Islamic Teachings about Privacy and the Job of an Internal Auditor

By Moulana Imraan Vawda
Posted: 3 Jamad-ul-Awwal 1423, 14 July 2002

Q.) I am an internal auditor in an organization and my job is to "detect and prevent error and fraud" in that organization. There is a hadith that states "Whoever looks into the letter of his brother without his permission, he only looks into the Fire (of Hell)." (Abu Dawood).

I usually like to hear employee's backbiting, read unauthorized mail, email and use other methods to gain knowledge and foresight about the intentions of employees to different transactions of the organization. The main purpose of this exercise is to adhere to the definition of an internal auditor as given above. Is it permissible to do so?

A.) The most important issue is to distinguish what falls under private domain, and what under company domain. The organization, in all probability, has guidelines for its employees.

If the company allows its employees to use the company's facilities, phone, fax, email, etc. for the employee's personal correspondence together with the right of privacy, then it will be wrong to eavesdrop or intercept such communications.

If it is the policy of the company that all communications via any of the company's facilities are company domain, and that the company retains the right to monitor such communications, then as a representative of the company you may snoop into such communications on their behalf. This will not fall under the warning of the hadith, for it refers to a private communication. That is why his permission is required.

In the case of the company, the employees have agreed to the terms of the contract, and have thus, in principle given the company permission to eavesdrop into their communications. However, as a matter of Taqwa, confine your audit to issue directly related to the company, and avoid all such matters which have no direct bearing on the affairs of the company. And Allah Ta'ala Knows Best