Successful PwC Audit of University Systems

How would you like to have the IRS audit you every year? For those involved in managing the university’s administrative application infrastructure, PricewaterhouseCoopers (PwC) does just that.

PwC was on-site in University IT this past August to perform the annual audit of systems and processes involved in managing Stanford’s finances. Understanding the importance of IT controls, their audit process begins with a careful evaluation of what they term the “Information Technology General Computer Controls (ITGC) Review.”

As part of the ITGC review, PwC performed a thorough assessment of the processes and controls behind Stanford’s finance, payroll, and HR systems. This included a review of information technology general computer controls for Oracle and PeopleSoft, automated application controls, key reports, and an assessment of the adequacy of the internal controls within the IT environment.

The ITGC audit standards are typically enhanced and tightened each year, making the annual audit notoriously difficult to navigate. University IT expends a significant amount of time and effort throughout the year to implement and execute internal processes and procedures in accordance with ITGC compliance and industry standards. System data is regularly reviewed at the application and database level to ensure that internal policies and procedures are being followed, documented, and kept up-to-date.

As a result of these efforts, Stanford has fared exceptionally well in the annual ITGC audit. This year continued the pattern: No IT-related findings were identified in the audited systems for the third year in a row.

This represents a significant accomplishment. Having strong IT controls in place ensures the integrity of the university’s financial systems and greatly reduces the need for manual, labor-intensive downstream mitigating controls at the business office level.

To learn more about the ITGC audit, contact Compliance Services in University IT’s Administrative Systems.