As Randy said, they know they can access it all, and we know they can access it all, but......
I start by sending them the pdf copies of reports, workpapers, etc. When they questioned our WP storage etc, I sent them a screenshot of the system with procedures and logged papers. That gave them a sense of what we do and how we get it done. We have a standing username for them (and external auditors and audit committee members and other read-only types) and I will allow that username access to specific audits as needed. The one time this came up, they accessed my audit system on a network PC for guest use. All driven by our IT guy of course.