CINXE.COM

Our Charter | Office of the Chief Risk Officer

<!DOCTYPE html> <html lang="en" dir="ltr" prefix="og: https://ogp.me/ns#" class="no-js"> <head> <meta charset="utf-8" /> <script async src="https://www.googletagmanager.com/gtag/js?id=G-2702NRSNLR"></script> <script>window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments)};gtag("js", new Date());gtag("set", "developer_id.dMDhkMT", true);gtag("config", "G-2702NRSNLR", {"groups":"default","page_placeholder":"PLACEHOLDER_page_location","allow_ad_personalization_signals":false,"cookie_domain":"ocro.stanford.edu","cookie_prefix":"su","cookie_expires":15552000});</script> <link rel="canonical" href="https://ocro.stanford.edu/internal-audit/our-charter" /> <meta property="og:site_name" content="Office of the Chief Risk Officer" /> <meta property="og:type" content="website" /> <meta property="og:url" content="https://ocro.stanford.edu/internal-audit/our-charter" /> <meta property="og:title" content="Our Charter" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:title" content="Our Charter" /> <meta name="Generator" content="Drupal 10 (https://www.drupal.org)" /> <meta name="MobileOptimized" content="width" /> <meta name="HandheldFriendly" content="true" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="/profiles/custom/stanford_profile/themes/stanford_basic/favicon.ico" type="image/vnd.microsoft.icon" /> <link rel="apple-touch-icon" sizes="60x60" href="https://www-media.stanford.edu/assets/favicon/apple-touch-icon-60x60.png" /> <link rel="apple-touch-icon" sizes="72x72" href="https://www-media.stanford.edu/assets/favicon/apple-touch-icon-72x72.png" /> <link rel="apple-touch-icon" sizes="76x76" href="https://www-media.stanford.edu/assets/favicon/apple-touch-icon-76x76.png" /> <link rel="apple-touch-icon" sizes="114x114" href="https://www-media.stanford.edu/assets/favicon/apple-touch-icon-114x114.png" /> <link rel="apple-touch-icon" sizes="120x120" href="https://www-media.stanford.edu/assets/favicon/apple-touch-icon-120x120.png" /> <link rel="apple-touch-icon" sizes="144x144" href="https://www-media.stanford.edu/assets/favicon/apple-touch-icon-144x144.png" /> <link rel="apple-touch-icon" sizes="152x152" href="https://www-media.stanford.edu/assets/favicon/apple-touch-icon-152x152.png" /> <link rel="apple-touch-icon" sizes="180x180" href="https://www-media.stanford.edu/assets/favicon/apple-touch-icon-180x180.png" /> <link rel="icon" type="image/png" href="https://www-media.stanford.edu/assets/favicon/favicon-196x196.png" sizes="196x196" /> <link rel="icon" type="image/png" href="https://www-media.stanford.edu/assets/favicon/favicon-192x192.png" sizes="192x192" /> <link rel="icon" type="image/png" href="https://www-media.stanford.edu/assets/favicon/favicon-128.png" sizes="128x128" /> <link rel="icon" type="image/png" href="https://www-media.stanford.edu/assets/favicon/favicon-96x96.png" sizes="96x96" /> <link rel="icon" type="image/png" href="https://www-media.stanford.edu/assets/favicon/favicon-32x32.png" sizes="32x32" /> <link rel="icon" type="image/png" href="https://www-media.stanford.edu/assets/favicon/favicon-16x16.png" sizes="16x16" /> <link rel="mask-icon" href="https://www-media.stanford.edu/assets/favicon/safari-pinned-tab.svg" color="#ffffff"> <meta name="application-name" content="Stanford University"/> <meta name="msapplication-TileColor" content="#FFFFFF" /> <meta name="msapplication-TileImage" content="https://www-media.stanford.edu/assets/favicon/mstile-144x144.png" /> <meta name="msapplication-square70x70logo" content="https://www-media.stanford.edu/assets/favicon/mstile-70x70.png" /> <meta name="msapplication-square150x150logo" content="https://www-media.stanford.edu/assets/favicon/mstile-150x150.png" /> <meta name="msapplication-square310x310logo" content="https://www-media.stanford.edu/assets/favicon/mstile-310x310.png" /> <title>Our Charter | Office of the Chief Risk Officer</title> <link rel="stylesheet" media="all" href="/sites/g/files/sbiybj15831/files/css/css_Wb8jkJLiOar3KMvCQO5JwzNEHdHnPrVfjnuRQDLeH-c.css?delta=0&amp;language=en&amp;theme=stanford_basic&amp;include=eJyNUNGOwyAM-yEGn4TSNrTsgCAS1PH3Y7ft6E6q7l6QndiKjaMksCNTROMG1jtOD8rK_SHQvPmorjVmFihiqzcBGlX5nB2J6iA5KoudgP1sM6xopWVkk2hB_V5fHoshzoWcD2hZWujSk_mpPkOBtUDedEGYxf7wc8uryNn6I6x9hm0sGE3vhb9amu9X4U2CT19mKTVD0C-qqu9-ESypX6UZgiPqTB-wGoHf7jHRNeU6Bc8bLuPwM_-hqaGEdqZQY_rHP-2N_d7WO5FF29M" /> <link rel="stylesheet" media="all" href="https://use.fontawesome.com/releases/v5.13.1/css/all.css" /> <link rel="stylesheet" media="all" href="https://use.fontawesome.com/releases/v5.13.1/css/v4-shims.css" /> <link rel="stylesheet" media="all" href="/sites/g/files/sbiybj15831/files/css/css_-p5tx7qSJTkJOx5aDh1-cYHlpPUez2iVmxg10tFSon4.css?delta=3&amp;language=en&amp;theme=stanford_basic&amp;include=eJyNUNGOwyAM-yEGn4TSNrTsgCAS1PH3Y7ft6E6q7l6QndiKjaMksCNTROMG1jtOD8rK_SHQvPmorjVmFihiqzcBGlX5nB2J6iA5KoudgP1sM6xopWVkk2hB_V5fHoshzoWcD2hZWujSk_mpPkOBtUDedEGYxf7wc8uryNn6I6x9hm0sGE3vhb9amu9X4U2CT19mKTVD0C-qqu9-ESypX6UZgiPqTB-wGoHf7jHRNeU6Bc8bLuPwM_-hqaGEdqZQY_rHP-2N_d7WO5FF29M" /> <link