~3-page information security policy template on assurance.
 
Simply put, assurance requirements reflect the risks associated with information.
 
The policy specifies appropriate assurance measures (e.g. reviews, tests and audits) to reduce the uncertainties associated with information security controls.  Procedural controls, for instance, are only effective if properly specified and followed in practice.   Management oversight and supervisory checks can both measure and improve conformity (in the sense of 'that which is monitored and measured gets done').
 
Supplied as an MS Word document, readily customised for your organisation's specific situation.