Administrators security training

[s0h0us () yahoo com]

As ISO I put together trainig material as part of security awaress for staff and customers. I am in the proces of 
creating an information security training presentation for individuals, outside the IT department, who have 
administrative responsibilities for internal applications and web portals. (don't ask) These are not necessarily 
extremely technical people, so it is a high level presentation that will require some additional support from IT staff 
as well. Below is a list of topics I'm planning on covering. Any others you can suggest would be greatly appreciated:

General responsibilities as an admin (privileged access, become familiar with security controls, stronger requirements 
for account passwords and expirations, point out application weaknesses and suggest ways to mitigate)
How to perform entitlement reviews(identify users and "need to know", periodic review of users, minimize number of 
admin users, etc)
How to review reports and application logs
Documentation/procedures for creating, deleting, and modifying accounts)
I have also developed a checklist that includes questions like: is the application accessible from non private 
networks, password and account requirements, bcp documentation, backup of data, dormant account reviews, session 
timeouts, etc)

thanks for the feedback
happy security awareness month!!