About Norman

WHO AM I?

I have been a practitioner and thought leader in internal audit, risk management, and governance for a long time.

I have led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.

I retired in early 2013. However, I still blog, write, train, and speak – and mentor individuals and organizations when I can. You can reach me at nmarks2@yahoo.com.

My books include:

Management’s Guide to SOX – 5th Edition (2023)
Understanding the Business Risk that is Cyber: A guide for both business executives and InfoSec managers to bridge the gap (2023)
Auditing at the Speed of Risk with an Agile, Continuous Audit Plan (2022)
Adventures in the Audit Trade (2022) – a novel
Risk Management for Success (2020)
Auditing that Matters: Case Studies and Auditing that Matters: Case Studies Discussion Guide (2019)
Is your Internal Audit World-Class? A Maturity Model for Internal Audit (2019)
Making Business Sense of Technology Risk (2019)
Risk Management in Plain English: A Guide for Executives: Enabling Success through Intelligent and Informed Risk-Taking (2018)
World-Class Risk Management (2015)
World-Class Risk Management for Nonprofits (with Melanie L. Herman) (2017)
Auditing that Matters (2016)World-Class Internal Audit: Tales from my Journey (2014)
How Good is your GRC? Twelve Questions to Guide Executives, Boards, and Practitioners (2014)

I continue to lead workshops designed for experienced practitioners on the topics of Sarbanes-Oxley, effective risk management, and building a world-class internal audit function.

I am also working with individuals and companies, including software vendors, where my knowledge and experience is seen of value.

I do occasional consulting, but only on projects of a short duration. For example, I have helped organizations upgrade their risk management, internal audit, and SOX programs. But I have turned down opportunities to review risk management at national banks.

I am fortunate to have been recognized and made a Fellow by OCEG for my commentary on GRC, and an Honorary Fellow of the Institute of Risk Management for my contribution to the risk management field. In 2018, I was inducted into the IIA’s American Hall of Distinguished Practitioners. I am also pleased to contribute to the profession through my activities in support of the IIA, articles in various publications, and more.

FOLLOW ME

Please consider following me on Twitter, where I share daily news and opinion on topics that I hope will be interesting to governance, risk, audit, and other professionals: @normanmarks

SPEAKING

Please let me know if you are looking for speakers, whether for a conference, chapter meeting, or for your department’s training week. I have spoken recently about:

Risk management in plain English
Making business sense of technology risk
Fundamentals of risk management and how to audit it
World-class internal auditing
World-class risk management
IT audit and how it needs to change
How disruptive technology should change IT risk management
Continuous auditing/monitoring
What is GRC and what does it mean for you?
Managing risk at the speed of business
The GAIT methodology for business and IT risk scoping
and more

WEBCASTS, PODCASTS, AND VIDEOS

I have my own YouTube channel where I have posted “Storytime with Norman” and other videos: Youtube.com/@NormanMarks8896.

In addition, there are these: I recommend searching for Norman Marks on YouTube to see everything that I and others have posted.

OTHER

I am passionate about internal audit, risk management, governance, and the topic of success. If you are interested in conversation and discussion, please feel free to contact me.

I am also somewhat of a mentor, giving back to the profession, so if you have a tough situation and want to talk – contact me.

Finally, I am open to opportunities such as serving on a board, if there is a need for an experienced practitioner and thought leader around internal audit, risk management, etc.