I have been a practitioner and thought leader in internal audit, risk management, and governance for a long time. I have led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT Security and governance functions.
I have a second blog at www.theiia.org/blogs/marks and I try to post on both once a week.
I retired in early 2013. However, I still blog, write, train, and speak – and mentor individuals and organizations when I can. You can reach me at email@example.com.
My latest adventure is a collaboration with Richard Anderson, former chairman of the Institute of Risk Management. Risk ReImagined includes webinars and one-day in-person events around the world where we can have a conversation about the effective management of risk.
My books are discussed in a separate tab.
I continue to lead workshops designed for experienced practitioners on the topics of Sarbanes-Oxley, effective risk management, and building a world-class internal audit function.
I am also working with individiuals and companies, including software vendors, where my knowledge and experience is seen of value.
I am fortunate to have been recognized and made a Fellow by OCEG for my commentary on GRC, and an Honorary Fellow of the Institute of Risk Management for my contribution to the risk management field. I am also pleased to contribute to the profession through my activities in support of the IIA and ISACA, articles in various publications, and membership of periodical review boards (including the Internal Auditor, ISACA Journal, and EDPACS).
Please consider following me on Twitter, where I share daily news and opinion on topics that I hope will be interesting to governance, risk, audit, and other professionals
Please let me know if you are looking for speakers, whether for a conference, chapter meeting, or for your department’s training week. I have spoken recently about:
- Building a risk-based audit plan
- Fundamentals of risk management and how to audit it
- Internal audit 2020
- Audit leadership
- World-class internal auditing
- World-class risk management
- The role of Audit as the last line of defense in managing risk to the organization
- IT audit and how it needs to change
- How disruptive technology should change IT risk management
- Continuous auditing/monitoring
- What is GRC and what does it mean for you?
- The future of information
- Managing risk at the speed of business
- Building a risk culture
- Using technology in your internal audit department
- The GAIT methodology for business and IT risk scoping
- and more
WEBCASTS, PODCASTS, AND VIDEOS
- An interview by Sonia Luna about my SOX book
- Norman Marks Discusses Strategies for Operationalizing Risk Management
- Auditing Risk Management
- Auditing and Assessing IT Governance
- Providing Assurance over Risk Management
- Internal Audit’s Role in SOX
- Internal Audit’s Role in Governance
- Protect and Grow Shareholder Value with Best Practices and Effective Tools
I am passionate about internal audit, risk management, governance, and the topic of GRC. If you are interested in conversation and discussion, please feel free to contact me.
I am also somewhat of a mentor, giving back to the profession, so if you have a tough situation and want to talk – contact me.
Finally, I am open to opportunities such as serving on a board, if there is a need for an experienced practitioner and thought leader around internal audit, risk management, etc.