Why Employee Audit Requests Hurt Workplace Culture and How to Use IT to Improve the Culture

Jim Allred
Workplace Culture IT Strategy

It usually starts with a Slack DM or a quick hallway ask. A manager wants IT to pull a direct report’s calendar for the last month. Or HR asks for a copy of someone’s sent email because “we have some concerns.” No formal investigation. No legal review. Just a quiet request that hopes the data will reveal something.

Here’s the thing worth saying out loud: the systems IT runs were not built to be surveillance tools, and how those systems are treated is one of the most important parts of how a company actually feels to work at. The good news is that handling these requests well isn’t complicated—it just takes a clear point of view and a simple process.

Why This Is a Culture Issue, Not Just an IT Issue

Workplace culture isn’t built in offsite activities or all-hands speeches. It’s built in the small, everyday decisions—how feedback gets delivered, who gets the benefit of the doubt, what gets escalated and what gets quietly handled. And increasingly, in how the systems people use every day are treated by the people who run them.

Companies don’t always think of IT or IT systems as culture-shapers. But IT sits at the center of how modern work actually happens. Email, calendar, chat, file storage, productivity tools—all define how employees interact with each other, and IT is the steward of them all. The way business leaders leverage those systems sets the precedent for the company culture.

Two very different cultures tend to grow out of how IT systems are used.

The trust culture. Managers manage. Expectations are clear. Employees are trusted by default. The systems people work in feel like tools rather than recording devices. People do their best work because they aren’t watching themselves be watched. IT is a respected partner—keeping things secure, reliable, and private.

The surveillance culture. Over time, IT and the systems they manage quietly become the place managers turn to confirm their suspicions about people they should be talking to instead. Each request looks small. The cumulative effect is corrosive. Once employees suspect their manager might check their email or pull their chat history, the relationship between manager and team is permanently shifted. Honest conversations move offline. And the IT systems, which are meant to empower productivity, end up being cast as surveillance tools for management.

The hard part is that no one decides to build the second culture. It accretes, request by quiet request, until one day people notice that something has shifted and no one can point to when.

When Pulling Data Is Genuinely the Right Call

Not every audit request is a problem. There are real, well-established cases where reviewing someone’s email, calendar, or message history is appropriate and necessary:

  • Formal HR investigations opened with documented justification and legal awareness following manager-to-employee conversations
  • Regulatory or compliance obligations (financial controls, healthcare records, export compliance, etc.)
  • Active security incident response—suspected account compromise, insider threat with specific indicators, data exfiltration alerts
  • Legal hold or e-discovery driven by counsel
  • Continuity access when an employee has departed and a manager needs their work product

These have a few things in common. There’s a documented justification. More than one person is in the decision. The goal is something other than evaluating an individual’s day-to-day. And the access is treated as a serious step, not a casual service. That seriousness is itself a culture signal—the company is telling itself that people’s work tools are something it actually respects.

When the Request Is a Management Problem in Disguise

Compare those to the requests that show up most often in practice:

  • “I think she’s interviewing somewhere else.”
  • “He says he’s working from home but I’m not sure he’s actually working.”
  • “I don’t think they’re being as productive as they could be.”
  • “Their numbers are off and I want to see if they’re slacking.”
  • “Her tone in meetings has changed and I want to see what she’s saying about me on Slack.”

Every one of these is a manager describing a relationship problem and asking for a data product instead of having a conversation. None of them are improved by the data. If a manager learns an employee took a long lunch on Tuesday, that doesn’t fix the underlying issue—it just gives the manager something to feel justified about while the actual problem keeps growing.

The “I don’t think they’re being as productive as they could be” version deserves special attention, because it sounds the most reasonable. Productivity can’t be inferred from calendar density, email volume, keystroke counts, or the green dot in a chat tool. Those are activity signals, and activity is not the same as outcomes. High performers often have quiet calendars and short message threads because they’re heads-down on the work. People who are struggling often look constantly busy.

