About Norman
I have been a practitioner and thought leader in internal audit, risk management, and governance for a long time.
I have led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.
I retired in early 2013. However, I still blog, write, train, and speak – and mentor individuals and organizations when I can. You can reach me at nmarks2@yahoo.com.
My books include:
- Management’s Guide to SOX – 5th Edition (2023)
- Understanding the Business Risk that is Cyber: A guide for both business executives and InfoSec managers to bridge the gap (2023)
- Auditing at the Speed of Risk with an Agile, Continuous Audit Plan (2022)
- Adventures in the Audit Trade (2022) – a novel
- Risk Management for Success (2020)
- Auditing that Matters: Case Studies and Auditing that Matters: Case Studies Discussion Guide (2019)
- Is your Internal Audit World-Class? A Maturity Model for Internal Audit (2019)
- Making Business Sense of Technology Risk (2019)
- Risk Management in Plain English: A Guide for Executives: Enabling Success through Intelligent and Informed Risk-Taking (2018)
- World-Class Risk Management (2015)
- World-Class Risk Management for Nonprofits (with Melanie L. Herman) (2017)
- Auditing that Matters (2016)World-Class Internal Audit: Tales from my Journey (2014)
- How Good is your GRC? Twelve Questions to Guide Executives, Boards, and Practitioners (2014)
I continue to lead workshops designed for experienced practitioners on the topics of Sarbanes-Oxley, effective risk management, and building a world-class internal audit function.
I am also working with individuals and companies, including software vendors, where my knowledge and experience is seen of value.
I do occasional consulting, but only on projects of a short duration. For example, I have helped organizations upgrade their risk management, internal audit, and SOX programs. But I have turned down opportunities to review risk management at national banks.
I am fortunate to have been recognized and made a Fellow by OCEG for my commentary on GRC, and an Honorary Fellow of the Institute of Risk Management for my contribution to the risk management field. In 2018, I was inducted into the IIA’s American Hall of Distinguished Practitioners. I am also pleased to contribute to the profession through my activities in support of the IIA, articles in various publications, and more.
FOLLOW ME
Please consider following me on Twitter, where I share daily news and opinion on topics that I hope will be interesting to governance, risk, audit, and other professionals: @normanmarks
SPEAKING
Please let me know if you are looking for speakers, whether for a conference, chapter meeting, or for your department’s training week. I have spoken recently about:
- Risk management in plain English
- Making business sense of technology risk
- Fundamentals of risk management and how to audit it
- World-class internal auditing
- World-class risk management
- IT audit and how it needs to change
- How disruptive technology should change IT risk management
- Continuous auditing/monitoring
- What is GRC and what does it mean for you?
- Managing risk at the speed of business
- The GAIT methodology for business and IT risk scoping
- and more
WEBCASTS, PODCASTS, AND VIDEOS
I have my own YouTube channel where I have posted “Storytime with Norman” and other videos: Youtube.com/@NormanMarks8896.
In addition, there are these: I recommend searching for Norman Marks on YouTube to see everything that I and others have posted.
- What should risk management be about?
- Auditing that matters (1/3)
- Debate with Alexei Sidorenko on the value of ERM
- Risk management in plain English
- Discussion with Richard Chambers on risks
- Debate with Richard Chambers on audit opinions
- Measuring the likelihood of success
- Protect and Grow Shareholder Value with Best Practices and Effective Tools
OTHER
I am passionate about internal audit, risk management, governance, and the topic of success. If you are interested in conversation and discussion, please feel free to contact me.
I am also somewhat of a mentor, giving back to the profession, so if you have a tough situation and want to talk – contact me.
Finally, I am open to opportunities such as serving on a board, if there is a need for an experienced practitioner and thought leader around internal audit, risk management, etc.