Answer:
I do not see why internal audit would require 24x7 access to the security cameras or video archive. This should be allowed as needed but is typically best handled with Security having the access keys. The more people with access the more questions can arise as to the validity of the video and the inventory itself. That is, could there be an erroneous deletion or adjustment in a time/date stamp? Internal Audit, in my experiences, should have full access.
As to a whistle-blower program, there may be a team that receives and responds or one or persons from that team, depending on the issue. Your team may include human resources, legal, internal audit, security or some other functions if it is necessary to touch all areas of the bank. Incoming reports should be sent to at least two of these areas with strict confidentiality rules in place. This will ensure that no tips are overlooked, erroneously or intentionally.
print
share