I want to share below a 6 page version that contains only the Purpose Statement, the Principles, and the main part of each Standard.
Norman D. Marks, CPA, CRMA
One way that practitioners can both add immense value and reduce the risk of ineffective governance processes is by helping the board (or governing body) perform a self-assessment.
Norman D. Marks, CPA, CRMA
We should understand the more significant risks to enterprise objectives, identify the audits we want to perform, and only then select the best tools for the job – which may or may not include AI.
Norman D. Marks, CPA, CRMA
Should internal audit departments audit governance processes? Can they effectively assess board operations? Isn’t that the responsibility of the board itself, generally through a governance committee? Are we sufficiently independent, because we report to the audit committee of the board, and do we have the necessary skills?
Norman D. Marks, CPA, CRMA
I have seen some unfortunate postings on social media and in the news. Self-appointed experts telling us what happened, why, and whose fault it was. There’s a political battle going on as well, with people blaming federal government administrations, regulators, and so on. I’m not going to get into that. But I think it is important for governance, risk, and audit practitioners to understand the situation and its implications.
Norman D. Marks, CPA, CRMA
Today’s post contrasts two recent pieces. PwC shared some very traditional thinking in Overseeing cyber risk: the board’s role.
Norman D. Marks, CPA, CRMA
Risks and business conditions change all the time, so an annual plan or even one that is updated quarterly won’t lead to auditing what matters today. You audit what used to matter.
Norman D. Marks, CPA, CRMA
In World-Class Risk Management, I review the eleven principles in the ISO 31000:2009 global risk management standard and condense them to just six.
Norman D. Marks, CPA, CRMA