The Department's charter, as approved by the Stanford University Board of Trustees, follows:
The mission of Internal Audit and Institutional Compliance (IAIC) is to provide independent, objective assurance and consulting services designed to add value and improve the operations of Stanford University and the Stanford University Hospitals. IAIC helps these organizations accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
The scope of work of IAIC is to determine whether the organization’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning effectively to ensure:
- Risks are appropriately identified and managed
- Significant financial, managerial, and operating information is accurate, reliable, and timely.
- Employees’ actions are in compliance with applicable laws, regulations, contract/grant provisions, and internal policies, plans, and procedures.
- Resources are acquired economically, used efficiently, accounted for accurately, and protected adequately.
- Programs, plans, and objectives are achieved.
- Quality and continuous improvement are fostered in the organization’s control process.
- Significant legislative or regulatory issues impacting the organization are recognized and addressed properly.
The Associate Vice President for IAIC shall be accountable to management and the University Board of Trustees Audit and Compliance Committee and the Hospitals’ Boards of Directors’ Audit and Compliance Committees to:
- Provide annually an assessment on the adequacy and effectiveness of the organization’s processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.
- Report significant issues related to the processes for controlling the activities of the organization its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.
- Provide information periodically on the status and results of the annual audit and compliance plan and the sufficiency of department resources.
- Coordinate with, and provide oversight of, other compliance, control, and monitoring functions.
To provide for the independence of IAIC, the Associate Vice President reports administratively to the University Vice President of Business Affairs and Chief Financial Officer (CFO) and functionally to the Audit and Compliance Committees of the University Board of Trustees and the Hospitals’ Boards of Directors in a manner outlined in the above section on Accountability.
IAIC is authorized to:
- Have unrestricted access to all functions, records, property, and personnel.
- Make specific reports directly to the University President and Provost.
- Have full and free access to the Audit and Compliance Committees.
- Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
- Obtain the necessary assistance of personnel in units of the organization where they perform audits, as well as other specialized services from within or outside the organization.
IAIC is not authorized to:
- Perform any operational duties for the organization or its affiliates.
- Initiate or approve accounting transactions external to IAIC.
- Direct the activities of any organization employee not employed by IAIC, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist the internal auditors.
IAIC has responsibility to:
- Maintain a professional staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter.
- Establish a quality assurance program by which the Executive Director assures the operation of IAIC activities.
Audit and Advisory Services
IAIC conducts financial, operational, and information technology audits in accordance with approved plans and its established policies and procedures. In addition, IAIC conforms with the Code of Ethics and the International Standards for the Professional Practice of Internal Auditing promulgated by The Institute of Internal Auditors, as well as other professional auditing standards which may be applicable to the performance of work assignments.
Audit and Advisory services include, but are not limited to:
- Developing and implementing a flexible annual audit plan using appropriate risk-based methodology, including risks or control concerns identified by management. These plans are submitted to the Audit and Compliance Committees for review and approval.
- Considering the scope of work of external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the University and Hospitals at a reasonable overall cost.
- Examining and evaluating the adequacy and effectiveness of the systems of internal controls.
- Evaluating and assessing significant new or changing services, processes, operations, and controls coincident with their development and implementation.
- Identifying opportunities for reducing costs, improving processes, or enhancing the organization’s reputation.
- Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.
- In conjunction with the Office of General Counsel, assessing compliance with laws, regulations, contract/grant provisions, and internal policies, plans, and procedures.
- Verifying that resources are acquired economically, used efficiently, accounted for accurately, and protected adequately.
- Reviewing operations or programs to ascertain whether results are consistent with established objectives.
- Conducting investigations of suspected fraudulent activities in conjunction with other University resources and notifying management and the Audit and Compliance Committee of the results.
- Performing consulting services, beyond IAIC’s assurance services, to assist management in meeting its objectives. Examples may include facilitation, process design, training, and advisory services.
- Facilitating and coordinating external audits.
- Evaluating emerging audit trends and implementing best practices.
On February 8, 2010, signed by:
Chair, Board of Trustees Audit and Compliance Committee,
Stanford University President,
Stanford VP Business Affairs and Chief Financial Officer, and Associate Vice President for Stanford IAIC