these transmissions.

3. If a government auditor requests information which will require more than just providing copies of generally available, existing documents, or which involves confidential or other sensitive information, you should request the auditor to prepare a written request (action item) describing the information needed and the time by which it is required. Stanford's Director of Internal Audit receives copies of all written action items prepared by government auditors. This ensures that:
   • the desired information is clearly described so that time and effort will not be spent supplying the wrong information,

   • there is clear understanding about when the information is needed, and

   • Stanford can track when the requested information was provided.

4. The Director of Internal audit may request that copies of responses to written action items (or any previously unpublished or confidential or sensitive information) be retained in the Government Cost and Rate Studies (GCRS) office, along with a serially-numbered transmittal memo. Sometimes confidential information must be deleted prior to production. If deemed necessary, IAD will collect the responses, prepare the copies and the memos and transmit the original responses to GCRS, or, if prior arrangements have been made with GCRS, the office supplying the information may do so.

Go back to Section 4, Kinds Of Audits

Go ahead to Section 6, Questions About Audits

Back all the way to the Audit Survival Guide Home Page