First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Author Archive - Norman D. Marks, CPA, CRMA

Norman D. Marks is an Author, Evangelist and Mentor for Better Run Business, as well as an OCEG Fellow and Honorary Fellow of the Institute of Risk Management. Mr. Marks has been a practitioner and thought leader in internal audit, risk management, and governance for a long time. He has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions. Read more

Assessing the effectiveness of your risk management program

The IIA has published a new Practice Guide, Assessing the Risk Management Process. In IIA-speak, this is recommended but not mandatory guidance for its members.

 

, , ,

The wonder and joy of internal auditing

More than 17 years ago, The IIA’s magazine published an article of mine, The new age of internal auditing. I made some provocative comments, including:

 

, ,

Talking about software for GRC

The Open Compliance and Ethics Group (OCEG) recently published the 2019 OCEG GRC Technology Strategy Report.

 

, , , , , , ,

Those lists of greatest risks all miss the BIG one

When something goes wrong, 99.999999% of the time it’s because somebody made a poor decision (at least in hindsight). The risks associated with a poor decision could have major ramifications.

 

, , ,

The cyber heat map

Vince Dasta of Protiviti makes a good point (pun intended – as will be explained shortly) in Cyber Risk Assessment: Moving Past the “Heat Map Trap”.

 

, , ,

A management risk committee

A question from a follower of this blog on the same topic, had me searching for the charter of the risk committee I established, with the strong support of the CEO, at Business Objects.

 

, ,

Focusing board attention on management

Rather than trying to make sure themselves that everything is right, the board should focus its limited time on gaining comfort that it has the right management team in place, a team capable of getting things right.

 

, , , ,

The positive side of risk

So how should we talk about the good stuff if we reserve the word ‘risk’ for the bad?

 

, , ,

Hyperventilating about cyber – Part 2

Is the level of concern about cyber merited? Should organizations and individuals be as worried about the possibility and consequences of a breach as they are advised by the consultants, information security pundits, and in news reports?

 

, , , ,

Hyperventilating about cyber – Part I

It’s hard to see a survey these days that doesn’t include cyber as one of the top risks faced by organizations around the world. But should it be?

 

, , ,

Making intelligent decisions that consider cyber risk

Should the paradigm be changed from managing a list of cyber risks to helping the organization’s leaders take the right level of risk and manage the business for success?

 

, , ,

Excellent advice for all of us involved in managing risk

The International Federation of Accountants (IFAC) has published a first class document, Enabling the accountant’s role in effective enterprise risk management.

 

, , ,

Transforming risk management in 2019 and beyond

The consideration of risk is integrated into the setting and then the execution of strategies through daily decisions.

 

, ,

Advice for audit committees and oversight of external auditor

While it is clear that the role of the external auditor is important and that the audit committee is charged with their oversight, it is unusual to see advice on how that oversight should be discharged.

 

, ,

Stop managing and start taking risk

Success in business is taking the right level of the right risks. It all comes down to helping leaders make informed and intelligent decisions.

 

, , , , ,

Previous Posts Next posts