This message was posted by a user wishing to remain anonymous
I am restructuring our VMP and was hoping you could share the frequency with which you conduct ongoing due diligence/risk assessment reviews. We plan to do annual review on those rated tier 1 (Critical) but would like some feedback on what everyone else does for those rated non-critical; do you all following the standard 1 year, 2 year, 3 year...etc. model or have you found it beneficial to do some of the other reviews at a different frequency?
Thank you in advance