We are looking to build in some scheduled probity checks into general information security assurance across our internal network, focusing on network accounts, devices and general permissions.
One of the basic checks that normally highlights problems (and therefore adds value) is checking a list of enabled AD accounts to a list of employees who have left the organization in the past X days/weeks, to flag those whose accounts should have been disabled.
Another basic check has been to check any employees who have changed roles within the company, and were their group memberships updated accordingly, so they no longer have access to shared directories that were only appropriate in their previous role.
Can you think of any more of the basic data security/access/housekeeping probity checks of this nature that you feel would be beneficial and likely to flag issues (common mistakes/misconfigurations in this area etc)? The tests don't have to be limited to Active Directory and file server permissions, but they are often common source of problems so if we could expand the list of 'spot checks' that would be great.