The Third Party Risk Institute Podcast

Linda Tuck Chapman

Go beyond the headlines with The Third Party Risk Institute Podcast, the official podcast of Third Party Risk Institute. Each episode brings you into the room with top experts in third-party risk, cybersecurity, procurement, governance, and compliance. Hear how risk leaders tackle real-world challenges, share lessons learned, and stay ahead of evolving threats. We explore the strategies that work, the mistakes that teach, and the insights you won’t hear anywhere else. Perfect for risk professionals, procurement leaders, auditors, and decision-makers who want to lead with confidence. 🎧 Subscribe now, new episodes drop monthly on Spotify, Apple Podcasts, YouTube Music, and Amazon Music.

Episodes

  1. The Future of Third-Party Risk Management: AI, Resilience, Cyber Risk, and What Comes Next with Matthew Moog

    4d ago

    The Future of Third-Party Risk Management: AI, Resilience, Cyber Risk, and What Comes Next with Matthew Moog

    Third-party risk management is changing fast. For years, many organizations have relied on questionnaires, point-in-time assessments, manual workflows, and fragmented ownership across procurement, cyber, compliance, resilience, privacy, model risk, and business teams. But with AI, cyber ratings, data ecosystems, shared assessments, trust centers, regulatory pressure, and operational resilience expectations becoming more important, the future of TPRM is moving beyond traditional vendor due diligence. In this episode of the Third Party Risk Institute Podcast, Linda Tuck Chapman speaks with Matthew Moog, Principal of Risk Managed Services at EY, about where third-party risk management is heading and what risk professionals need to understand now. Matt shares lessons from his career across EY, TrueSight, and OneTrust, including the challenges of standardizing assessments, building shared third-party risk utilities, using data before sending questionnaires, and rethinking how organizations assess, monitor, and respond to supplier risk. This conversation explores some of the biggest issues facing risk, procurement, cybersecurity, compliance, and operational resilience teams today, including:  Why traditional third-party risk assessments are no longer enough  How AI and automation may change vendor risk management workflows  Why the future of TPRM depends on better data, not more questionnaires  The role of cyber ratings, trust centers, attestations, certifications, and standardized data  How organizations can reduce fragmented third-party risk processes  Why operational resilience, fourth-party risk, and dependency mapping are becoming critical  How DORA, regulatory expectations, and global financial services guidance are shaping TPRM  Why human judgment still matters in an AI-enabled risk environment  What risk professionals should focus on to build a stronger career in TPRM Matt also shares practical career advice for professionals entering or growing in third-party risk management, operational risk, cyber risk, vendor risk, and governance roles. This episode is essential listening for anyone working in third-party risk management, vendor risk management, supplier risk, operational resilience, cybersecurity risk, regulatory compliance, procurement, financial services risk, AI governance, fourth-party risk, or enterprise risk management. 🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com 📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd. 📬 Have a question or topic you'd like us to cover?  Email us at: info@thirdpartyriskinstitute.com

    54 min
  2. "Trust Path Failures" The Weakest Link in 2026: What Third-Party Risk Leaders Are Missing

    Apr 27

    "Trust Path Failures" The Weakest Link in 2026: What Third-Party Risk Leaders Are Missing

    The first four months of 2026 have already reshaped how organizations think about third-party risk. From regulatory pressure like Digital Operational Resilience Act to the rapid adoption of AI across vendor ecosystems, the gap between what organizations assess and what they actually understand is becoming more visible and more risky. In this episode, we break down what’s actually changed in third-party risk so far this year, not at a theoretical level, but based on real developments, regulatory shifts, and operational challenges organizations are facing right now. This is not a high-level conversation. This is a practical review of where programs are falling short and what needs to change. What We Cover in This Episode  Why traditional third-party risk models are failing in 2026  The growing disconnect between vendor assessments and real-world dependencies  How AI adoption is introducing new, unmeasured risks in third-party ecosystems  What regulators are actually expecting (and where organizations are still behind)  The rise of concentration risk, fourth-party risk, and infrastructure dependencies  Why business continuity assumptions are no longer holding up  What strong third-party risk programs are starting to do differently  Practical steps to rethink your approach, immediately Who This Podcast Is For  Third-Party Risk Managers  Vendor & Supplier Risk Professionals  Procurement Leaders  Operational Risk & Resilience Teams  Compliance and Audit Professionals  Anyone responsible for understanding how third parties impact business continuity and resilience If you’re responsible for third-party risk, this episode will help you step back and ask a harder question: 👉 Are you assessing vendors… or actually understanding your exposure? 🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com 📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd. 📬 Have a question or topic you'd like us to cover?  Email us at: info@thirdpartyriskinstitute.com

    20 min
  3. Why Most Risk Governance Systems Fail (And How to Fix Them) | GRC, Third-Party Risk & AI Risk

    Mar 12

    Why Most Risk Governance Systems Fail (And How to Fix Them) | GRC, Third-Party Risk & AI Risk