rel="stylesheet" media="all" href="/sites/g/files/sbiybj15831/files/css/css_oOjPVf4yySku9-Ntrs-fjdlAtZc7BSa9e5adSPoOttY.css?delta=4&amp;language=en&amp;theme=stanford_basic&amp;include=eJyNUNGOwyAM-yEGn4TSNrTsgCAS1PH3Y7ft6E6q7l6QndiKjaMksCNTROMG1jtOD8rK_SHQvPmorjVmFihiqzcBGlX5nB2J6iA5KoudgP1sM6xopWVkk2hB_V5fHoshzoWcD2hZWujSk_mpPkOBtUDedEGYxf7wc8uryNn6I6x9hm0sGE3vhb9amu9X4U2CT19mKTVD0C-qqu9-ESypX6UZgiPqTB-wGoHf7jHRNeU6Bc8bLuPwM_-hqaGEdqZQY_rHP-2N_d7WO5FF29M" /> <link rel="stylesheet" media="print" href="/sites/g/files/sbiybj15831/files/css/css_tZIeCIS4JRnKB8x0OJTwtLZhWUKWR1Oqr30fHU961WI.css?delta=5&amp;language=en&amp;theme=stanford_basic&amp;include=eJyNUNGOwyAM-yEGn4TSNrTsgCAS1PH3Y7ft6E6q7l6QndiKjaMksCNTROMG1jtOD8rK_SHQvPmorjVmFihiqzcBGlX5nB2J6iA5KoudgP1sM6xopWVkk2hB_V5fHoshzoWcD2hZWujSk_mpPkOBtUDedEGYxf7wc8uryNn6I6x9hm0sGE3vhb9amu9X4U2CT19mKTVD0C-qqu9-ESypX6UZgiPqTB-wGoHf7jHRNeU6Bc8bLuPwM_-hqaGEdqZQY_rHP-2N_d7WO5FF29M" /> <script src="/core/assets/vendor/modernizr/modernizr.min.js?v=3.11.7"></script> <script> gtag('config', 'G-BECJQXLNCY', {cookie_domain: window.location.host, cookie_prefix: "sws", "ga-expire": 15552000}); </script> </head> <body class="sws-acsf page-internal-audit-our-charter section-internal-audit not-front role--anonymous"> <div class="dialog-off-canvas-main-canvas" data-off-canvas-main-canvas> <header class="su-masthead su-masthead--right"> <a href="#main-content" class="visually-hidden focusable su-skipnav su-skipnav--content"> Skip to main content </a> <a href="#secondary-navigation" class="visually-hidden focusable su-skipnav su-skipnav--secondary"> Skip to secondary navigation </a> <div class="su-brand-bar su-brand-bar--default"> <div class="su-brand-bar__container"><a class="su-brand-bar__logo" href="https://www.stanford.edu">Stanford University<span class="su-brand-bar__link--a11y"> (link is external)</span> </a></div> </div> <section class="su-masthead--inner" aria-label="Page logo, menu and search"> <div id="block-stanford-basic-branding" class="su-lockup su-lockup--option-a"> <a href="https://ocro.stanford.edu/" > <div class="su-lockup__cell1"> <div class="su-lockup__wordmark-wrapper"> <span class="su-lockup__wordmark">Stanford</span> </div> </div> <div class="su-lockup__cell2"> <span class="su-lockup__line1" >Office of the Chief Risk Officer</span> </div> </a> </div> <div class="su-site-search su-site-search" role="search"> <form action="/search" method="get" accept-charset="UTF-8"> <label class="su-site-search__sr-label" for="key">Search this site</label> <input type="text" id="key" name="key" class="su-site-search__input" placeholder="Search this site" maxlength="128"> <button type="submit" name="search" class="su-site-search__submit su-sr-only-text">Submit Search</button></form> </div> <div id="block-stanford-basic-main-navigation" class="system-menu-block main"> <nav class="su-multi-menu su-multi-menu--buttons su-multi-menu--right no-js" aria-label="main menu"> <button class="su-multi-menu__nav-toggle su-multi-menu__nav-toggle--right " aria-expanded="false">Menu</button> <ul class="su-multi-menu__menu su-multi-menu__menu-lv1"><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/home"><span class="su-multi-menu__link-text-wrapper">Home</span></a></li><li class="su-multi-menu__item su-multi-menu__item--parent su-multi-menu__item--active-trail"><a class="su-multi-menu__link" href="/internal-audit"><span class="su-multi-menu__link-text-wrapper">Internal Audit</span></a><ul class="su-multi-menu__menu su-multi-menu__menu-lv2"><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/our-values"><span class="su-multi-menu__link-text-wrapper">Our Values</span></a></li><li class="su-multi-menu__item su-multi-menu__item--parent su-multi-menu__item--active-trail su-multi-menu__item--current"><a class="su-multi-menu__link" href="/internal-audit/our-charter" aria-current="true"><span class="su-multi-menu__link-text-wrapper">Our Charter</span></a><ul class="su-multi-menu__menu su-multi-menu__menu-lv3"><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/our-charter#mission"><span class="su-multi-menu__link-text-wrapper">Mission</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/our-charter#scope"><span class="su-multi-menu__link-text-wrapper">Scope</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/our-charter#accountability"><span class="su-multi-menu__link-text-wrapper">Accountability</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/our-charter#independence"><span class="su-multi-menu__link-text-wrapper">Independence, Objectivity and Professionalism</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/our-charter#authority"><span class="su-multi-menu__link-text-wrapper">Authority</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/our-charter#responsibilities"><span class="su-multi-menu__link-text-wrapper">Responsibility</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/our-charter#auditservices"><span class="su-multi-menu__link-text-wrapper">Internal Audit</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/our-charter#complianceethics"><span class="su-multi-menu__link-text-wrapper">Compliance and Ethics Services</span></a></li></ul></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/who-are-auditors-stanford"><span class="su-multi-menu__link-text-wrapper">Who Are the Auditors at Stanford?