* Create a process that is documented at each step and holds each stakeholder accountable.
* Where possible, express requests in terms of business need, rather than in narrow IT terms.
* Have a team that evaluates requests in terms of adherence to corporate policy.
* Conduct both business- and technology-based risk assessments. Implementation should be dependent on passing the risk assessment.
* Test implementation for final sign-off by both IT and the business owner.