In our company, the IT department set some policies to be able to control accessing inappropriate sites and other illegal sites. As an auditor, are we exempt from their policies because even accessing Yahoo mail is banned? There are times we need to research needed by the Top Management but we couldn't do it because they banned it. Is there any solution? Is there a policies exempting auditors?