First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Author Archive - Norman D. Marks, CPA, CRMA

Norman D. Marks is an Author, Evangelist and Mentor for Better Run Business, as well as an OCEG Fellow and Honorary Fellow of the Institute of Risk Management. Mr. Marks has been a practitioner and thought leader in internal audit, risk management, and governance for a long time. He has led large and small internal audit departments, been a Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions. Read more

New guidance for risk committees

A new publication by the Risk Coalition (a group of organizations in the UK that includes their Institute of Directors, a couple of risk management associations, and the organizations for internal and external auditors) merits our attention. Raising the Bar: Principles-based guidance for board risk committees and risk functions in the UK Financial Services Sector has some interesting content. For example, it says:

 

, , , , , ,

Guiding principles of corporate governance

The IIA should be congratulated for its recent publication, prepared in collaboration with the Neel Corporate Governance Center at the University of Tennessee, Knoxville, of Guiding Principles of Corporate Governance.

 

, , , ,

A risk case study

I returned this week from a vacation in Mexico, including a day at the Copper Canyon. Our tour guide took about 20 of us down the mountain side to see some Tarahumara Indian homes. I decided that I wanted to come back ahead of the group, finding my way back up the path and steps to our hotel at the top. What might happen along the way? In other words, what would a risk manager put on a list or heat map?

 

, , , ,

Why does internal audit need to be agile?

You don’t have to go very far to hear an internal audit leader talk about agile. Richard Chambers, President and CEO of the IIA, shared this:

 

, , , , , ,

Silos are thriving even in ERM programs

You are the captain of a ship that is sailing from Singapore to Auckland with a cargo that needs to be kept cold and will lose its freshness if you don’t arrive within a few days of your schedule.

 

, , , , , , ,

New report on the cost of a cyber breach

You may be surprised to hear that the average cost of a data breach is just $3.9 million. That sounds far different than indicated by the alarm bells screaming at you from all sides.

 

, , , ,

Finally some good advice on risk for boards

While I still disagree in some areas, I applaud Jim DeLoach for his latest piece for the (US) National Association of Corporate Directors, Revamping Risk in the Digital Age. Please read the entire piece, but here are points I especially like, with my highlights:

 

, , , , , ,

How effective is risk management today?

If you want to know how effective risk management is, you should ask the customer and not the provider.

 

, , , ,

Did risk management fail?

Every so often, something bad happens to an organization and people say that risk management, perhaps governance, failed.

 

, , , ,

How effective is your internal audit function? Is it world-class?

When I became a CAE, I started by benchmarking against firms that had a great reputation, either for their business practices or internal audit departments. That is still a good idea and I recommend it.

 

, , ,

Amazing insights on cyber

A couple of recent pieces shed some light, some amazing light, on how cyber-related risk is perceived by executives and the board.

 

, , , , , ,

Common sense talk about risk heat maps and more

Only when the business impact is understood does it make sense to get into the details of which risks to which information assets should be mitigated and how.

 

, , , , , ,

Allegations and investigations

What we should all note from the news is that a failure to perform an appropriate investigation is a serious source of risk to any organization.

 

, , , , , ,

KPMG studies ERM and gets some things right but misses the key point

There’s some good material in KPMG’s Enterprise Risk Management Benchmarking Study, subtitled Evolving to an active, integrated and agile approach amidst change and disruption.

 

, , , , ,

The board and cyber security

There’s another useful article on Forbes. How to talk to the board about cybersecurity is written by an experienced CIO, John Matthews. Here are some useful excerpts with my highlights:

 

, , , , , , , ,

Previous Posts