</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/how-are-internal-audits-scheduled"><span class="su-multi-menu__link-text-wrapper">How Are Internal Audits Scheduled?</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/how-can-i-best-work-auditors-stanford"><span class="su-multi-menu__link-text-wrapper">How Can I Best Work With Auditors at Stanford?</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/how-can-i-best-work-external-auditors"><span class="su-multi-menu__link-text-wrapper">How Can I Best Work With External Auditors?</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/how-can-you-ensure-quality-services"><span class="su-multi-menu__link-text-wrapper">How Can You Ensure Quality Services?</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/internal-audit/how-does-internal-audit-ensure-quality-services"><span class="su-multi-menu__link-text-wrapper">How Does Internal Audit Ensure Quality Services?</span></a></li></ul></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="https://oec.stanford.edu/"><span class="su-multi-menu__link-text-wrapper">University Compliance Office</span></a></li><li class="su-multi-menu__item su-multi-menu__item--parent"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm"><span class="su-multi-menu__link-text-wrapper">ERM</span></a><ul class="su-multi-menu__menu su-multi-menu__menu-lv2"><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/purpose-and-objectives"><span class="su-multi-menu__link-text-wrapper">Purpose and Objectives</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/governance"><span class="su-multi-menu__link-text-wrapper">Governance</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/process"><span class="su-multi-menu__link-text-wrapper">Process</span></a></li><li class="su-multi-menu__item su-multi-menu__item--parent"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions"><span class="su-multi-menu__link-text-wrapper">Key Definitions</span></a><ul class="su-multi-menu__menu su-multi-menu__menu-lv3"><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-risk-appetite"><span class="su-multi-menu__link-text-wrapper">Risk Appetite</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-emerging-risk"><span class="su-multi-menu__link-text-wrapper">Emerging Risk</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-risk"><span class="su-multi-menu__link-text-wrapper">Risk</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-erm"><span class="su-multi-menu__link-text-wrapper">ERM</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-impact"><span class="su-multi-menu__link-text-wrapper">Impact</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-risk-level"><span class="su-multi-menu__link-text-wrapper">Risk Level</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-inherent-risk"><span class="su-multi-menu__link-text-wrapper">Inherent Risk</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-integrated-review"><span class="su-multi-menu__link-text-wrapper">Integrated Review</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-risk-response"><span class="su-multi-menu__link-text-wrapper">Risk Response</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-likelihood"><span class="su-multi-menu__link-text-wrapper">Likelihood</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-risk-owner"><span class="su-multi-menu__link-text-wrapper">Risk Owner</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-integrated-review-0"><span class="su-multi-menu__link-text-wrapper">Integrated Review</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-risk-severity"><span class="su-multi-menu__link-text-wrapper">Risk Severity</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-sub-risk"><span class="su-multi-menu__link-text-wrapper">Sub-risk</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-risk-trend"><span class="su-multi-menu__link-text-wrapper">Risk Trend</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-mitigating-activities"><span class="su-multi-menu__link-text-wrapper">Mitigating Activities</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-monitoring-activities"><span class="su-multi-menu__link-text-wrapper">Monitoring Activities</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-residual-risk"><span class="su-multi-menu__link-text-wrapper">Residual Risk</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/key-definitions/definition-sub-risk-owner"><span class="su-multi-menu__link-text-wrapper">Sub-risk Owner</span></a></li></ul></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/riskonnect-reference-material"><span class="su-multi-menu__link-text-wrapper">Riskonnect Reference