In the normal course of business departments generate and collect a significant amount of confidential and other sensitive information about current and former faculty, staff, and students, as well as information about University operations. Access to and disclosure of such information must be appropriate, necessary, and for a clearly defined business and legal purpose. All members of the University community are responsible for safeguarding such information, for preventing its inadvertent disclosure, and for protecting the privacy of individuals and the integrity and reputation of the University. To this end, departments must notify the Director of Internal Audit and Tax Compliance before any information is provided to an external auditor.
Internal Audit and Tax Compliance Review
The Director of Internal Audit and Tax Compliance will participate in an entrance conference with the auditors and department management, as needed, to review the objectives and scope of the audit prior to the start of any audit field work. After the entrance conference, the department should make every effort to provide the requested information within the time period specified by the auditor. Any questions concerning subsequent requests for information, or an extension of time to respond to such requests, should be referred to the Director of Internal Audit and Tax Compliance. The Director will also participate in an exit conference, as needed, to discuss the audit findings and recommendations, and to verify that the auditors have obtained sufficient and accurate information to warrant their findings.
When appropriate, the Director of Internal Audit and Tax Compliance will work with the Vice President for Business and Finance and the General Counsel in evaluating auditor requests for information.