    In this episode of the Third Party Risk Institute Podcast, Linda Tuck Chapman speaks with Elina Moshkovich, an independent Governance, Risk, and Compliance (GRC) advisor based in Dubai, about one of the most overlooked areas of modern risk management risk governance systems. While many organizations invest heavily in risk frameworks, tools, and compliance programs, they often fail to address the governance structures that determine how decisions are made and how risks are escalated. Drawing on experience as a Chief Risk Officer and GRC advisor, Elina shares practical insights into how companies can design governance systems that actually work. In this conversation, we explore: • Why risk governance frameworks often fail inside organizations  • The connection between operational risk, third-party risk, and organizational strategy  • How governance gaps can create major risk exposures  • A real-world example of a vendor failure that could have been prevented with better governance  • Why risk culture and escalation practices are critical for protecting organizations  • The growing importance of third-party risk management in an interconnected economy  • The difference between principles-based regulations and prescriptive regulations like DORA  • How companies should start thinking about AI governance and acceptable AI use policies  • Skills and career advice for professionals entering risk management, compliance, and GRC roles This episode is particularly valuable for professionals working in: Risk ManagementGovernance, Risk & Compliance (GRC)Third-Party Risk Management (TPRM)Operational RiskCybersecurity RiskRegulatory ComplianceAs organizations become more dependent on external vendors, digital systems, and AI tools, effective governance is becoming the foundation of resilient risk management programs. 🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com 📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd. 📬 Have a question or topic you'd like us to cover?  Email us at: info@thirdpartyriskinstitute.com

    57 min
  4. DORA in 2026: What Changed in 2025 and What Third-Party Risk Teams Must Do Now

    Feb 2

    DORA in 2026: What Changed in 2025 and What Third-Party Risk Teams Must Do Now

    DORA is now in force, and the first full year of implementation (2025) revealed what’s working and where firms are still struggling. In this episode, Third Party Risk Institute breaks down the current state of DORA in 2026 with global takeaways for third-party risk, ICT risk management, incident reporting, resilience testing, and oversight of critical technology providers. We cover what organizations across financial services, tech, healthcare, and consulting did in 2025 to meet expectations, what best practices are emerging, and how risk professionals are adapting through stronger governance, better vendor visibility, contract upgrades, and more realistic testing programs. If you work in TPRM / vendor risk, operational resilience, cyber risk, procurement, compliance, or audit, this is a practical, high-level briefing you can apply immediately. Topics include: DORA pillars explained: ICT risk, incident reporting, testing, third-party risk, info sharingWhat “good” looks like in 2026 (and what still breaks under pressure)Critical vendor oversight and subcontractor / fourth-party visibilityCommon implementation gaps and how teams are closing themTools, operating models, and skills risk professionals are leaning onIf you are in DORA or are responsible for DORA, you can now get Certified via Certified DORA Practitioner (CDP) live stream training from Third Party Risk Institute. More details here: https://thirdpartyriskinstitute.com/dora/ 🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com 📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd. 📬 Have a question or topic you'd like us to cover?  Email us at: info@thirdpartyriskinstitute.com

    16 min
  5. Why One Vendor Can Shut Down Your Entire Business | A must know in 2026

    Jan 7

    Why One Vendor Can Shut Down Your Entire Business | A must know in 2026

    2025 reshaped how organizations view third-party cyber risk. In this deep-dive episode, we analyze the real incidents that caused operational shutdowns across healthcare, aviation, manufacturing, and financial services. You’ll hear how: The Change Healthcare ransomware attack exposed up to 190 million records and triggered a multi-billion-dollar disruptionJaguar Land Rover suffered a six-week global production halt due to a vendor cyber incidentAirlines faced airport gridlock after a single IT supplier failureCloud misconfigurations leaked millions of healthcare recordsStolen credentials and MFA bypass techniques accelerated account takeoversCLOP ransomware exploited zero-day vulnerabilities in file transfer and ERP systemsRegulators enforced DORA and NIS2 accountability for vendor riskAI-driven cyber attacks are emerging as the next threat waveThis episode connects cyber risk directly to business continuity, operational resilience, regulatory compliance, and vendor governance, critical insights for risk leaders, CISOs, compliance teams, procurement professionals, and third-party risk practitioners. 🎧 Listen to understand why vendor ecosystems now represent the single largest source of enterprise risk and what organizations must prioritize going into 2026. 🎧 Enjoying the podcast? Explore more resources, expert insights, and certification programs at www.thirdpartyriskinstitute.com 📱 Follow us on LinkedIn for real-world conversations and industry trends: Third Party Risk Institute Ltd. 📬 Have a question or topic you'd like us to cover?  Email us at: info@thirdpartyriskinstitute.com

    15 min
  • 5 Episodes

About

Go beyond the headlines with The Third Party Risk Institute Podcast, the official podcast of Third Party Risk Institute. Each episode brings you into the room with top experts in third-party risk, cybersecurity, procurement, governance, and compliance. Hear how risk leaders tackle real-world challenges, share lessons learned, and stay ahead of evolving threats. We explore the strategies that work, the mistakes that teach, and the insights you won’t hear anywhere else. Perfect for risk professionals, procurement leaders, auditors, and decision-makers who want to lead with confidence. 🎧 Subscribe now, new episodes drop monthly on Spotify, Apple Podcasts, YouTube Music, and Amazon Music.

Information

You Might Also Like