I don’t know that I would necessarily be TOO worried. Who brought them in? If they were brought in by IT mgmt., then it is most likely to identify & address weaknesses in current procedures & how things can be done more efficiently. However, if they’re being brought in by upper mgmt., it COULD be (& this could just be me being paranoid) that they’re looking to make changes in IT World… possibly looking outside. I only say this because I’ve seen it happen before.
I would say give them access only to what you have to. Don’t give them more than they need. It’s better that they have to ask you for something than that you’ve given them more than they have to have (i.e. passwords, etc.).