The “Trust, but Verify” model has become the gold standard process in third party assessments. The “Trust” component of the model is typically facilitated through a query instrument (e.g., a questionnaire), a means by which the outsourcer can obtain the third party’s statement about its control environment, at a detailed level if desired. The “Verify” component of the model has two primary parts which are interrelated: 1) Initial Onsite/Virtual Assessments; and 2) Ongoing Monitoring. Ongoing Monitoring, in turn, has two component parts: a) Periodic Ongoing Monitoring; and b) Continuous Monitoring.
