About Norman D. Marks, CPA, CRMA

Norman has led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions. He retired in early 2013. However, he still blogs, writes, trains, and speaks – and mentors individuals and organizations when he can.
Imagen 1

A really concise version of the IIA’s new Global Internal Audit Standards (GIAS)

I want to share below a 6 page version that contains only the Purpose Statement, the Principles, and the main part of each Standard.

Norman D. Marks, CPA, CRMA

Time to read 12 minutes read
Calendar September 18, 2024
compliance
Global Internal Audit Standards
governance
Imagen 1

Internal audit and generative AI

We should understand the more significant risks to enterprise objectives, identify the audits we want to perform, and only then select the best tools for the job – which may or may not include AI.

Norman D. Marks, CPA, CRMA

Time to read 3 minutes read
Calendar July 17, 2024
artificial intelligence
cyber breaches
data leaks
Imagen 1

A risk-based approach to auditing governance processes

Should internal audit departments audit governance processes? Can they effectively assess board operations? Isn’t that the responsibility of the board itself, generally through a governance committee? Are we sufficiently independent, because we report to the audit committee of the board, and do we have the necessary skills?

Norman D. Marks, CPA, CRMA

Time to read 16 minutes read
Calendar June 19, 2024
Audits
financial reporting
governance
Imagen 1

Was Silicon Valley Bank a failure of risk management?

I have seen some unfortunate postings on social media and in the news. Self-appointed experts telling us what happened, why, and whose fault it was. There’s a political battle going on as well, with people blaming federal government administrations, regulators, and so on. I’m not going to get into that. But I think it is important for governance, risk, and audit practitioners to understand the situation and its implications.

Norman D. Marks, CPA, CRMA

Time to read 10 minutes read
Calendar March 28, 2023
Audits
governance
interest rate risk
Imagen 1

Common sense on cybersecurity

Today’s post contrasts two recent pieces. PwC shared some very traditional thinking in Overseeing cyber risk: the board’s role.

Norman D. Marks, CPA, CRMA

Time to read 5 minutes read
Calendar July 20, 2022
Business
cybersecurity
internal control
Imagen 1

Auditing at the speed of risk with an agile, continuous audit plan 

Risks and business conditions change all the time, so an annual plan or even one that is updated quarterly won’t lead to auditing what matters today. You audit what used to matter.

Norman D. Marks, CPA, CRMA

Time to read 2 minutes read
Calendar June 22, 2022
audit
audit plan
auditing
Imagen 1

Six principles for effective risk management

In World-Class Risk Management, I review the eleven principles in the ISO 31000:2009 global risk management standard and condense them to just six.

Norman D. Marks, CPA, CRMA

Time to read 3 minutes read
Calendar September 20, 2017
achieving objectives
actionable information
effective risk management