Audit Access

Posted By: Anonymous

Audit Access - 04/29/22 12:07 AM

As the head of audit I've always had read only access to documents. I have a high ranking member of the bank wanting to remove my access to one of their folders due to the "confidentiality" of information in that folder with the promise I can ask them anything and they will always be transparent. I am not sure how to respond.

I am wondering how other institutions handle access. Am I wrong in that we are supposed to be able to navigate without requesting permission in the event we have to investigate or research high level employees without them knowing.
Posted By: rlcarey

Re: Audit Access - 04/29/22 12:42 AM

I would be having a chat with the Chairman of the Board, as I assume you report directly to the board. Management does not determine your access. Only the Board determines your access.

Of course it would help to know what "information" you are talking about. Audit should not have access to anything unless it is within the scope of a specific audit. You do not have free range to go on fishing trips.
Posted By: osucpa

Re: Audit Access - 04/29/22 11:59 AM

Agree with Randy. There is some information I only want access to when performing the specific audit. If I have access issues I go to the CEO and then the Audit Committee Chair. Personnel documentation is always tricky.
Posted By: HappyGilmore

Re: Audit Access - 04/29/22 03:32 PM

Quote
n the event we have to investigate or research high level employees without them knowing
just my opinion here, but the process above should be handled from your HR division, not from an audit perspective. Audit should be reviewing processes, procedures, policies, etc. People are investigated by HR.
Posted By: ACBbank

Re: Audit Access - 04/29/22 06:33 PM

I am going to second what Randy and Happy stated. Audit should have unfettered access to documentation that falls within audit scope. If the materials are not within the approved audit plan, why would audit be interested in them?
Posted By: Anonymous

Re: Audit Access - 04/29/22 08:24 PM

IIA states authority: provide appropriate unfettered access to records, personnel, and physical properties.

It wouldn't be to go on fishing expeditions. Rather if you came across something that could indicate abuse of power or fraud either in an audit or through a complaint / alert, HR may not be the one to investigate. If you had to request access to those documents more people would be brought in the know during the investigation to include lower lever IT who would have to give you access.
Posted By: rlcarey

Re: Audit Access - 04/29/22 09:01 PM

Yes, IIA does state: provide appropriate unfettered access to records, personnel, and physical properties.

The key term there is appropriate. Appropriate means within the scope of the audit assignments.
Posted By: Andy_Z

Re: Audit Access - 04/29/22 09:55 PM

If the information in that folder is subject to being audited, there is little justification to have access restricted. Asking questions is not as good or thorough as reviewing actual documents. There is much to be gained from seeing the additional notes and notations as well as documents you may not have expected to see, and you wouldn't know what to ask unless you can see them.

THAT is transparency. Good luck with your continued access.

The only stipulation I ever had was some board documents I looked at in the President's office.