Norman Marks

In this article, Norman Marks explores the absence of a formal US corporate governance code, unlike those adopted in other countries such as the UK, Japan, and South Africa. Marks discusses the newly introduced COSO Corporate Governance Framework, a collaboration with the National Association of Corporate Directors (NACD) and PwC, designed to guide organizations in enhancing their governance practices. While the framework offers valuable principles across six key components, Marks highlights its limitations, particularly its lack of enforceable authority and depth compared to a full-fledged governance code. This piece delves into the implications of the framework and raises important questions about the need for a US corporate governance code.

In Norman Marks' latest article, he explores the complexities of risk management and governance frameworks, shedding light on the often-confusing acronyms that are commonly used in the industry. From Governance, Risk, and Compliance (GRC) to Enterprise Risk Management (ERM), Integrated Risk Management (IRM), and beyond, Marks provides clarity on how these terms interconnect and why understanding their nuances is crucial for effective risk management in today’s business environment.

In his latest article, Norman Marks investigates the evolving role of artificial intelligence (AI) in Sarbanes-Oxley (SOX) compliance, offering valuable insights into how AI can revolutionize internal controls and risk management practices. In this article, he explores the potential of AI to enhance the efficiency and effectiveness of SOX programs, from risk assessment to process documentation, and emphasizes the importance of maintaining a focus on financial statement integrity while navigating the opportunities and challenges AI presents.

In his most recent article, Norman Marks investigates whether cyber truly stands as the top risk for organizations today. While surveys consistently highlight cyber as one of, if not the leading risk, Norman dives deeper into the data and offers a unique perspective on whether this truly reflects the reality organizations face.

In this piece, Norman Marks addresses the evolving role of internal auditing in the face of rapid technological advancements, shifting business dynamics, and emerging risks. He challenges the profession to adapt, offering a pragmatic perspective on what auditors need to focus on today to remain valuable in the future.

In this article, Norman Marks inspects the concept of "risk appetite," challenging its validity and questioning its role in decision-making. Drawing from personal experiences and real-world examples, Marks argues that the traditional approach to defining and managing risk is overly simplistic and fails to capture the complexity of real-world risk. He critiques the common practice of quantifying risk as a single number and suggests that a more dynamic, objective-driven approach is needed. Rather than focusing on a static "risk appetite," Marks proposes that organizations should consider the likelihood of achieving their objectives, using risk as a factor in the decision-making process.

In this article by Norman Marks, he explores the critical intersection of Return on Investment (ROI) and risk management. The evolving landscape of risk management requires organizations to make informed decisions about how they treat and mitigate risk, ensuring that each investment aligns with strategic goals. In this piece, we’ll dive deeper into the concept of ROI as it relates to risk management and explore why every risk treatment should be evaluated not just for its effectiveness but also for the return on that investment.