Make IAM a cross-business goal: Too many organizations push responsibility for IAM over to the IT department. Business processes that include all departments will make sure nothing falls through the cracks.
Solicit business involvement early: IT cannot solve the problem alone. They're the custodians and the business is the end-user. IT must engage with business and HR in lay language and find common denominators.
Go proactive, not reactive: Organizations that fix IAM problems after the fact are already out of compliance. Taking a proactive, not a reactive approach to preventing erroneous access in the first place keeps the organization in true compliance.
Create an identity warehouse: Thoroughly scrub identity information stored by all internal systems so there is easy reconciliation and clear visibility into access granted to employees.
Fix the controls: Deploy strict access controls during the onboarding process, then make sure they are followed throughout the employee's lifecycle to derive the most value from your identity and access management program.
Process, process, process: IT spends a significant portion of its time and budget on managing identities. IT and the business divisions can realize measurable benefits from implementing processes that drive down wasted time and money.
Go paperless: Going paperless with IAM liberates employees from the stacks of paper on their desks. An electronic IAM system can lighten the load across divisions by identifying holdups and speeding timelines.
Prevention is the key: Get away from the "putting out the fires" mentality. True process control means that fires are prevented.