Internal audit, external audit, compliance assurance, QA reviews and independent reviews. Findings here are isolated from operational monitoring so the 3LoD audit trail is independently defensible.