Set up a separate user account in the Web Dashboard for your external auditor and limit their permissions by the role you assign them.