1. Failure to segregate duties within applications, and failure to set up new accounts and terminate old ones in a timely manner.
2. Lack of proper oversight for making application changes, including appointing a person to make a change and another to perform quality assurance on it.
3. Inadequate review of audit logs to ensure that not only were systems running smoothly but also that there was an audit log of the audit log.
4. Failure to indentify abnormal transactions in a timely manner.
5. Lack of understanding of key system configuration.