The audit would evaluate the institutions' information technology systems, the software already in place and current safety policies. But doing so would require a consultant access information and systems that the institutions say could make them vulnerable if not handled…