If they answered NO to any of these questions, it is a potential security risk and should seek advice and method to remove the unknown application(s).

The point I am trying to make, is while we train our managers to be more aware of security practices, the enforcement of application security can be done with readily available data from the Asset Database. With the right ingredients (tool, process, and people), and you have increased the value of your IT Asset Management and Security Management.