Do you know what your Administrator passwords are? Do the IT people? I have been working with companies for years and they often share the Administrator passwords with several technical people or, in some cases, several of them. This is a bad model. Regular IT folks do not the company bank account numbers and they do not need these passwords.
It is true they may need Administrator level access but they do not need the password. Keeping this at the executive and higher level is not only smart but it is basic in risk mitigation.
On the reverse, executives need to make sure they have all the passwords for administrator level accounts. You also need to make sure you know every single user who has administrator level rights. During a recent security assessment we found a low level user has full access to the entire domain because of testing done years earlier.
Starting with the basics in security is the beginning of reduced risk for partners and executives.
