please write recommendstion to mitigate the risk for the issues

Internal Audit division of Company ABC performed an audit for Billing system (aka BRS system) of the company and identified following issues:

Finding 1: BRS system does not enforce users to rotate their passwords periodically which is required by company's access policy. As a result, user credentials can be obtained by unluthorized users which can lead to unauthorized access.

Finding 2: For the changes made to BRS system, the company's change management procedures is not followed consistently. For 8 out of total 20 samples selected during audit testing, it's been identified that the appropriate approvals are not obtained per the procedures. As a result, unauthorized changes might be migrated into production environment.

Finding 3: BRS system does not have separate test and development environments. As a result, developers can modify the application the code during the testing which might jeopardize the quality of software testing.

Finding 4: BRS system allows same user to submit a billing credit request and approve it. As a result, an segregation of duties (SOD) conflict might occur which can lead to fraudulent approval of credit requests.