I suggest that you give access to BO Administrators to LaunchPad as fail safe 1. Then set up the security to the CMC as suggested by bdreed35 above as fail safe 2. Then make sure you Administrator password is known only by the official BO Administrators as a fail safe 3. In theory standard users will still be able to access the Admin Tools in the LaunchPad, but (for example) Schedule Manager - I suspect what they can, and cannot do within that function will still be driven by their user profile rights. So If they can schedule report 1 in folder A in InfoView, they will be able to do it in the Schedule manager. Thus no difference, and your Internal Auditors should not have a problem with that...?
EO
Hertfordshire, England