Key points

• Introduction [00:00–00:00:38]
• What Is Fourth-Party Risk? [00:00:38–00:01:52]
• Evolution of Risk and Offshoring Trends [00:01:52–00:02:32]
• Mitigating Fourth-Party Risks [00:02:32–00:03:47]
• Steps for Maturing a Vendor Risk Program [00:03:47–00:04:50]
• The Challenge of Shadow IT [00:04:50–00:05:54]
• Data Mining and Continuous Monitoring [00:05:54–00:06:59]
• Beyond the SOC Report [00:06:59–00:08:27]
• Getting Started Without Tech [00:08:27–00:09:32]
• Cybersecurity as a Starting Point [00:09:32–00:10:44]
• Educating the Audit Committee [00:10:44–00:12:00]
• Real-Time Monitoring and Vendor Audits [00:12:00–00:13:09]
• Misconceptions About Outsourcing Risk [00:13:09–00:13:56]
• Preparing for the Future [00:13:56–00:15:32]
• Pitfalls in Contracting [00:15:32–00:16:38]
• First Step for New Audit Functions [00:16:38–00:17:12]
• Aligning with Organizational Risk Priorities [00:17:12–00:18:36]
• Getting Executive Buy-In [00:18:36–00:20:06]
• Supporting Smaller Audit Shops [00:20:06–00:21:14]
• Final Advice [00:21:14–00:21:58]