Materials</span></a></li><li class="su-multi-menu__item su-multi-menu__item--parent"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/resources"><span class="su-multi-menu__link-text-wrapper">Resources</span></a><ul class="su-multi-menu__menu su-multi-menu__menu-lv3"><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/resources/erm-faqs"><span class="su-multi-menu__link-text-wrapper">ERM FAQs</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/resources/useful-links"><span class="su-multi-menu__link-text-wrapper">Useful Links</span></a></li></ul></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/enterprise-risk-management-erm/erm-contacts"><span class="su-multi-menu__link-text-wrapper">Contacts</span></a></li></ul></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="https://international.stanford.edu/travelers"><span class="su-multi-menu__link-text-wrapper">Global Risk</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="https://orm.stanford.edu"><span class="su-multi-menu__link-text-wrapper">Risk Management and Insurance</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="https://privacy.stanford.edu/"><span class="su-multi-menu__link-text-wrapper">Privacy Office</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="https://uit.stanford.edu/security/"><span class="su-multi-menu__link-text-wrapper">Information Security</span></a></li><li class="su-multi-menu__item su-multi-menu__item--parent"><a class="su-multi-menu__link" href="/staff"><span class="su-multi-menu__link-text-wrapper">Staff</span></a><ul class="su-multi-menu__menu su-multi-menu__menu-lv2"><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/staff/senior-associate-vice-president-and-chief-risk-officer"><span class="su-multi-menu__link-text-wrapper">Senior Associate Vice President and Chief Risk Officer - Raina Rose Tagle</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="/staff/contact-ocro"><span class="su-multi-menu__link-text-wrapper">Contact Us</span></a></li><li class="su-multi-menu__item"><a class="su-multi-menu__link" href="https://stanford-ocro.slack.com/docs/T9XP3F3M1/F05GE2L8D6C"><span class="su-multi-menu__link-text-wrapper">OCRO Internal Site (OCRO-only)</span></a></li></ul></li></ul></nav> </div> </section> </header><main class="page-content" id="page-content"><div data-drupal-messages-fallback class="hidden"></div> <div id="block-stanford-basic-content" class="system-main-block block-system block-stanford-basic-content"> <section class="node basic-page node--layout-full"> <div class="content"> <div class="jumpstart-ui--one-column"> <div class="main-region"> </div> </div> <div class="jumpstart-ui--one-column centered-container"> <div class="main-region flex-12-of-12"> <div class="field-block node-stanford-page-title block-layout-builder"> <div class="node stanford-page title string label-hidden"><h1>Our Charter</h1> </div> </div> </div> </div> <div class="jumpstart-ui--two-column flex-container centered-container"> <div class="left-region flex-lg-3-of-12"> <div class="menu-block main block block-menu navigation menu--main"> <h2 aria-hidden="true" class="visually-hidden" id="menu-blockmain-menu">Main navigation</h2> <a href="#main-content" class="visually-hidden focusable su-skipnav su-skipnav--content">Skip to main content</a> <nav class="su-secondary-nav--light su-secondary-nav su-secondary-nav--static no-js" aria-label="secondary menu"> <div id="secondary-navigation" tabindex="-1" class="visually-hidden focusable">Secondary Navigation</div> <ul class="su-secondary-nav__menu su-secondary-nav__menu-lv1"><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/our-values"> Our Values </a></li><li class="su-secondary-nav__item su-secondary-nav__item--parent su-secondary-nav__item--active-trail su-secondary-nav__item--current"><a aria-current="true" class="su-secondary-nav__link" href="/internal-audit/our-charter"> Our Charter </a><ul class="su-secondary-nav__menu su-secondary-nav__menu-lv2"><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/our-charter#mission"> Mission </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/our-charter#scope"> Scope </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/our-charter#accountability"> Accountability </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/our-charter#independence"> Independence, Objectivity and Professionalism </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/our-charter#authority"> Authority </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/our-charter#responsibilities"> Responsibility </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/our-charter#auditservices"> Internal Audit </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/our-charter#complianceethics"> Compliance and Ethics Services </a></li></ul></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/who-are-auditors-stanford"> Who Are the Auditors at Stanford? </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/how-are-internal-audits-scheduled"> How Are Internal Audits