My company manages the networks for over 100 small/medium businesses in our area.
I am the lead admin on 8 of them. I maintain day to day operations on the servers (37 of them now!), networks, printing, desktops, applications and such.
I have customers that won't let me see some of their data. But it's these same people who won't let anybody see it. Which makes me wonder what happens if they get hit by a bus. It makes me wonder if there is a secure backup happening, since they won't even put this info on the network.
I think the real reason is so that nobody can check her work and see if she's embezzling. I wouldn't be able to find that out, but if she lets the stuff onto the network, somebody else might figure it out, so it stays hidden.
Most of the time our problem is that the customer doesn't want to know about the security risk in their organization, much less from anybody else.
These guys have passwords that are 9 years old for their administrator account, and they won't change it. OUR admin account's password changes regularly, but Administrator or root's passwords stay the same in perpetuity.
If you outsource the IT stuff, make sure you're still admin. Make sure you're getting all of the emails from the backups, the network monitoring tools, the array controllers, etc. If they hide that stuff, start worrying.