Audit Notification Policy

 

Policy Summary

Information must not be provided to any person claiming to be an auditor (whether internal or external) unless the department to be audited or the individual from whom the information is requested has a working relationship with that auditor, or until the auditor’s identity and the propriety of the audit have been confirmed.  This ensures the protection of confidential and other sensitive university information. In addition, departments and individuals must report all proposed audits to the Office of Ethics, Compliance, and Privacy for the purpose of centralized tracking. 

Who is Governed by this Policy

  • Staff
  • Faculty

Policy

Responsibility for Security of Information 

Through the normal course of business the university generates and collects a significant amount of confidential and other sensitive information about current and former faculty, staff, students and patients, as well as about university operations. Access to and disclosure of such information must be appropriate, necessary, and for a clearly defined purpose. All members of the university community are responsible for safeguarding such information, for preventing its inadvertent disclosure, and for protecting the privacy of individuals and the integrity and reputation of the university.   

Audit Verification and Notification Required 

Information must not be provided to any person claiming to be an auditor unless the department to be audited or the individual from whom the information is requested has established a working relationship with that auditor. If the department or individual does not have a working relationship with the auditor, or if an auditor arrives unannounced, notify the Office of Ethics, Compliance, and Privacy immediately. The Office of Ethics, Compliance, and Privacy maintains a list of all audits being performed at the university and will help to identify all internal and external auditors and verify the propriety of the proposed audit, as necessary. When appropriate, the Office of Ethics, Compliance, and Privacy will notify and work with the Office of the Senior Vice President and General Counsel and/or the Office of the University Controller in this regard. Once the propriety of the audit is confirmed, the department should make every effort to provide the requested information. 

In addition to the foregoing, departments and individuals must report all proposed audits to the Compliance and Privacy Office for the purpose of centralized tracking. 

Definitions

Auditors: Individuals who request to review and/or audit university records. Auditors include, but are not limited to auditors who are university employees or agents such as the audit companies the university contracts with for internal and external audits and auditors who are not university employees or agents such as District of Columbia auditors, sales tax auditors, or federal agency auditors.  

Related Information

Information Security Policy 

Privacy of Student Records (FERPA) Policy 

Procedures Governing Summonses, Subpoenas, Lawsuits, Notices, and Letters from Lawyers  

Personal Information and Privacy Policy 

Contacts

Contact Phone Number Email Address
The Office of Ethics, Compliance, and Privacy 202-994-3386 [email protected]

Responsible University Official: AVP Ethics, Compliance, and Risk
Responsible Office: Office of Ethics, Compliance, and Privacy

Last Reviewed: March 4, 2020

 

Non-compliance with this policy can be reported through this website.