Norman Marks
Writer and Blogger at Freelance
Blogger, speaker, and author considered by some a thought leader on internal audit, risk, governance, and GRC.
Articles
-
4 days ago |
normanmarks.wordpress.com | Norman Marks
Claire Berry has shared an excellent set of Ten Things Internal Audit Teams Should Do In Turbulent Times:Refresh the Risk AssessmentBe Agile with the Audit PlanMonitor for Control BreakdownsAudit Crisis Response and ContinuityWatch Third-Party RiskSupport Cost ContainmentKeep Ethics in FocusCommunicate with CourageTrack Regulatory ShiftsSupport Your TeamThese ten points, with a few bullet points of detail for each, are outstanding!There’s a lot to consider and act upon.
-
2 weeks ago |
normanmarks.wordpress.com | Norman Marks
I have a couple of suggestions (with a lot of detail) that will help a risk, audit, security, or other practitioner be successful and enjoy their work. But first, I send my congratulations to Mohsin Aqeel for his recent LinkedIn post, Welcome to Internal Audit – Hard Skills to Build in Your First 2 Years. He makes several good points, especially this one for internal auditors:Ask…Why was this area selected in the audit plan? How was risk assessed? What are we expecting from this engagement?
-
2 weeks ago |
normanmarks.wordpress.com | Norman Marks
There’s an old joke:Q: How do you eat an elephant? A: One bite at a time. You could also ask:Q: How do you audit the entire system of internal control (i.e., for all objectives)? A: One audit of high sources of risk at a time. The answer is the essence of (enterprise) risk-based auditing. Now extend it:Q: How do you audit the processes and practices of risk management? A: One audit of high sources of risk at a time.
-
3 weeks ago |
normanmarks.wordpress.com | Norman Marks
When I think about risk management and the business I usually have the perspective of a business leader. Maybe that’s because by the time I was leading a risk management function, I was already a vice president and working with the executive management team. I was focused on helping them succeed; I was not one of the people using the tools and techniques of the specialist risk practitioner to quantify and report risk levels.
-
3 weeks ago |
normanmarks.wordpress.com | Norman Marks
It’s a rare company that doesn’t have too many controls in scope for SOX. Many have far more than they need. I am not surprised when a reinvigorated focus on a risk-based program is able to deliver cuts in scope of 20%-50%. The secret to the “right” scope is in understanding what should be included:The controls relied upon to either prevent or detect a material error or omission in the financial statements filed with the SEC. What doesn’t have to be included?
Try JournoFinder For Free
Search and contact over 1M+ journalist profiles, browse 100M+ articles, and unlock powerful PR tools.
Start Your 7-Day Free Trial →X (formerly Twitter)
- Followers
- 7K
- Tweets
- 26K
- DMs Open
- No
Risk is not about money. In today's blog post, I talk about the practice of calculating the level of #risk in monetary terms. I share real-life examples as I argue for tailoring risk information to the needs of decision-makers. https://t.co/BwMrtshw68 via @normanmarks
RT @OlenaRohoza: Can we get 5000 people to reply "I stand with Ukraine 🇺🇦"? Yes or No https://t.co/ftOQJwASe5
RT @MAGACult2: Powerful. Ukrainians kneel to pay homage to one of their fallen soldiers. https://t.co/hnDjqkqiqZ