I admit it. This post is inspired by a post with a similar name by my good friend and occasional debate partner, Richard Chambers: 10 Red Flags Your Internal Audit Function May Be Losing Ground. Have a look if you haven’t already read it. He makes some very good points. Here are his ten red […]| Norman Marks on Governance, Risk Management, and Internal Audit
Before I explain the mantra in the title of this blog post, I want to review some basics. 1. Boards and the CEO measure success based on the achievement of objectives. Some say those objectives are…| Norman Marks on Governance, Risk Management, and Internal Audit
I would say that most IT auditors and CAEs are familiar with pre-implementation reviews. These are audit engagements designed to proactively work with management when there are system implementations. They provide assurance, advice, and insight on the effectiveness of the internal controls and security that will exist when the system is live. Pre-implementation reviews are […]| Norman Marks on Governance, Risk Management, and Internal Audit
My thanks and congratulations to Alexander Ruehle for his post this week on LinkedIn: Internal audit has just been audited by internal auditors. Why do I ask whether the profession and the IIA are at a crisis point? Consider that according to the IIA’s own Vision 2035 (and his post): 48% still view Internal Auditors […]| Norman Marks on Governance, Risk Management, and Internal Audit
Companies across the world are changing. Some are changing in response to changes in the economy, while others are changing in response to changes in technology. The point is that they are changing. That is not a surprise as we are hearing about layoffs and changes in direction all the time. For example: SAN FRANCISCO, […]| Norman Marks on Governance, Risk Management, and Internal Audit
I am going to look into my AI-enabled crystal ball and imagine the world of the future (the not-too-distant future) decision-maker. Then I will look again to see what the risk practitioner and the …| Norman Marks on Governance, Risk Management, and Internal Audit
Many years ago, my friend Ed Hill, a Managing Director with Protiviti at the time, coined the expression “there is no such thing as IT risk. There is only business risk.” Yet, people still talk about quantifying cyber risk in a silo. They talk about “risk to information assets” instead of risk to the achievement […]| Norman Marks on Governance, Risk Management, and Internal Audit
One of my audit committee members once told me that when he thinks of a model internal auditor, he thinks of me. I wasn’t sure how to take that! I know he meant it as a compliment, but while my business card might say that I was in charge of the internal audit function, that […]| Norman Marks on Governance, Risk Management, and Internal Audit
I recently discovered how some people are projecting that AI will transform the work of corporate counsel. Yes, there are several on how it will transform the work of the law firms, but I am concer…| Norman Marks on Governance, Risk Management, and Internal Audit
When I started writing this post, Microsoft Word offered to help. Its AI asked what I wanted to write about and then developed a draft that had some excellent content. It wasn’t what I wanted to write, but I am going to steal some excellent parts starting with: Ask the average person about internal auditors, […]| Norman Marks on Governance, Risk Management, and Internal Audit
Politicians in the US (at least on one side of the aisle) love to talk about “waste, fraud, and abuse”. How big is it? Google AI tells us: Estimates of the financial impact of waste, fraud, and abu…| Norman Marks on Governance, Risk Management, and Internal Audit
I am all in favor of being resilient. Gemini Ai tells us: Resilience is the ability to adapt to and recover from adversity, trauma, tragedy, threats, or significant sources of stress. One of my res…| Norman Marks on Governance, Risk Management, and Internal Audit
A few years ago, the IIA published an Internal Audit Assessment Tool for audit committees. I think it is one of their best products. The guide suggests asking these big-questions first. (I have hig…| Norman Marks on Governance, Risk Management, and Internal Audit
Richard Chambers and I go back many decades, first as colleagues and then as friends, and we have great mutual respect. While we often appear to disagree, that is more often than not in our choice …| Norman Marks on Governance, Risk Management, and Internal Audit
A recent article by Carol Williams of Strategic Decision Solutions carried this title and had some wisdom to share. For example, she said: Enterprise risk assessment can be defined as: “the practic…| Norman Marks on Governance, Risk Management, and Internal Audit