First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Author Archive - Norman D. Marks, CPA, CRMA

Norman D. Marks is an Author, Evangelist and Mentor for Better Run Business, as well as an OCEG Fellow and Honorary Fellow of the Institute of Risk Management. Mr. Marks has been a practitioner and thought leader in internal audit, risk management, and governance for a long time. He has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions. Read more

Rethinking internal auditing

In 1998, the magazine of the American Institute of Certified Public Accountants (AICPA), the Journal of Accountancy, approached the IIA. They said they wanted to write an article about progressive internal auditing leaders and (I thank them) the IIA pointed them to me.

 

, , , ,

What makes for effective decision-making?

I was talking with a friend about decision-making and decided to put together a list of principles for effective decision-making. This is my first shot. What do you think? What would you change?

 

, , ,

Time to wake up to risk reality

For 11 years, the ERM Initiative at North Carolina University has surveyed executives (this year they were again all financial executives) about what they call “the current state of risk oversight processes in organizations of all types and sizes to obtain an understanding of the relative maturity of underlying activities executives and boards use to monitor the rapidly changing risk landscape”.

 

, , , , ,

Everybody should be familiar with this

Scenario analysis is a method for creating responses to various future events with the aim of reducing uncertainty and maximizing the chances of achieving a desired outcome.

 

, , , , ,

Risk-based cyber risk reporting

I encourage you to subscribe (free) to McKinsey’s frequent reports. Their latest, Enhanced cyberrisk reporting: Opening doors to risk-based cybersecurity has some good observations. Unfortunately, their ideas for addressing the problem don’t work for me.

 

, , ,

New ERM Guidance from COSO

Creating and Protecting Value: Understanding and Implementing Enterprise Risk Management is based on COSO’s 2017 update of its 2004 ERM Framework. Their intent is to explain how effective ERM can add value to an organization, and to give some guidance on how to implement or upgrade it.

 

, , ,

Boasting about internal audit value

Richard Chambers, President and CEO of the global Institute of Internal Auditors, is a friend whose leadership at the IIA and of internal audit practices I value and respect. Recently, he wrote a blog, One Mistake Internal Audit Cannot Afford to Make in 2020.

 

, , , ,

Which comes first, risk or control?

Can you assess the overall system of internal controls without considering risk management? I don’t think so, and neither does COSO. That is why there is a risk component in their internal control framework.

 

, , ,

A new code sets back the status and practice of internal auditing

he Chartered Institute of Internal Auditors (the UK affiliate of the global Institute of Internal Auditors) is usually a thought leader, promoting and explaining best and leading internal auditing practices. For example, they have done excellent work on [enterprise] risk-based auditing.

 

, , ,

Risk and consequences

I like to think that effective risk management helps the managers of an organization, at all levels, make the informed and intelligent decisions necessary for success – reliably achieving enterprise objectives considering all the things that might happen, both positive and negative.

 

, , , ,

New guidance for risk committees

A new publication by the Risk Coalition (a group of organizations in the UK that includes their Institute of Directors, a couple of risk management associations, and the organizations for internal and external auditors) merits our attention. Raising the Bar: Principles-based guidance for board risk committees and risk functions in the UK Financial Services Sector has some interesting content. For example, it says:

 

, , , , , ,

Guiding principles of corporate governance

The IIA should be congratulated for its recent publication, prepared in collaboration with the Neel Corporate Governance Center at the University of Tennessee, Knoxville, of Guiding Principles of Corporate Governance.

 

, , , ,

A risk case study

I returned this week from a vacation in Mexico, including a day at the Copper Canyon. Our tour guide took about 20 of us down the mountain side to see some Tarahumara Indian homes. I decided that I wanted to come back ahead of the group, finding my way back up the path and steps to our hotel at the top. What might happen along the way? In other words, what would a risk manager put on a list or heat map?

 

, , , ,

Why does internal audit need to be agile?

You don’t have to go very far to hear an internal audit leader talk about agile. Richard Chambers, President and CEO of the IIA, shared this:

 

, , , , , ,

Silos are thriving even in ERM programs

You are the captain of a ship that is sailing from Singapore to Auckland with a cargo that needs to be kept cold and will lose its freshness if you don’t arrive within a few days of your schedule.

 

, , , , , , ,

Previous Posts