Office of Audit, Compliance and Privacy

The mission of Internal Audit Services is to provide independent, objective assurance and consulting services designed to add value and improve the operations of Stanford University and the Stanford University Hospitals. Internal Audit Services helps these organizations accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Specifically we examine and evaluate the policies, procedures and systems that are in place to ensure:

• reliability and integrity of information;
• compliance with policies, laws, and regulations;
• safeguarding of assets;
• economical and efficient use of resources; and
• accomplishment of established objectives and goals for operations or programs.

Stanford is dedicated to upholding the highest standards of ethics and integrity in all its academic and business activities. Towards this end, the University has implemented a Compliance and Ethics Program to:

• help inform the Stanford community regarding the ethical, professional, and legal standards to be used as the basis for daily and long-term decisions and actions;
• ensure effective avenues for employees to report misconduct, and investigate reported concerns;
• assess compliance risks and evaluate effectiveness of existing compliance activities;
• make recommendations for program improvements; and
• coordinate decentralized compliance activities and ensure an institutional perspective is always present

The Privacy Office promotes Stanford’s commitment to protect the privacy of the University’s community including its students, alumni, faculty, staff, research participants, and affiliated parties. The Privacy Office has been entrusted to establish University practices and policies in order to:

• develop, implement and manage the University’s privacy compliance program to comply with applicable state, federal and international privacy laws;               
• provide training and education across the University addressing privacy compliance responsibilities and obligations;
• conduct appropriate auditing and monitoring of activities involving the collection, storage, use, disclosure and transmission of regulated data;
• promote the reporting of violations of privacy policies and regulations to the Privacy Office; and
• conduct investigations of unauthorized uses and disclosures of regulated data and ensure that appropriate actions are taken to mitigate any resulting harm to individuals.

Map