I am an IT Director for a Healthcare Organization, I was recently requested from the CEO to give Full access to our Network shares and Enterprise Software to our CFO. Who will be performing an internal audit. How do you explain to the CEO that this is not the best practice for internal Security and permissions?