Hi Joe,
Opinion only… From where I sit, I believe that internal audit should have absolute access to everything barring transactional authority and GL authority. If they cannot access everything they need, I cannot see how they can perform testing of the operational controls and the testing of procedures.
In our shop, the IA dept has terminals linked to the network, they also have access to the reports systems. They do not have any transactional ability and they cannot sign checks or transfer funds via GL.
The internal audit function is becoming increasingly important with the SOX requirements recently imposed. They need to prove that internal controls are in place and adhered to. They are God.
I hope this gives you another point of view. (sound familiar, Joe?)