About Norman
WHO AM I?
I have been a practitioner and thought leader in internal audit, risk management, and governance for a long time.
I have led large and small internal audit departments, been the Chief Risk Officer and Chief Compliance Officer, and managed IT security and governance functions.
I retired in early 2013. However, I still blog, write, train, and speak – and mentor individuals and organizations when I can. You can reach me at nmarks2@yahoo.com.
My books are discussed in a separate tab.
I continue to lead workshops designed for experienced practitioners on the topics of Sarbanes-Oxley, effective risk management, and building a world-class internal audit function.
I am also working with individuals and companies, including software vendors, where my knowledge and experience is seen of value.
I do occasional consulting, but only on projects of a short duration. For example, I have helped organizations upgrade their risk management, internal audit, and SOX programs. But I have turned down opportunities to review risk management at national banks.
I am fortunate to have been recognized and made a Fellow by OCEG for my commentary on GRC, and an Honorary Fellow of the Institute of Risk Management for my contribution to the risk management field. In 2018, I was inducted into the IIA’s American Hall of Distinguished Practitioners. I am also pleased to contribute to the profession through my activities in support of the IIA, articles in various publications, and more.
FOLLOW ME
Please consider following me on Twitter, where I share daily news and opinion on topics that I hope will be interesting to governance, risk, audit, and other professionals
@normanmarks
SPEAKING
Please let me know if you are looking for speakers, whether for a conference, chapter meeting, or for your department’s training week. I have spoken recently about:
- Risk management in plain English
- Making business sense of technology risk
- Fundamentals of risk management and how to audit it
- World-class internal auditing
- World-class risk management
- IT audit and how it needs to change
- How disruptive technology should change IT risk management
- Continuous auditing/monitoring
- What is GRC and what does it mean for you?
- Managing risk at the speed of business
- The GAIT methodology for business and IT risk scoping
- and more
WEBCASTS, PODCASTS, AND VIDEOS
- Communicating with stakeholders (in 3 parts)
- Considering-COSO-2013-From-a-Risk-Perspective
- An interview by Sonia Luna about my SOX book
- Norman Marks Discusses Strategies for Operationalizing Risk Management
- Auditing Risk Management
- Auditing and Assessing IT Governance
- Providing Assurance over Risk Management
- Internal Audit’s Role in SOX
- Internal Audit’s Role in Governance
- Protect and Grow Shareholder Value with Best Practices and Effective Tools
OTHER
I am passionate about internal audit, risk management, governance, and the topic of success. If you are interested in conversation and discussion, please feel free to contact me.
I am also somewhat of a mentor, giving back to the profession, so if you have a tough situation and want to talk – contact me.
Finally, I am open to opportunities such as serving on a board, if there is a need for an experienced practitioner and thought leader around internal audit, risk management, etc.
Share this blog