Scheduled? </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/how-can-i-best-work-auditors-stanford"> How Can I Best Work With Auditors at Stanford? </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/how-can-i-best-work-external-auditors"> How Can I Best Work With External Auditors? </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/how-can-you-ensure-quality-services"> How Can You Ensure Quality Services? </a></li><li class="su-secondary-nav__item"><a class="su-secondary-nav__link" href="/internal-audit/how-does-internal-audit-ensure-quality-services"> How Does Internal Audit Ensure Quality Services? </a></li></ul></nav> </div> </div> <div class="flex-lg-9-of-12 main-region"> <div class="jumpstart-ui-skipnav-main-anchor block-jumpstart-ui"> <div id="main-content" tabindex="-1" class="visually-hidden focusable">Main content start</div> </div> <div class="field-block node-stanford-page-su-page-components block-layout-builder"> <div class="node stanford-page su-page-components entity-reference-revisions label-hidden"> <div class="paragraph-item ptype-stanford-layout"> <div class="ptype-stanford-layout paragraph paragraph--type--stanford-layout paragraph--view-mode--default"> <div class="layout layout--layout-paragraphs-one-column"> <div class="layout__region layout__region--main"> <div class="ptype-stanford-wysiwyg paragraph paragraph--type--stanford-wysiwyg paragraph--view-mode--default"> <div class="su-wysiwyg-text paragraph stanford-wysiwyg text-long label-hidden"><h2>Internal Audit Charter</h2><h2>Charter</h2><p>The Department's charter, as approved by the Stanford University Board of Trustees, follows:</p><h3><a name="mission"></a>Mission</h3><p>The mission of Internal Audit (IA) is to provide risk-based independent and objective audit, assessment, advisory and investigative services designed to add value and improve the operations of Stanford University, Stanford Health Care, Lucile Packard Children’s Hospital, SLAC, Stanford Management Company, and related organizations. IA helps these organizations accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.</p><h3><a name="scope"></a>Scope</h3><p>The scope of work of IA is to determine whether the organization’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning effectively to ensure:</p><ul><li>Risks are appropriately identified and managed</li><li>Significant financial, managerial, and operating information is accurate, reliable, and timely.</li><li>Employees’ actions are in compliance with applicable laws, regulations, contract/grant provisions, donor restrictions, and internal policies, plans, and procedures.</li><li>Resources are acquired economically, used efficiently, accounted for accurately, and protected adequately.</li><li>Compliance, integrity, quality and continuous improvement are fostered in the organization’s culture and control process.</li><li>Significant legislative or regulatory issues impacting the organization are recognized and addressed properly.</li></ul><h3><a name="accountability"></a>Accountability</h3><p>The Senior Associate Vice President and Chief Risk Officer for IA shall be accountable to senior leadership and the Audit, Compliance and Risk Committee of the University Board of Trustees and the Audit and Compliance Committeees of the Hospitals' Boards of Directors to:&nbsp;</p><ul><li>Provide annually an assessment on the adequacy and effectiveness of the organization’s processes for controlling its activities and managing its risks in the areas set forth under the mission and scope of work.</li><li>Report significant issues related to the processes for controlling the activities of the organization its affiliates, including potential improvements to those processes, and provide information concerning such issues through resolution.</li><li>Periodically provide information on the status and results of the annual audit and compliance and ethics plans, enterprise risk management activities and the sufficiency of department resources.&nbsp;</li><li>Coordinate with, and provide oversight of, other compliance, control, and monitoring functions.</li></ul><h3><a name="independence"></a>Independence, Objectivity and Professionalism</h3><p>To provide for the independence of Internal Audit and Compliance and Ethics efforts, the Senior Associate Vice President and Chief Risk Officer reports administratively to the University Vice President of Business Affairs and Chief Financial Officer (CFO), and functionally to the Audit, Compliance and Risk Committee of the University Board of Trustees and the Audit and Compliance Committees of the Hospitals’ Boards of Directors in the manner described in the Accountability section above.</p><p>IA personnel will exhibit the highest level of professional objectivity and integrity in gathering, evaluating, and communicating information about the activity or process being examined. IA's assessments will consider all relevant facts and circumstances, and will not be unduly influenced by their own interests or by others interests in forming judgments.