1 Document your department’s internal controls, everything from what role each employee fills to what you do when you lose the key to the server closet.
2 Make sure that employees have authorization only to systems that are consistent with their specific roles.
3 Identify areas where information is processed, manipulated or reconciled by hand, and make sure that there are checks in place to catch errors or inconsistencies.
4 Examine the existing IT infrastructure to see if there are controls in systems that are not turned on or if there are systems in place that could be used to automate tasks that are currently manual. -B.W.