Norman Marks

Talking About Internal Audit Assurance

In this article, Norman Marks breaks down the difference between traditional, retrospective assurance and the kind of forward-looking insight that truly supports decision-making. Drawing on his decades of experience, he challenges internal auditors to shift their focus from the past to the future, and to deliver assurance that helps organizations navigate the risks and opportunities ahead.

Is Resilience a Step Up from Risk Management?

In this reflective piece, risk management expert and author Norman Marks draws from his own leadership experience in IT and governance to explore the relationship between resilience and risk management. From disaster recovery planning to strategic decision-making, he explains why resilience, while essential, is just one tool in a much larger toolkit. Sometimes, being resilient isn’t enough. Sometimes, the smartest move is to change course altogether.

A New US Corporate Governance Code?

In this article, Norman Marks explores the absence of a formal US corporate governance code, unlike those adopted in other countries such as the UK, Japan, and South Africa. Marks discusses the newly introduced COSO Corporate Governance Framework, a collaboration with the National Association of Corporate Directors (NACD) and PwC, designed to guide organizations in enhancing their governance practices. While the framework offers valuable principles across six key components, Marks highlights its limitations, particularly its lack of enforceable authority and depth compared to a full-fledged governance code. This piece delves into the implications of the framework and raises important questions about the need for a US corporate governance code.

GRC vs ERM vs IRM vs Connected Risk vs ORM vs SRM vs TPRM

In Norman Marks' latest article, he explores the complexities of risk management and governance frameworks, shedding light on the often-confusing acronyms that are commonly used in the industry. From Governance, Risk, and Compliance (GRC) to Enterprise Risk Management (ERM), Integrated Risk Management (IRM), and beyond, Marks provides clarity on how these terms interconnect and why understanding their nuances is crucial for effective risk management in today’s business environment.

How Can You Use AI in a SOX Compliance Program?

In his latest article, Norman Marks investigates the evolving role of artificial intelligence (AI) in Sarbanes-Oxley (SOX) compliance, offering valuable insights into how AI can revolutionize internal controls and risk management practices. In this article, he explores the potential of AI to enhance the efficiency and effectiveness of SOX programs, from risk assessment to process documentation, and emphasizes the importance of maintaining a focus on financial statement integrity while navigating the opportunities and challenges AI presents.

Is it a Myth That Cyber is the Top Risk?

In his most recent article, Norman Marks investigates whether cyber truly stands as the top risk for organizations today. While surveys consistently highlight cyber as one of, if not the leading risk, Norman dives deeper into the data and offers a unique perspective on whether this truly reflects the reality organizations face.

What is the Future of Internal Auditing?

In this piece, Norman Marks addresses the evolving role of internal auditing in the face of rapid technological advancements, shifting business dynamics, and emerging risks. He challenges the profession to adapt, offering a pragmatic perspective on what auditors need to focus on today to remain valuable in the future.