Stanford Report Online



Stanford Report, Jan. 21, 2004

Internal Audit offers staff control and compliance checklist

BY STEVE JUNG, DIRECTOR OF INTERNAL AUDIT

The following are five important internal control and compliance reminders from Internal Audit.

1. Compliance helpline. Remember that the compliance program helpline at http://institutionalcompliance.stanford.edu/report/ is available 24 hours a day, seven days a week to receive questions or concerns about possible noncompliance with the wide range of government rules and regulations to which Stanford is subject. Submissions may be made confidentially and even anonymously, but if you provide a name and e-mail address or phone number, a representative of the Institutional Compliance Program will get back to you immediately with a response to your question or an indication of when a response will be made.

2. Compliance self-study. If you are in a position of responsibility for compliance with government or university policies and procedures, remember that Internal Audit provides a compliance self-study guide on its website at www.stanford.edu/dept/Internal-Audit/docs/compliance99.shtml. This guide, containing links to online university policies and procedures, is a modified version of the audit program that has been used by Internal Audit in its conduct of regular operating unit compliance audits over the past decade.

3. Call us anytime. Remember that Internal Audit Department team members are available to meet with faculty and staff one-on-one or in small and large groups to discuss compliance and internal control topics, answer questions or address concerns. To arrange a meeting, simply call the department at 725-0074.

4. Note continuing questionable practices. Be on the lookout for repeated questionable accounting practices that might point to intentional financial irregularities, and bring them to our attention.

For example, an employee of a vendor located on a college campus was processing improper invoices through the college's billing system, charging for services that were not delivered and pocketing the proceeds. When school and departmental staff noticed the improper charges on their expenditure statements and questioned them, the vendor employee immediately provided credits, explaining them as "temporary accounting difficulties." However, the "temporary difficulties" continued and increased, especially phony invoices to accounts that were not being reconciled regularly. After several years, the pattern came to light, and the scam was interrupted -- but by that time the dishonest vendor employee had absconded with the funds. Had college staff who experienced multiple "temporary problems" mentioned them to their management or to the internal auditors' sooner, the losses might have been reduced.

5. Use proper expenditure approvals. University policy (Administrative Guide Memo 36.7) states, "Employees may not authorize travel or approve expense reimbursement for themselves, nor for a person to whom they report either directly or indirectly." One purpose of this policy is to ensure that Stanford employees are never placed in situations where they feel compelled to authorize or approve payments or reimbursements to or on behalf of their supervisors, due to the potential for inappropriate pressures in such situations.

As a general rule, it is sound business practice for all payments made to or on behalf of a supervisor (at any level of the university) to be routed to that person's immediate supervisor for authorization or approval, including expenses incurred through Travel & Reimbursements, petty cash and P-cards. Mechanisms exist in all of the new Oracle financial applications for authorizations and approvals to be routed to a (typically higher level) independent approver to ensure that payment or reimbursement decisions are never subject to inappropriate influences or even the perception of such.

Questions about how to utilize these mechanisms may be directed to Customer Outreach, Controller's Office (disbursementshelp@stanford.edu or 725-9100), or to Internal Audit.