August | 2025 | Norman Marks on Governance, Risk Management, and Internal Audit
5 posts published by Norman Marks during August 2025| Norman Marks on Governance, Risk Management, and Internal Audit
5 posts published by Norman Marks during August 2025| Norman Marks on Governance, Risk Management, and Internal Audit
I would say that most IT auditors and CAEs are familiar with pre-implementation reviews. These are audit engagements designed to proactively work with management when there are system implementations. They provide assurance, advice, and insight on the effectiveness of the internal controls and security that will exist when the system is live. Pre-implementation reviews are […]| Norman Marks on Governance, Risk Management, and Internal Audit
My thanks and congratulations to Alexander Ruehle for his post this week on LinkedIn: Internal audit has just been audited by internal auditors. Why do I ask whether the profession and the IIA are at a crisis point? Consider that according to the IIA’s own Vision 2035 (and his post): 48% still view Internal Auditors […]| Norman Marks on Governance, Risk Management, and Internal Audit
Companies across the world are changing. Some are changing in response to changes in the economy, while others are changing in response to changes in technology. The point is that they are changing. That is not a surprise as we are hearing about layoffs and changes in direction all the time. For example: SAN FRANCISCO, […]| Norman Marks on Governance, Risk Management, and Internal Audit
I am going to look into my AI-enabled crystal ball and imagine the world of the future (the not-too-distant future) decision-maker. Then I will look again to see what the risk practitioner and the …| Norman Marks on Governance, Risk Management, and Internal Audit
Many years ago, my friend Ed Hill, a Managing Director with Protiviti at the time, coined the expression “there is no such thing as IT risk. There is only business risk.” Yet, people still talk about quantifying cyber risk in a silo. They talk about “risk to information assets” instead of risk to the achievement […]| Norman Marks on Governance, Risk Management, and Internal Audit
One of my audit committee members once told me that when he thinks of a model internal auditor, he thinks of me. I wasn’t sure how to take that! I know he meant it as a compliment, but while my business card might say that I was in charge of the internal audit function, that […]| Norman Marks on Governance, Risk Management, and Internal Audit
I recently discovered how some people are projecting that AI will transform the work of corporate counsel. Yes, there are several on how it will transform the work of the law firms, but I am concer…| Norman Marks on Governance, Risk Management, and Internal Audit
3 posts published by Norman Marks during July 2025| Norman Marks on Governance, Risk Management, and Internal Audit
When I started writing this post, Microsoft Word offered to help. Its AI asked what I wanted to write about and then developed a draft that had some excellent content. It wasn’t what I wanted to write, but I am going to steal some excellent parts starting with: Ask the average person about internal auditors, […]| Norman Marks on Governance, Risk Management, and Internal Audit
Politicians in the US (at least on one side of the aisle) love to talk about “waste, fraud, and abuse”. How big is it? Google AI tells us: Estimates of the financial impact of waste, fraud, and abu…| Norman Marks on Governance, Risk Management, and Internal Audit
I was raised with the importance of “manners”. They matter to me. They should matter to everybody. But they are especially important for internal auditors. Manners are how you show respect for others. Manners help you build and maintain constructive relationships. Manners help you get people to talk and to listen to you. Manners show […]| Norman Marks on Governance, Risk Management, and Internal Audit
I am all in favor of being resilient. Gemini Ai tells us: Resilience is the ability to adapt to and recover from adversity, trauma, tragedy, threats, or significant sources of stress. One of my res…| Norman Marks on Governance, Risk Management, and Internal Audit
3 posts published by Norman Marks during June 2025| Norman Marks on Governance, Risk Management, and Internal Audit
A few years ago, the IIA published an Internal Audit Assessment Tool for audit committees. I think it is one of their best products. The guide suggests asking these big-questions first. (I have hig…| Norman Marks on Governance, Risk Management, and Internal Audit
Richard Chambers and I go back many decades, first as colleagues and then as friends, and we have great mutual respect. While we often appear to disagree, that is more often than not in our choice …| Norman Marks on Governance, Risk Management, and Internal Audit
A recent article by Carol Williams of Strategic Decision Solutions carried this title and had some wisdom to share. For example, she said: Enterprise risk assessment can be defined as: “the practic…| Norman Marks on Governance, Risk Management, and Internal Audit