The harder, more honest version of that question is one a manager has to ask themselves: Have I defined what good looks like in this role, communicated it clearly, and evaluated this person against it? Setting expectations and measuring against them is the core of management work. It can’t be outsourced to log data, and it can’t be skipped because it feels uncomfortable. When the impulse is to audit instead of set expectations, the real message is, “I haven’t defined the standard, but I want to prove they’re falling short of it.”

What Business Leaders Can Do

Managers, HR partners, and executives shape culture more directly than anyone, and they have the most influence over whether surveillance requests come up at all.

  • Define what good looks like before deciding someone’s falling short of it. A productivity concern only means something if there’s a clear, written expectation behind it—what outcomes this role owns, on what timeline, to what quality bar.
  • Evaluate against expectations, not activity. Once expectations are defined, the question is whether the outcomes are being delivered. That’s something a manager can see from their own visibility into the work, not from log data.
  • Have the conversation. Most “I’m not sure if they’re working” situations are resolved by a direct, specific conversation about expectations and outcomes. If that conversation feels too uncomfortable to have, that’s a signal about management capability, not employee behavior.
  • Use the performance process you already have. Documented expectations, regular 1:1s, written feedback, and a defined improvement plan are the tools designed for this.
  • Reserve formal investigations for when they’re warranted, and run them formally. Real concerns—harassment, theft, policy violations—go through HR and Legal as investigations, not as quiet IT requests.
  • Audit the impulse before auditing the employee. Before asking for activity data, ask what you’d do with it. If the honest answer is “build a case I’ve already decided on,” that’s not management.

How IT Teams Should Help

Many companies underestimate the cultural significance of the audit requests made to IT, which are often attempts to save time or avoid difficult management conversations. The middle path—routing each request properly—is where IT can most effectively shape a positive, trust-based culture.

  • Have a written policy, and route every request through it. Require a named requester, a stated business justification, explicit approval from HR and Legal, a defined scope, and a defined retention period for whatever is pulled. Drafting that policy with HR and Legal is one of the most culture-positive things a company can do.
  • Ask one diagnostic question. “What’s the management problem you’re trying to solve?” The point isn’t to play HR. It’s to give the requester a chance to recognize, on their own, that the answer probably isn’t a log query.
  • Don’t be the lone gatekeeper. If pressure escalates, escalate further—to the CIO, CISO, or General Counsel. Surveillance decisions should never sit on one IT person’s shoulders. These are ultimately business decisions.
  • Treat approved access with the seriousness it deserves. Log the request, the approval chain, the scope, and the access. That documentation isn’t bureaucracy—it’s how the company shows itself, over time, that access to people’s work tools is taken seriously.

The Workplace You’re Actually Building

The companies that handle this well aren’t the ones with the strictest IT teams and policies. They’re the ones where these requests rarely come up at all—because managers have been equipped to manage, HR has been equipped to investigate when investigation is genuinely warranted, and IT has been positioned as a steward of systems and trust rather than a back channel for surveillance.

That kind of culture doesn’t come from a single decision. It comes from hundreds of small ones, made consistently. How a manager phrases a concern. How HR scopes a request. How an IT team responds to a Slack DM that asks for “just a quick look.” Each of those moments is a culture decision, and the cumulative pattern is what employees actually experience when they show up to work.

The better culture is also the practical one. Less legal risk. Better management. Stronger trust. A happier IT team.

How We Can Help

At 2Fifteen Tech, we work with companies that want IT to be a partner in building a healthy workplace—not a back channel for surveillance. That means helping you draft clear access policies, set up proper audit and approval workflows, and put the right governance in place so the rare cases where access is genuinely needed are handled the right way.

If your team is fielding these requests without a clear process, or if you want to make sure your IT setup reflects the culture you’re trying to build, we’d be glad to talk.

Contact Us

We'd love to chat about how we can help your business. We'll reach out soon to set up a time.
Back to Blog