Skip to main content Skip to secondary navigation

Office of the Chief Risk Officer

Main content start

The office of the Chief Risk Officer (OCRO), strives to be a valued partner and advisor to management, faculty, and the Audit, Compliance and Risk Committee of the Board of Trustees.  OCRO is comprised of the following entities.

 Internal Audit 

The mission of Internal Audit is to provide independent, objective assurance and consulting services designed to add value and improve the operations of Stanford University and the Stanford University Hospitals. Internal Audit Services helps these organizations accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. Specifically, we examine and evaluate the policies, procedures, and systems that are in place to ensure:

  • reliability and integrity of information;
  • compliance with policies, laws, and regulations;
  • safeguarding of assets;
  • economical and efficient use of resources; and
  • accomplishment of established objectives and goals for operations or programs.

Ethics and Compliance Program 

Stanford is dedicated to upholding the highest standards of ethics and integrity in all its academic and business activities. Towards this end, the University has implemented a to:

  • help inform the Stanford community regarding the ethical, professional, and legal standards to be used as the basis for daily and long-term decisions and actions;
  • ensure effective avenues for employees to report misconduct, and investigate reported concerns;
  • assess compliance risks and evaluate the effectiveness of existing compliance activities;
  • make recommendations for program improvements; and
  • coordinate decentralized compliance activities and ensure an institutional perspective is always present

University Privacy Office

The Privacy Office promotes Stanford’s commitment to protecting the privacy of the University’s community including its students, alumni, faculty, staff, research participants, and affiliated parties. The Privacy Office has been entrusted to establish University practices and policies in order to:

  • develop, implement and manage the University’s privacy compliance program to comply with applicable state, federal and international privacy laws;               
  • provide training and education across the University addressing privacy compliance responsibilities and obligations;
  • conduct appropriate auditing and monitoring of activities involving the collection, storage, use, disclosure and transmission of regulated data;
  • promote the reporting of violations of privacy policies and regulations to the Privacy Office; and
  • conduct investigations of unauthorized uses and disclosures of regulated data and ensure that appropriate actions are taken to mitigate any resulting harm to individuals.

Information Security Office

Protecting the information assets important to Stanford. 

Global Risk Management

The global risk management team advises on travel preparation, risk assessment, mitigation, and response so faculty, staff, and students can travel overseas to research, learn, collaborate and engage with the world with self-awareness and confidence.

Risk Management and Insurance

Risk Management and Insurance evaluates risk from the standpoint of the entire University, rather than a single department or area; eliminates or modifies conditions or practices, wherever practical, which may cause loss; assumes risks whenever the amount of potential loss would not significantly affect the University's financial position; and purchases insurance from whatever source (agent, broker, or insurance company) is deemed to be in the best interests of the University.

Enterprise Risk Management 

Enterprise Risk Management coordinates the University’s enterprise risk management efforts to provide a framework and processes for the identification, assessment, mitigation and monitoring of risks to the achievement of the University’s mission and goals.



Office of The Chief Risk Officer
Stanford University
505 Broadway, Cardinal Hall, 6th Floor
Redwood City, CA  94063