3 posts published by Norman Marks during September 2025| Norman Marks on Governance, Risk Management, and Internal Audit
AI is helping people across the extended enterprise in many ways. It is bringing efficiency, improved insights, and the ability to enhance products and customer services. Every day I am hearing about new uses. But I still worry that it can bring serious harm if we are not careful. Practitioners need to know how it […]| Norman Marks on Governance, Risk Management, and Internal Audit
What makes an ideal risk officer? Here are my thoughts on the most significant attributes. I welcome your thoughts. Has a deep understanding of the business, including its: Business processes Produ…| Norman Marks on Governance, Risk Management, and Internal Audit
I admit it. This post is inspired by a post with a similar name by my good friend and occasional debate partner, Richard Chambers: 10 Red Flags Your Internal Audit Function May Be Losing Ground. Have a look if you haven’t already read it. He makes some very good points. Here are his ten red […]| Norman Marks on Governance, Risk Management, and Internal Audit
Before I explain the mantra in the title of this blog post, I want to review some basics. 1. Boards and the CEO measure success based on the achievement of objectives. Some say those objectives are…| Norman Marks on Governance, Risk Management, and Internal Audit
5 posts published by Norman Marks during August 2025| Norman Marks on Governance, Risk Management, and Internal Audit
I would say that most IT auditors and CAEs are familiar with pre-implementation reviews. These are audit engagements designed to proactively work with management when there are system implementations. They provide assurance, advice, and insight on the effectiveness of the internal controls and security that will exist when the system is live. Pre-implementation reviews are […]| Norman Marks on Governance, Risk Management, and Internal Audit
My thanks and congratulations to Alexander Ruehle for his post this week on LinkedIn: Internal audit has just been audited by internal auditors. Why do I ask whether the profession and the IIA are at a crisis point? Consider that according to the IIA’s own Vision 2035 (and his post): 48% still view Internal Auditors […]| Norman Marks on Governance, Risk Management, and Internal Audit
Companies across the world are changing. Some are changing in response to changes in the economy, while others are changing in response to changes in technology. The point is that they are changing. That is not a surprise as we are hearing about layoffs and changes in direction all the time. For example: SAN FRANCISCO, […]| Norman Marks on Governance, Risk Management, and Internal Audit
I am going to look into my AI-enabled crystal ball and imagine the world of the future (the not-too-distant future) decision-maker. Then I will look again to see what the risk practitioner and the …| Norman Marks on Governance, Risk Management, and Internal Audit
Many years ago, my friend Ed Hill, a Managing Director with Protiviti at the time, coined the expression “there is no such thing as IT risk. There is only business risk.” Yet, people still talk about quantifying cyber risk in a silo. They talk about “risk to information assets” instead of risk to the achievement […]| Norman Marks on Governance, Risk Management, and Internal Audit
One of my audit committee members once told me that when he thinks of a model internal auditor, he thinks of me. I wasn’t sure how to take that! I know he meant it as a compliment, but while my business card might say that I was in charge of the internal audit function, that […]| Norman Marks on Governance, Risk Management, and Internal Audit
I recently discovered how some people are projecting that AI will transform the work of corporate counsel. Yes, there are several on how it will transform the work of the law firms, but I am concer…| Norman Marks on Governance, Risk Management, and Internal Audit
3 posts published by Norman Marks during July 2025| Norman Marks on Governance, Risk Management, and Internal Audit
Politicians in the US (at least on one side of the aisle) love to talk about “waste, fraud, and abuse”. How big is it? Google AI tells us: Estimates of the financial impact of waste, fraud, and abu…| Norman Marks on Governance, Risk Management, and Internal Audit
Richard Chambers and I go back many decades, first as colleagues and then as friends, and we have great mutual respect. While we often appear to disagree, that is more often than not in our choice …| Norman Marks on Governance, Risk Management, and Internal Audit
A recent article by Carol Williams of Strategic Decision Solutions carried this title and had some wisdom to share. For example, she said: Enterprise risk assessment can be defined as: “the practic…| Norman Marks on Governance, Risk Management, and Internal Audit