</p><p>The internal audit activity will govern itself by adherence to The Institute of Internal Auditors’ mandatory guidance including the Definition of Internal Auditing, the Code of Ethics, and the&nbsp;<em>International Standards for the Professional Practice of Internal Auditing.</em>&nbsp;These Standards require a Charter approved by the Board. Internal Audit also conforms to other applicable standards.</p><h3><a name="authority"></a>Authority</h3><p>IA is authorized to:</p><ul><li>Have unrestricted access to all functions, records, properties, and personnel.</li><li>Make specific reports directly to the University President and Provost.</li><li>Have direct access to the relevant Board Committees.</li><li>Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish IA objectives.</li><li>Obtain the necessary assistance of personnel in units of the organization where they perform audits, reviews, assessments, investigations and advisory engagements as well as other specialized services from within or outside the organization.</li></ul><p>IA is not authorized to:</p><ul><li>Perform any operational duties for the organization or its affiliates.</li><li>Initiate or approve accounting transactions external to IA.</li><li>Direct the activities of any organization employee not employed by IA, except to the extent such employees have been appropriately assigned to auditing teams or to otherwise assist IA.</li></ul><h3><a name="responsibilities"></a>Responsibility</h3><p>IA has responsibility to:</p><ul><li>Maintain a professional staff with sufficient knowledge, skills, experience, and professional certifications to meet the requirements of this charter.</li><li>Establish a quality assurance and improvement program that covers all aspects of Internal Audit and Compliance and Ethics activities.&nbsp;</li></ul><h3><a name="auditservices"></a>Internal Audit</h3><p>Internal Audit (IA), under the direction of the Chief Audit Executive, conducts financial, operational, and information technology audits in accordance with approved plans and its established policies and procedures.&nbsp;&nbsp;</p><p>Internal Audit services include, but are not limited to the following:</p><ul><li>Developing and implementing a flexible annual audit plan using appropriate risk-based methodology, including risks or control concerns identified by management. These plans are submitted to the Audit, Compliance and Risk Committee of the University Board of Trustees and the Audit and Compliance Committees of the Hospitals’ Boards of Directors for review and approval.</li><li>Examining and evaluating the adequacy and effectiveness of the systems of internal controls.</li><li>Evaluating and assessing significant new or changing services, processes, operations, technologies, and controls coincident with their development and implementation.</li><li>Identifying opportunities for reducing costs, improving processes, strengthening controls and enhancing the organization’s reputation.</li><li>Reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information.</li><li>In conjunction with the Office of General Counsel, assessing compliance with laws, regulations, contract/grant provisions, and internal policies, plans, and procedures.</li><li>Verifying that resources are acquired economically, used efficiently, accounted for accurately, and protected adequately.</li><li>Reviewing operations or programs to ascertain whether results are consistent with established objectives.</li><li>Conducting investigations of suspected fraudulent activities in conjunction with Compliance and Ethics and other University resources and notifying management and the Audit, Compliance and Risk Committee of the University Board of Trustees and the Audit and Compliance Committees of the Hospitals’ Boards of Directors of the results.</li><li>Performing advisory services, beyond IA’s auditing services, to assist management in meeting its objectives.</li><li>Facilitating and coordinating external audits.</li><li>Evaluating emerging audit trends and implementing best practices.</li></ul><p><strong>IA provides optimal audit coverage to the University, Hospitals, SLAC and SMC at a reasonable overall cost. In addition, the work performed by external auditors and regulators, as appropriate, is considered.</strong></p><h3><strong><a name="complianceethics"></a>Compliance and Ethics Services</strong></h3><p>Compliance and Ethics (C&amp;E) at Stanford University is the responsibility of all employees and is conducted by a number of different organizations with oversight residing under the Chief Ethics and Compliance Officer.&nbsp; C&amp;E works closely with the Office of the General Counsel, seeking advice and counsel on matters that involve legal issues.&nbsp; Compliance and Ethics is organized in a matrix operational framework. This framework helps connect and coordinate the different compliance organizations ensuring that compliance is an integral part of the University’s culture. This framework also ensures that the institutional perspective is always present as we continue to fulfill our legal and ethical obligations to each other and to persons outside Stanford with whom we interact.