Praefectus

TRUST, BUT VERIFY (2026-07-13)

Why visibility, assurance and evidence matter

In 1987, during negotiations between the United States and the Soviet Union on nuclear disarmament, President Ronald Reagan repeatedly used a Russian proverb that had been shared with him by historian Suzanne Massie, and which later became globally known as: "Trust, but verify."

It was a simple phrase, but it captured something fundamental about high-stakes relationships. The United States and the Soviet Union did not establish verification mechanisms because they necessarily trusted each other; rather, they did so because the consequences of being wrong were simply too significant to accept. Trust alone was never enough. Verification was essential.

Nearly four decades later, that same principle extends far beyond Cold War diplomacy. It speaks directly to the way modern organisations function, where a similar tension exists -- not between superpowers -- but between boards and management, organisations and stakeholders, and ultimately between what is reported and what is actually occurring in the organisation. This phrase also serves as a timely reminder of why visibility, assurance and proper evidence matter in contemporary governance.

The hidden chain of trust

Modern organisations are expected to operate on the basis of trust, and that expectation is not merely philosophical, it is a practical necessity. Stakeholders place confidence in boards, boards rely upon management, investors depend upon disclosures, regulators rely upon reporting, customers trust organisational claims, and assurance providers evaluate information generated throughout the organisation. Collectively, these relationships form an intricate chain of trust that allows organisations and markets to function without every activity being independently verified.

There is nothing inherently wrong with this approach. Indeed, without trust, organisations would become unworkable. Decision-making would slow down dramatically, markets would struggle to function efficiently, and collaboration across increasingly complex organisations would become almost impossible. The more important question, however, is not whether trust exists, but upon what basis that trust is founded. How much of what is accepted as good governance is based upon direct organisational insight, and how much rests upon assumptions derived from reports, representations and assurances?

Although governance influences every level of an organisation, much of the discussion surrounding governance remains concentrated within boardrooms, executive meetings, audit committees and assurance functions. Employees experience governance every day through policies, delegated authorities, controls and procedures, yet relatively few participants have visibility into the broader governance system that gives rise to these organisational disciplines.

The governance gap

This leads to a simple, yet uncomfortable, observation. Boards assume governance exists, they believe governance exists, and they report that governance exists. But can they actually see it operating throughout the organisation?

This question is not directed at policies, governance frameworks or committee structures. Nor is it answered solely through board reports or assurance summaries. Rather, it concerns the operational reality of how governance is being implemented, embedded, monitored and evidenced across the organisation.

This is rarely a question of intent. Most boards are diligent, their intentions are honourable, and many are deeply committed to fulfilling their governance responsibilities. Similarly, many organisations have well-designed governance frameworks that are appropriately documented and regularly reviewed. And yet, despite all of this, governance failures continue to emerge in organisations that, on paper, appeared to be well governed and controlled.

Perhaps, therefore, the issue is not whether governance exists, but whether sufficient organisational visibility exists to demonstrate that governance is being consistently implemented, embedded within the organisational culture, operating effectively, and supported by objective evidence by those who are responsible for it.

Trust and the compounding effect of assumptions

Assumptions seldom emerge suddenly. More often than not, they accumulate gradually. For example; a board paper is accepted because it has already passed through management review, an audit finding is accepted because appropriate testing has been undertaken, a public disclosure is accepted because several internal functions have reviewed its contents, and an assurance opinion is accepted because recognised methodologies have been applied.

Individually, each of these assumptions appears entirely reasonable. In fact, each one is necessary for organisations to function. But collectively, something more subtle begins to happen over time. Assumptions begin to compound across the organisation’s ecosystem, and trust is extended repeatedly from one party to another until very few participants have direct visibility into the underlying reality being governed. Then when governance failures eventually surface, the reaction is often the same: how did so many people not see this coming? The answer, perhaps, to this important question is whether anyone -- at any point in the chain of command -- actually had sufficient visibility to recognise it in the first place?

