A journey through the development and implementation of a robust third-party risk management program