Norman Marks, Author at Insurance Thought Leadership



Norman Marks

Norman Marks

Norman Marks has spent more than a decade as a chief audit executive (CAE) for major companies, with as much as $28 billion in annual revenue. He has implemented risk management, ethics programs and disclosure processes at multiple organizations.

He is a recognized thought leader in the professions of internal auditing and risk management and is a frequent speaker and writer on governance, risk and controls. He is the author of the popular book from the Institute of Internal Auditors (IIA) on Sarbanes-Oxley Section 404 and of the IIA’s GAIT family of guidance products.

Marks has built or repaired internal audit functions to world-class standards and is recognized by management, audit committee members, service providers, CPA firms, peer CAEs and other internal audit leaders.

His specialties are: internal audit, risk management, governance and global risk consulting (GRC).

Recent Articles by Norman Marks

The Current State of Risk Management

The Ponemon Institute recently shared the results of its survey on risk management: The Imperative to Raise Enterprise Risk Intelligence: Inside the Promise & Pitfalls of Enterprise Risk Management. The results are disturbing, but unfortunately what I had anticipated. The 641 who answered the survey were involved in risk management within their organization, so the results are […]

New Guidance on Operational Risk

The Risk Management Association has published Key Principles of Operational Risk Management. Designed by practitioners at financial services organizations, the document makes a number of good points. But let me start with what is missing: guidance on when to take risks. When an organization is focused on avoiding failure, it is very hard to be successful. […]

A Revolution in Risk Management

The management of risk, whether you call it enterprise risk management, strategic risk management or something else, is about helping an organization achieve its objectives. All the standards, frameworks and guidelines talk about risk in terms of its ability to affect the achievement of the organization’s objectives. Typically, reporting to the management team and the board […]

How to Respond to Wells Fargo Fraud

I hope the Wells Fargo scam is causing boards, executives and practitioners everywhere to pause and reflect: Could something like this happen to us? If it can happen at a great institution like Wells Fargo, it can probably happen anywhere. In a couple of posts, I have shared questions that should have been asked and […]

Risk Management, in Plain English

For a while, I have been saying that one of the reasons for the disconnect between senior executives and risk practitioners is the latter’s language. Leaders of the organization speak in plain English about the achievement of corporate objectives such as earnings, profits and projects. Leaders of the risk management function talk about risks, impact […]

Key Misunderstanding on Risk Management

Bob Kaplan deserves our respect. Famous for his contribution to management with the balanced scorecard, he is now senior fellow and Marvin Bower professor of leadership development, emeritus at the Harvard Business School. (I have never had the privilege of meeting him.) His colleague, Anette Mikes, was with him at Harvard, and she is now professor of […]

Should We Take This Risk?

Who takes risk? Who decides whether the risk should be taken? How do they know what the desired level of risk is? How do senior management and the board obtain assurance that the right risks, at the right level, will be taken? These are important questions, and every risk (and audit) practitioner should understand the […]

Why Do Some Take Risks, Others Not?

Every time you breathe, you take a risk. But, usually, the potential for harm is greater if you don’t breathe. (There are exceptions, such as when your head is under water without a breathing mask.) Every time you make a decision, you take a risk; we take risk all the time, in pretty much every facet […]

Integrating Strategy, Risk and Performance

While many (including me) talk about the need for integrating the setting and execution of strategy, the management of risk, decision-making and performance monitoring, reporting and management, there isn’t a great deal of useful guidance on how to do it well. A recent article in CGMA Magazine, 8 Best Practices for Aligning Strategy, Planning and […]

How to Evaluate the External Auditors

The Audit Committee Collaboration (six associations or firms, including the National Association of Corporate Directors and NYSE Governance Services) recently published External Auditor Assessment Tool: A Reference for Audit Committees Worldwide. It’s a good product, useful for audit committees and those who advise them — especially chief audit executives (CAEs), CFOs and general counsel. The […]

How Much Cyber Risk Should You Take?

I have been spending a fair amount of time over the last few months, talking and listening to board members and advisers, including industry experts, about cyber risk. A number of things are clear: Boards, not just those members who are on the audit or risk committee, are concerned about cyber and the risk it […]

12 Questions for Managing Cyber Risk

Recently, I participated in an NACD Master Class. I was a panelist in discussions of technology and cyber risk with 40 to 50 board members very actively involved, because this is a hot topic for boards. I developed and shared a list of 12 questions that directors can use when they ask management about their […]

New Perspectives on Cyber Security

The world continues to buzz about cyber security (or, perhaps we should say, insecurity). Now we have the Chinese government apparently admitting that it has a cyberwarfare capability: not just one unit, but three. Other nations, including the U.S., Japan and some European nations, are talking about their ineffective defenses and the need to develop […]

Pointers on Managing GRC Issues

MetricStream has shared with us a November 2014 report from the analyst firm Forrester: Predictions 2015: The Governance, Risk and Compliance Market Is Ready For Disruption. (Registration required.) I have had serious issues in the past with Forrester, its portrayal of governance, risk management and compliance (GRC), its assessment of vendors’ solutions and its advice to organizations considering […]

A Better Way to Think About Reputation Risk

A new survey by Deloitte reinforces the obvious truth that a smart CEO and her board will nurture the organization’s reputation because it is critical to success (in almost every case). The survey states one other truth that should be obvious to us all: “Reputation risk is driven by other business risks.” As Miriam Kraus, a senior vice […]

Giving the Gift of Books on Risk Management

As we near the gift-giving season, here are some books on risk management you might consider as gifts for yourself, your team or a friend with a passion for risk management. First, here are two from one of the gurus of risk management. Felix Kloman styles himself “a long-time student of the discipline of risk management” […]

Connect With Norman Marks

  • Cyber
  • Enterprise Risk Management
  • Personal Risk Management
Do NOT follow this link or you will be banned from the site!