An audit only needs read access, not God mode. It should be conducted by a neutral third party, not someone on a witch hunt who has conflicts of interest. The people on the ground should have auditing qualifications, clear background checks, and knowledge of specific systems or processes, not a random 19-year-old named "Big Balls" with a history of selling company secrets to a competitor. Their findings should go through QA, and they should take the time to come up with an accurate report, rather than rushing through and blurting out whatever they think is happening.