Norman Marks on Governance, Risk Management, and Audit
127 FOLLOWERS
A blog by Norman Marks on governance, risk management, and audit. He shares daily news and opinion on topics that are interesting to governance, risk, audit, and other professionals.
Norman Marks on Governance, Risk Management, and Audit
2d ago
I have been open for years about my preference for the ISO:31000 global risk management standard over the COSO products. (I first explained my position at Alex Dali’s ISO 31000 Conference in Paris in 2011.) Back then, we had the 2009 version, which included a definition of risk and a set of principles. The definition ..read more
Norman Marks on Governance, Risk Management, and Audit
1w ago
I had a lot of fun writing my new novel. Hopefully people will pick it up and enjoy it as well. You can find it on Amazon in both paperback and e-reader form: Mystery in (garbled) As a bonus and because it’s my birthday next week, I have discounted my first novel (e-reader form) to ..read more
Norman Marks on Governance, Risk Management, and Audit
1w ago
It’s shocking, but it’s the truth. Multiple news organizations reported this month that the UK’s Lloyds Banking Group is going to make significant cuts in its risk management function. Background: Lloyds is one of the largest banks in the UK with revenue of £28 billion and next income of just under £5 billion. It has ..read more
Norman Marks on Governance, Risk Management, and Audit
1w ago
The release of the draft Cybersecurity Topical Requirement for public comment has sparked some very serious negative reactions from thought leaders (notably on LinkedIn). I agree with many of their comments. My overriding concern is whether the IIA is leading the profession in the right direction. Is it leading practitioners to provide stakeholders with the ..read more
Norman Marks on Governance, Risk Management, and Audit
2w ago
I congratulate José David Pino for his brave attempt to call attention to ineffective risk management in his article for the IIA’s magazine, On the Frontlines: How Mature is Your Risk Management? He correctly reports something I earlier shared in a blog post: In the 2023 report, The State of Risk Oversight: An Overview of Enterprise ..read more
Norman Marks on Governance, Risk Management, and Audit
2w ago
I believe every internal audit executive would agree with me that our independence from management is critical. We need to be able to operate without undue interference from management. That means that they are not able to stop or change our audit reporting, our opinions, or our assessments. It also means that they cannot stop ..read more
Norman Marks on Governance, Risk Management, and Audit
3w ago
I have written a lot over the years about risk appetite and the value of risk appetite statements, both here on this blog and also in my books, especially World-Class Risk Management (2015) and Risk Management in Plain English: A Guide for Executives, Enabling Success through Intelligent and Informed Risk-Taking (2018). I am going to ..read more
Norman Marks on Governance, Risk Management, and Audit
3w ago
For 13th years, the Association of Certified Fraud Examiners (ACFE) has shared with us the results of their annual survey, with the latest being Occupational Fraud 2024: A Report to the Nations. I have been reading and commenting on their reports for years and you can find a few blog posts here using the Search ..read more
Norman Marks on Governance, Risk Management, and Audit
3w ago
This may be an odd question to ask, but as a leader of internal audit and risk management it was an important issue for me. While there is so much talk about artificial intelligence, I believe it is far more important to optimize human intelligence! Where we sit affects: Our ability to know what is ..read more
Norman Marks on Governance, Risk Management, and Audit
1M ago
I have been invited to comment on the draft Code of Practice from the Chartered Institute of Internal Auditors (the UK affiliate of the IIA). You can find it here. Take the time to review it. This is an important document not only because of its potential impact on internal auditing in the UK, but ..read more