Failure to adequately restrict access to critical business information from outsiders (intruders) may result in unauthorized knowledge and use of confidential information by inappropriate parties. Access risk includes the risk that access to information (data or programs) will be inappropriately granted or refused. This questionnaire describes business risks and management practices for addressing external access.