EPISODE · Jul 31, 2025 · 50 MIN
The TPRM Tug-of-War: Trust, Tools, and the AI Tradeoff
from GRC Uncensored
This week, the crew sits down with Henry Stanley—founder of Fabrik and engineer-turned-GRC troublemaker-to dig into the messy reality of third-party risk management (TPRM). With experience across fintech, startups, and security consulting, Henry brings a pragmatic but optimistic view of how the industry can move forward.From the limits of SOC 2 and the myth of standardization to the risks and rewards of AI-powered questionnaires, the group unpacks why TPRM is so fragmented—and why that’s not necessarily a bad thing. They also get real about AI in audits, the future role of assurance professionals, and why human connection still matters.06:30 – Why TPRM Is Fragmented by Nature09:00 – SOC 2 Isn’t Enough (And Never Was)13:30 – Does Anyone Really Trust Audit Reports?17:30 – Blacklists, Quality Checks & the SOC 2 Vibe Check20:00 – The Rise of AI in Vendor Assessments25:30 – AI Answers vs. AI Confidence28:30 – Auditing the Auditors (and Their AI)32:00 – Reasonable Assurance in an AI World35:30 – Skepticism, Trust, and Human-in-the-Loop Auditing38:00 – Does AI Kill Creativity? A Side Quest44:00 – Will TPRM Be Agent-to-Agent in the Future?Guest: Henry Stanley, Founder of Security Program.ioHosts: Troy Fine, Kendra CooleyProducer: Elliot VolkmanRuntime: ~56 minutes Hosted on Acast. See acast.com/privacy for more information.
What this episode covers
This week, the crew sits down with Henry Stanley—founder of Fabrik and engineer-turned-GRC troublemaker-to dig into the messy reality of third-party risk management (TPRM). With experience across fintech, startups, and security consulting, Henry brings a pragmatic but optimistic view of how the industry can move forward.From the limits of SOC 2 and the myth of standardization to the risks and rewards of AI-powered questionnaires, the group unpacks why TPRM is so fragmented—and why that’s not necessarily a bad thing. They also get real about AI in audits, the future role of assurance professionals, and why human connection still matters.06:30 – Why TPRM Is Fragmented by Nature09:00 – SOC 2 Isn’t Enough (And Never Was)13:30 – Does Anyone Really Trust Audit Reports?17:30 – Blacklists, Quality Checks & the SOC 2 Vibe Check20:00 – The Rise of AI in Vendor Assessments25:30 – AI Answers vs. AI Confidence28:30 – Auditing the Auditors (and Their AI)32:00 – Reasonable Assurance in an AI World35:30 – Skepticism, Trust, and Human-in-the-Loop Auditing38:00 – Does AI Kill Creativity? A Side Quest44:00 – Will TPRM Be Agent-to-Agent in the Future?Guest: Henry Stanley, Founder of Security Program.ioHosts: Troy Fine, Kendra CooleyProducer: Elliot VolkmanRuntime: ~56 minutes Hosted on Acast. See acast.com/privacy for more information.
NOW PLAYING
The TPRM Tug-of-War: Trust, Tools, and the AI Tradeoff
No transcript for this episode yet
Similar Episodes
Jun 23, 2026 ·10m
Jun 22, 2026 ·107m
Jun 22, 2026 ·31m