Bear with me for a moment or two, and set aside the standards and frameworks that provide definitions of “risk” and “risk management”. Why? As Grant Purdy (the grandfather and, IMHO, the grandmaster of risk management) together with the late Roger Estall proclaimed in the highly-rated Deciding: A guide to even better decision making (2020), […]| Norman Marks on Governance, Risk Management, and Internal Audit
Please read this excellent article, Big Four Giants Dive into AI Audits: Deloitte, EY, KPMG, and PwC Lead the Charge from Open Tools. It says: The Big Four accounting firms are racing to dominate A…| Norman Marks on Governance, Risk Management, and Internal Audit
2 posts published by Norman Marks during October 2025| Norman Marks on Governance, Risk Management, and Internal Audit
While most internal audit engagements are performed by the CAE’s staff, the CAE himself (I’ll go with ‘he’ to make this post easier to write) should be addressing many if not most of the top enterprise risks. In fact, much of the valuable assurance, advice, and insight provided by the internal audit function is by […]| Norman Marks on Governance, Risk Management, and Internal Audit
I am a huge believer in risk-based auditing and have been practicing it ever since I became an internal auditor many years ago. Some refer to risk-based auditing with an acronym of RBIA (making it …| Norman Marks on Governance, Risk Management, and Internal Audit
3 posts published by Norman Marks during September 2025| Norman Marks on Governance, Risk Management, and Internal Audit
AI is helping people across the extended enterprise in many ways. It is bringing efficiency, improved insights, and the ability to enhance products and customer services. Every day I am hearing about new uses. But I still worry that it can bring serious harm if we are not careful. Practitioners need to know how it […]| Norman Marks on Governance, Risk Management, and Internal Audit
What makes an ideal risk officer? Here are my thoughts on the most significant attributes. I welcome your thoughts. Has a deep understanding of the business, including its: Business processes Produ…| Norman Marks on Governance, Risk Management, and Internal Audit
I admit it. This post is inspired by a post with a similar name by my good friend and occasional debate partner, Richard Chambers: 10 Red Flags Your Internal Audit Function May Be Losing Ground. Have a look if you haven’t already read it. He makes some very good points. Here are his ten red […]| Norman Marks on Governance, Risk Management, and Internal Audit
Before I explain the mantra in the title of this blog post, I want to review some basics. 1. Boards and the CEO measure success based on the achievement of objectives. Some say those objectives are…| Norman Marks on Governance, Risk Management, and Internal Audit
5 posts published by Norman Marks during August 2025| Norman Marks on Governance, Risk Management, and Internal Audit
I would say that most IT auditors and CAEs are familiar with pre-implementation reviews. These are audit engagements designed to proactively work with management when there are system implementations. They provide assurance, advice, and insight on the effectiveness of the internal controls and security that will exist when the system is live. Pre-implementation reviews are […]| Norman Marks on Governance, Risk Management, and Internal Audit
My thanks and congratulations to Alexander Ruehle for his post this week on LinkedIn: Internal audit has just been audited by internal auditors. Why do I ask whether the profession and the IIA are at a crisis point? Consider that according to the IIA’s own Vision 2035 (and his post): 48% still view Internal Auditors […]| Norman Marks on Governance, Risk Management, and Internal Audit
I am going to look into my AI-enabled crystal ball and imagine the world of the future (the not-too-distant future) decision-maker. Then I will look again to see what the risk practitioner and the …| Norman Marks on Governance, Risk Management, and Internal Audit
I recently discovered how some people are projecting that AI will transform the work of corporate counsel. Yes, there are several on how it will transform the work of the law firms, but I am concer…| Norman Marks on Governance, Risk Management, and Internal Audit
Richard Chambers and I go back many decades, first as colleagues and then as friends, and we have great mutual respect. While we often appear to disagree, that is more often than not in our choice …| Norman Marks on Governance, Risk Management, and Internal Audit
A recent article by Carol Williams of Strategic Decision Solutions carried this title and had some wisdom to share. For example, she said: Enterprise risk assessment can be defined as: “the practic…| Norman Marks on Governance, Risk Management, and Internal Audit