</p><p><strong>Compliance services include, but are not limited to the following:</strong></p><ul><li>Developing and implementing a flexible annual compliance and ethics plan as per the seven elements of the Federal Sentencing Guidelines and submitting it to the Audit, Compliance and Risk Committee of the University Board of Trustees for review and approval.</li><li>Coordinating the University’s compliance activities, including chairing the Compliance, Ethics and ERM (CEE) Steering Committee and the Compliance Risk Administrators Network (CRAN).</li><li>Serving as a resource in developing or improving compliance-related processes.</li><li>Assisting in the development of University policies or practices to help ensure compliance with Federal, State, and Local laws and regulations, and contract/grant provisions.</li><li>Assisting in the development and delivery of compliance-related training.</li><li>Promoting compliance awareness.</li><li>Providing compliance advisory services to management, faculty, and staff.</li><li>Monitoring compliance and assessing the adequacy of compliance activities in compliance areas throughout the University.</li><li>Evaluating emerging compliance trends in higher education and government and implementing best practices.</li><li>Administering a Compliance and Ethics Helpline, (with the assistance and guidance of the Office of the General Counsel and Human Resources), that provides the University community with a mechanism to: pose questions and obtain advice regarding compliance issues; report concerns related to possible noncompliance with government or external agency regulations; and report concerns related to University policies and procedures or errors or irregularities in Stanford’s financial accounting practices or policies.</li></ul><p>&nbsp;</p><p>On February 13, 2017, signed by:<br>Chair, Board of Trustees, Committee on Audit, Compliance and Risk,<br>Stanford University President,<br>Stanford Vice President Business Affairs and Chief Financial Officer,&nbsp;and Senior&nbsp;Associate Vice President and Chief Risk Officer</p><p><em><strong>Note</strong>: Administrative update to functional unit name - January 29, 2024</em></p></div> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div><!-- /.content --></section><!-- /.node as page --> </div> <button id="back-to-top"> <span class="fas fa-chevron-up"></span> Back to Top </button> </main> <footer id="footer"> <div id="block-config-pages" class="config-pages-block block-config-pages"> <div class="ds-entity--config-pages ds-entity--stanford-local-footer"> <div data-contextual-id="config_pages:config_pages=1:changed=1731703021&amp;ds_bundle=stanford_local_footer&amp;ds_view_mode=default&amp;langcode=en" data-contextual-token="ZuyS25eykvwxUzfei5xgEpw7kGC5P1antjztdtGi9O8" data-drupal-ajax-container=""></div><div class="su-local-footer "> <div class="su-local-footer__header"> <div class="su-lockup su-lockup--option-"> <a href="https://ocro.stanford.edu/" > <div class="su-lockup__cell1"> <div class="su-lockup__wordmark-wrapper"> <span class="su-lockup__wordmark">Stanford</span> </div> </div> <div class="su-lockup__cell2"> <span class="su-lockup__line1" >Office of the Chief Risk Officer</span> </div> </a> </div> <a href="/saml/login?destination=/internal-audit/our-charter" class="su-link su-link--internal" rel="nofollow"> Web Login </a> </div> <div class="su-local-footer__columns"> <div class="su-local-footer__cell1"> <h2 class="su-sr-only-element">Address</h2> <address class="su-local-footer__address"> <div class="config-pages stanford-local-footer su-local-foot-address address label-hidden"><p class="address" translate="no"><span class="organization">Office of the Chief Risk Officer</span><br> <span class="address-line1">505 Broadway</span><br> <span class="address-line2">Cardinal Hall, 6th Floor</span><br> <span class="locality">Redwood City</span>, <span class="administrative-area">CA</span> <span class="postal-code">94063</span><br> <span class="country">United States</span></p></div> </address> <ul class="su-local-footer__action-links"> <li > <a href="mailto:ocro-executive-program-support@stanford.edu">Executive Support and OCRO Operations</a> </li> <li > <a href="mailto:internal-audit@lists.stanford.edu">Internal Audit </a> </li> <li > <a href="mailto:integrity@stanford.edu">Ethics and Compliance </a> </li> <li > <a href="mailto:privacy@stanford.edu">University Privacy Office</a> </li> <li > <a href="tel:650-723-2300">650-723-2300</a> </li> </ul> <ul class="su-local-footer__social-links"> <li > <a href="https://www.facebook.com/stanford/" class="su-local-footer__social-facebook" > <i aria-hidden='true'></i> <span>Stanford Facebook</span> </a> </li> <li > <a href="https://www.instagram.com/stanford/" class="su-local-footer__social-instagram" > <i aria-hidden='true'></i> <span>Stanford Instagram</span> </a> </li> <li > <a href="http://twitter.com/" class="su-local-footer__social-twitter" > <i aria-hidden='true'></i> <span>Twitter</span> </a> </li> <li > <a href="http://linkedin.com" class="su-local-footer__social-linkedin" > <i aria-hidden='true'></i> <span>LinkedIn</span> </a> </li> </ul> </div> <div class="su-local-footer__cell2"> </div> <div class="su-local-footer__cell3"> </div> </div> </div> </div> </div> <div class="su-global-footer "> <div class="su-global-footer__container"> <div class="su-global-footer__brand"> <a id="su-logo" class="su-logo " aria-hidden="true" tabindex="-1" href="https://www.stanford.edu">Stanford<br>University<span class="su-global-footer__link-a11y"> (link is external)</span> </a> </div> <div class="su-global-footer__content"> <nav aria-label="global footer menu"> <ul class="su-global-footer__menu su-global-footer__menu--global"> <li><a href="https://www.stanford.edu" rel="nofollow">Stanford Home<span class="su-global-footer__link-a11y"> (link is external)</span> </a></li> <li><a href="https://visit.stanford.edu/basics/" rel="nofollow">Maps &amp; Directions<span class="su-global-footer__link-a11y"> (link is external)</span> </a></li> <li><a href="https://www.stanford.edu/search/" rel="nofollow">Search Stanford<span class="su-global-footer__link-a11y"> (link is external)</span> </a></li> <li><a href="https://emergency.stanford.edu" rel="nofollow">Emergency Info<span class="su-global-footer__link-a11y"> (link is external)</span> </a></li> </ul> <ul class="su-global-footer__menu su-global-footer__menu--policy"> <li><a href="https://www.stanford.edu/site/terms/" rel="nofollow" title="Terms of use for sites">Terms of Use<span class="su-global-footer__link-a11y"> (link is external)</span> </a></li> <li><a href="https://www.stanford.edu/site/privacy/" rel="nofollow" title="Privacy and cookie policy">Privacy<span class="su-global-footer__link-a11y"> (link is external)</span> </a></li> <li><a href="https://uit.stanford.edu/security/copyright-infringement" rel="nofollow" title="Report alleged copyright infringement">Copyright<span class="su-global-footer__link-a11y"> (link is external)</span> </a></li> <li><a href="https://adminguide.stanford.edu/chapter-1/subchapter-5/policy-1-5-4" rel="nofollow" title="Ownership and use of Stanford trademarks and images">Trademarks<span class="su-global-footer__link-a11y"> (link is external)</span> </a></li> <li><a href="https://non-discrimination.stanford.edu/" rel="nofollow" title="Non-discrimination policy">Non-Discrimination<span class="su-global-footer__link-a11y"> (link is external)</span> </a></li> <li><a href="https://www.stanford.edu/site/accessibility" rel="nofollow" title="Report web accessibility issues">Accessibility<span class="su-global-footer__link-a11y"> (link is external)</span> </a></li> </ul> </nav> <div class="su-global-footer__copyright"> <span>&copy; Stanford University.</span> <span>&nbsp; Stanford, California 94305.</span> </div> </div> </div> </div> <!-- su-global-footer end --> </footer> </div> <script type="application/json" data-drupal-selector="drupal-settings-json">{"path":{"baseUrl":"\/","pathPrefix":"","currentPath":"node\/46","currentPathIsAdmin":false,"isFront":false,"currentLanguage":"en"},"pluralDelimiter":"\u0003","suppressDeprecationErrors":true,"google_analytics":{"account":"G-2702NRSNLR","trackOutbound":true,"trackMailto":true,"trackTel":true,"trackDownload":true,"trackDownloadExtensions":"7z|aac|arc|arj|asf|asx|avi|bin|csv|doc(x|m)?|dot(x|m)?|exe|flv|gif|gz|gzip|hqx|jar|jpe?g|js|mp(2|3|4|e?g)|mov(ie)?|msi|msp|pdf|phps|png|ppt(x|m)?|pot(x|m)?|pps(x|m)?|ppam|sld(x|m)?|thmx|qtm?|ra(m|r)?|sea|sit|tar|tgz|torrent|txt|wav|wma|wmv|wpd|xls(x|m|b)?|xlt(x|m)|xlam|xml|z|zip","trackColorbox":true},"data":{"extlink":{"extTarget":false,"extTargetNoOverride":false,"extNofollow":false,"extNoreferrer":false,"extFollowNoOverride":false,"extClass":"su-link su-link--external","extLabel":" (link is external)","extImgClass":false,"extSubdomains":false,"extExclude":"","extInclude":"","extCssExclude":".localist-widget, #lclst_widget_footer, .oembed-lazyload__button","extCssExplicit":"#page-content, .su-local-footer","extAlert":false,"extAlertText":"This link will take you to an external web site. We are not responsible for their content.","mailtoClass":"mailto","mailtoLabel":" (link sends email)","extUseFontAwesome":false,"extIconPlacement":"append","extFaLinkClasses":"fa fa-external-link","extFaMailtoClasses":"fa fa-envelope-o","whitelistedDomains":[]}},"stanford_basic":{"nav_dropdown_enabled":false},"user":{"uid":0,"permissionsHash":"3ccfe3659ca8ca234dca7228ea5750dfa448bedb78fd704048f13ebd00397a1e"}}</script> <script src="/sites/g/files/sbiybj15831/files/js/js_tHAcqSyxoV8ucBVhTBUSJsZX0ueykvUuIHuZ793PsXM.js?scope=footer&amp;delta=0&amp;language=en&amp;theme=stanford_basic&amp;include=eJxdjVsKwzAMBC9krCMZJZFdtfIDWS7J7WNKSUp_lt1hYVKtSShgQTmM1w7pD7jnyK0bqoXB8DvcLCVW3cKCnVf4pKPdhMsLNh0NxX_n_W1aI0_Bg6SRQmcjzhO-yV_OE5JFO-c"></script> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10