In this episode of The Third Party Risk Institute Podcast, we sit down with Shagen Ganason, Group Chief Auditor at Levera Group, to explore the evolving role of internal audit, the impact of regulatory diversity, and why third-party accountability can never be outsourced. With over 30 years of leadership experience across insurance, banking, aviation, manufacturing, and the public sector, and having worked in seven countries, Shagen brings a rare global perspective to audit, risk, and governance.

Drawing on his books The Storyteller’s Ledger and The Auditor’s Secret Weapon, Shagen shares how communication, storytelling, and cultural adaptability are becoming essential skills for auditors and risk leaders. He also highlights why regulators in regions like the GCC are moving fast on cybersecurity, outsourcing oversight, and financial crime risks, and what that means for boards and executives.

What we cover in this episode:
• The three dimensions of modern internal audit: assurance, advisory, and strategic oversight
• How principles-based vs. prescriptive regulations shape audit and compliance practices across countries
• Building resilience through risk culture, and why it looks different in New Zealand, Korea, and the Middle East
• The link between risk appetite and corporate strategy, and how boards translate it into actionable decisions
• Concentration risk, fourth-party dependencies, and why cloud reliance creates hidden exposures
• Why accountability for third-party risk can never be outsourced, and how boards and auditors should address it

You’ll walk away with practical guidance on:
• Communicating audit findings through storytelling that sticks and drives action
• Aligning audit plans with organizational strategy and risk appetite
• Building credibility and independence while maintaining strong business relationships
• Understanding how regulatory diversity and cultural context influence governance effectiveness

This episode is perfect for:
• Chief Audit Executives, CROs, and Board Members
• Internal Audit, Compliance, and Risk Professionals
• Procurement and Vendor Risk Leaders facing regulatory scrutiny
• Anyone looking to strengthen their understanding of risk culture, assurance, and third-party accountability

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com

In this episode of The Third Party Risk Institute Podcast, we take a deep dive into the three landmark regulations set to redefine cybersecurity and third-party risk management (TPRM) in 2025:

• DORA (EU Digital Operational Resilience Act) – binding requirements for financial institutions and ICT providers, including detailed vendor contract clauses, unrestricted audit rights, and concentration risk analysis.
• NIS2 Directive – expanding cybersecurity obligations across 18 critical sectors with strict incident reporting timelines, supplier security expectations, and senior management accountability.
• U.S. SEC Cybersecurity Disclosure Rule – mandating public companies to disclose material cyber incidents within four days and report annually on vendor cyber risk management practices.

Together, these regulations signal a global shift: cyber resilience and third-party risk oversight are now board-level imperatives.

What we cover in this episode:
• Key contract clauses and due diligence steps required by DORA
• How NIS2 expands supply chain risk accountability beyond finance
• Why SEC rules make vendor cyber incidents investor disclosures
• Practical ways to embed vendor oversight into enterprise risk programs
• Actionable steps for CROs, CISOs, and TPRM teams to stay compliant

You’ll walk away with practical guidance on:
• Performing a regulatory gap analysis across DORA, NIS2, and SEC rules
• Updating vendor contracts with notification, audit, and cooperation clauses
• Building a structured supply chain security program aligned with ISO 27001 and NIST CSF
• Preparing disclosure processes and templates to meet SEC 8-K reporting deadlines
• Using certifications like C3PRMP to build in-house expertise and demonstrate readiness

This episode is essential listening for:
• Chief Risk Officers, CISOs, Vendor Risk Managers, and Procurement Leaders
• Cybersecurity, Compliance, and Audit Professionals
• Board Members and Executives overseeing enterprise resilience

By embracing these regulatory changes, you won’t just avoid penalties, you’ll strengthen trust, enhance resilience, and gain a competitive edge in today’s interconnected economy

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com

Contracts are often seen as the backbone of third-party relationships, but are they really protecting your organization from risk? In this episode, Linda Tuck Chapman sits down with Lawrence Kane and Jeanette Nyden to explore how contractual terms, governance, and negotiation strategies shape third-party risk management in practice.

