another thing you might want to check to expound on Peter's answer... you might want to get very database intrusive, which users are granted what rights, who are given write access to what tables, does everyone have read write access?? also who are permitted to add rows outside of the database admins, what procedures do you follow before making a change to database, do they have a change control policy in place? especially if this is a financial database, you want to get as intrusive as possible because the auditors will show no mercy.
... View more