Access to information, data security and confidentiality
49. Auditors have wide-ranging rights of access to documents and information in relation to the audit. Such rights apply not only to documents and information held by the audited body and its directors and staff, including documents held in electronic form, but also to the audited body’s partners and contractors, whether in the public, private or third sectors. Auditors may also require a person holding or accountable for any relevant document to give them such information and explanation as they consider necessary.
50. There are restrictions on the disclosure of information obtained in the course of the audit, subject only to specific exemptions. The Freedom of Information Act 2000 does not apply to appointed auditors, as they have not been designated as public authorities for the purposes of that legislation, although they are subject to the Environmental Information Regulations 2004. Audited bodies wishing to disclose information obtained from an auditor, which is subject to a statutory restriction on its disclosure, must consider Schedule 11 of the Act and seek the auditor’s consent to that disclosure.
51. Auditors protect the integrity of data relating to audited bodies and individuals either received or obtained during the audit. They ensure that data are held securely and that all reasonable steps are taken to ensure compliance with statutory and other requirements relating to the collection, holding and disclosure of information.