Norman Marks

In this candid and thought-provoking piece, Norman Marks challenges conventional definitions of risk and risk management, arguing that most frameworks fail to resonate with how real-world decisions are made. Drawing from his decades of executive experience and referencing the ideas of Grant Purdy and Roger Estall, Marks reframes “risk” as simply “what might happen”, a practical, plain-English approach that bridges the gap between theory and management reality.

In Norman Marks’ latest piece, he emphasizes why boards, CEOs, and auditors should place their attention on the controls that matter most—those tied directly to enterprise objectives. Drawing on decades of experience, Marks underscores that auditing should be future-focused and risk-based, centering on the design and operation of critical internal controls rather than just data testing.

In this article, Norman Marks reflects on how internal audit must evolve in step with the rapid changes reshaping global businesses. Drawing on his own experience as Chief Audit Executive at Tosco Corporation, Marks argues that internal audit should be designed around the risk universe rather than static frameworks, emphasizing flexibility, agility, and a willingness to rethink traditional models in the face of AI-driven transformation.

In the latest piece from Norman Marks, the veteran governance, risk, and audit thought leader takes a bold leap into the near future, imagining how AI could fundamentally reshape decision-making, risk management, and the role of internal audit. Through a vivid crystal-ball scenario, Marks explores what happens when AI becomes a trusted partner for executives, operations, and assurance functions alike.

In Norman Marks’ latest piece, he dives into the persistent misconception that cyber risk stands apart from broader business concerns. Drawing on timeless advice from former Protiviti executive Ed Hill and tying in new findings from Qualys’ 2025 cyber risk report, Marks makes the case for breaking down silos and treating cyber as just one of many risks competing for limited resources and executive attention.

In Norman Marks’ latest piece, he challenges internal auditors to reflect on their role, their mindset, and their real value to the organization. Drawing from personal experience and professional insight, Marks lays out a series of contrasts that help auditors pinpoint where they stand and where they might want to go.

In this article, Norman Marks breaks down the double-edged nature of AI adoption in corporate legal departments, highlighting both the remarkable opportunities for productivity and the underappreciated risks that could undermine sound judgment, legal integrity, and even corporate stability. Drawing on recent industry surveys and personal observations, Marks makes a compelling case for why risk and audit professionals must step up and get involved.