If I was a consultant for a small local enterprise (an accounting office) who is having issues with implementing the right set of controls to avoid malicious activity from insid and outside the business and segregation of duties and data integrity is important to them, what recommendations should I make to help keep their business secure and their data safe?