Norman Marks

Lessons Learned From The Transition To COSO 2013

7-May-2015 | Norman Marks

Protiviti has shared with us a useful Top 10 Lessons Learned from Implementing COSO 2013. I especially like this section: It is presumed that everyone understands that a top-down, risk-based appro

The Most Important Sentence In COSO

6-May-2015 | Norman Marks

In my opinion, one sentence stands out, whether you are looking at the COSO Internal Control – Integrated Framework (2013 version) or the COSO Enterprise Risk Management – Integrated Framework.

A Study In Enterprise Risk Management

4-May-2015 | Norman Marks

A new article in Singapore’s Business Times explains that when Singapore achieved its independence in 1965 (through separation from Malaysia), its attention to enterprise risk management helped it b

privacy security

Privacy Risk Management And Compliance

17-Apr-2015 | Norman Marks

I have been a big fan of the Open Compliance and Ethics Group for many years (since well before it honored me as a Fellow). OCEG is a not-for-profit organization that focuses on “principled perfo

Understanding And Managing Cyber Risk

31-Mar-2015 | Norman Marks

Last week, I participated in an NACD Master Class. I was a panelist in discussions of technology and cyber risk with 40-50 board members very actively involved – because this is a hot topic for boar

New Information And Perspectives On Cyber Security

26-Mar-2015 | Norman Marks

The world continues to buzz about cyber security (or, perhaps we should say, insecurity). Now we have the Chinese government apparently admitting that they have a cyberwarfare capability: not just one

Drive Business Results By Harnessing Uncertainty

11-Feb-2015 | Norman Marks

I am very pleased to see new guidance on risk management from Ernst & Young (EY) that recognizes that risk management is not a defensive activity designed only to protect value. It can and should

What Should The Audit Committee Focus On In 2015?

6-Feb-2015 | Norman Marks

Every year, the audit firms provide audit committees with their ideas of what the agenda should include in the coming year. Their ideas are usually good, although typically (and understandably) focus

Hire People Who Can Think

18-Dec-2014 | Norman Marks

I am often encouraged by surveys of the attributes executives look for when they hire. An increasing number recognize that education, certifications, and even experience are insufficient. The so-ca

Why Internal Audit Fails At Many Organizations

12-Dec-2014 | Norman Marks

When recent studies by KPMG and PwC indicate that about half of internal audit’s key stakeholders (board members and top executives) do not believe that internal audit is neither delivering the valu