Blind trust versus informed trust

It is important to be clear that trust within the organisation itself is not usually the problem. Organisations cannot function without it, and no governance system can operate effectively in an environment of constant suspicion or perpetual verification.

The real issue arises when trust becomes detached from objective evidence, and when assumptions are accepted without meaningful visibility, challenge, or verification. This is what can be described as ‘blind trust’, and history is full of examples where governance breakdowns were not triggered by a single catastrophic decision. Far more commonly, they arise through the gradual accumulation of assumptions that were never adequately tested over time.

In these situations policies and structures existed, reports were produced and assurance activities were undertaken. Yet reality slowly diverged from representation until the gap between the two became too large and impossible to ignore. This is precisely why modern governance frameworks place such emphasis on accountability, transparency, oversight and assurance. These disciplines do not exist for procedural convenience; they exist because trust, on its own, is not a control mechanism. It is a belief system, and belief without demonstrable evidence remains inherently fragile.

A simple analogy: The loaf of bread

Consider something as ordinary as purchasing a loaf of bread from a supermarket. Few consumers ever pause to question the claims appearing on its packaging. Yet a closer examination immediately raises important questions. How do we know the ingredients have been accurately declared? How do we know manufacturing standards have been met? How do we know supplier declarations are reliable?

The answer, of course, is that very few people know directly. Instead, confidence is created through a network of inspections, testing protocols, certification processes, regulatory oversight, quality controls and structured accountability mechanisms that collectively protect both the product and the reputation of the organisation behind it.

Trust exists because verification exists alongside it. Modern governance should be no different.

Combined assurance and the governance question

Inside organisations, a system of verification exists through multiple mechanisms, including; competent leadership, risk management, compliance functions, legal oversight, internal audit, external audit, quality assurance, and other lines of control. Collectively, these mechanisms are often described as combined assurance. However, at its core, combined assurance is really attempting to answer a much simpler and more fundamental question: how do we know that which we believe to be true, is actually true?

And once that question is fully appreciated, it becomes evident that this is not merely an audit question or reporting concern. It is fundamentally a governance question that sits at the heart of organisational integrity.

Visibility: The missing link

Many governance failures are not primarily caused by the absence of frameworks, policies, or structures, but rather by something more subtle and more difficult to detect, namely a lack of insufficient insight into whether governance is actually operating as intended. Reports of varying nature may indicate that governance is in place, disclosures may communicate compliance, and assurance providers may confirm specific aspects of control effectiveness, yet none of these, in isolation, necessarily demonstrate that governance has become embedded throughout the organisation.

True visibility extends beyond observation. It encompasses implementation, organisational adoption, continuous monitoring, measurable performance, and objective evidence that governance principles are operating consistently across the enterprise.

Without that depth of visibility, governance becomes something that is inferred rather than demonstrated. And what is inferred can gradually drift away from what is actually occurring.

Visibility is foundational to credibility and resilience

Trust has always been fundamental to organisational life. What must continue to evolve is not the existence of trust itself, but the basis upon which trust is established. Organisations increasingly require informed trust - confidence supported by visibility, assurance, objective evidence and verification.

When these elements operate together, trust becomes more resilient because it rests not merely upon confidence, but upon demonstrable organisational capability. It is strengthened through what can be observed, measured, monitored and, where necessary, independently verified.

Visibility, therefore, does not replace trust. It gives trust its credibility.

END

Words: 1,430

For further information contact:

Terrance M. Booysen (CGF: Chief Executive Officer) - Cell: +27 (0)82 373 2249 / E-mail: [email protected]
Jené Palmer (CGF: Director)) - Cell: +27 (0)82 903 6757 / E-mail: [email protected]
CGF Research Institute (Pty) Ltd - Web: www.cgfresearch.co.za

Follow CGF on X: @CGFResearch

Click below to read more...

Share Article

Scroll to Top