Managing Application Security

We (as analysts) have to assign user/password security to various clinical and financial applications at our hospital. Therefore, each analyst is assigning security in their own way (no policies). Is there any article/info. out there that explainshow to help manage security to applications (ie. policies to ensure consistency is assigning security, make sure inactivate users logins are deleted)? We are trying to establish an internal policy to handle this (as at this time we can not hire a security administrator).