You’ll walk away with practical guidance on:
• Understanding why risk cannot be fully “transferred” and what controls actually work
• Embedding business continuity, resilience, and performance obligations into contracts
• Navigating liability limits, indemnities, and warranties with real-world examples
• Knowing when to renegotiate, amend, or exit contracts responsibly
• Aligning procurement, legal, and risk functions for stronger vendor oversight

This episode is perfect for:
• Contract Managers, Procurement Leaders, and Vendor Risk Managers
• Third-Party Risk, Compliance, and Governance Professionals
• Legal, Audit, and Operations Executives dealing with complex supplier contracts
• Anyone responsible for protecting their organization from contract-related risk exposure

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com

In this episode of The Third Party Risk Institute Podcast, host Linda Tuck Chapman sits down with Stanley Lee, CEO and Founder of Net Switch, to explore how artificial intelligence (AI) and cybersecurity are transforming third-party risk management (TPRM).

With decades of experience in global technology, cyber governance, and workforce development, Stanley shares real-world lessons on how organizations can strengthen defenses, reduce vulnerabilities, and prepare for regulatory expectations. Together, we break down how AI tools, software bills of materials (SBOMs), and augmented intelligence (“human in the loop”) are changing the way businesses safeguard critical vendor relationships.

What we cover in this episode:
• Why CEOs remain uncertain about cybersecurity priorities and investment levels
• The role of AI in anomaly detection, false positive reduction, and continuous monitoring
• How to integrate SBOMs and penetration testing into your third-party oversight
• The importance of model risk management and independent validation of AI models
• Lessons from Target, SolarWinds, and Log4j for today’s supply chain and vendor oversight
• Building guardrails for ethical AI, governance, and executive decision-making

You’ll walk away with practical guidance on:
• Applying “trust but verify” to third-party AI solutions
• Defining KPIs that link cybersecurity investment to risk appetite
• Leveraging open-source tools and frameworks like MITRE ATT&CK for continuous resilience
• Becoming the “human in the loop” to ensure accountability and critical oversight

This episode is perfect for:
• Chief Risk Officers, CISOs, and Vendor Risk Managers
• Cybersecurity and Procurement Leaders
• Compliance, Audit, and Governance Professionals
• Anyone responsible for securing third-party ecosystems in highly regulated industries

If you like reading, check out our full blog post on AI, cybersecurity, and third-party resilience here: https://thirdpartyriskinstitute.com/modernizing-third-party-risk-management-with-ai/

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com

In this episode of The Third Party Risk Institute Podcast, we explore how artificial intelligence is revolutionizing third-party risk management (TPRM) by shifting from outdated, static assessments to continuous, real-time monitoring. With third-party data breaches projected to impact over 60% of companies by 2025, this transformation is no longer optional it’s a regulatory and operational necessity.

Drawing from global regulatory trends, case examples, and emerging best practices, we break down how AI-powered TPRM enables organizations to detect issues faster, map fourth-party dependencies, assess ESG risks, and build resilience into complex supply chains. You’ll hear how machine learning, natural language processing, and anomaly detection are enhancing due diligence, automating risk scoring, and integrating real-time risk intelligence into procurement and governance.

What we cover in this episode:
• Why traditional annual vendor assessments no longer work in today’s fast-moving threat environment
• How AI enables continuous monitoring and dynamic risk scoring
• Techniques to map and manage fourth-party and concentration risk
• Integrating ESG risk into TPRM programs
• Key regulatory drivers including DORA, the EU AI Act, APRA CPS 234, and U.S. Interagency Guidance
• Best practices for AI governance and human oversight

You’ll walk away with practical guidance on:
• Building an integrated data foundation for continuous monitoring
• Selecting and deploying AI-enabled TPRM platforms
• Aligning your TPRM program with evolving global regulations
• Avoiding pitfalls like poor data quality, false positives, and AI overreliance

This episode is perfect for:
• Chief Risk Officers, Vendor Risk Managers, and Procurement Leaders
• Cybersecurity, Compliance, and Audit Professionals
• ESG, Sustainability, and Governance Specialists
• Anyone tasked with safeguarding critical third-party relationships in regulated industries

If you like reading, check out our full blog post on Modernizing Third Party Risk Management with AI here: https://thirdpartyriskinstitute.com/modernizing-third-party-risk-management-with-ai/

🎧 Enjoying the podcast?
Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com

📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd.

📬 Have a question or topic you'd like us to cover?
Email us at: info@thirdpartyriskinstitute.com