Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.

Companies Share Success Stories After Implementing Solutions for GRC

Posted on Mar 18, 2010

This week, my company, SAP, hosted a roundtable where three executives talked about the successful implementation of solutions for governance, risk, and compliance (GRC) at their companies and answered questions from media. The technology that these companies used was from SAP, but other vendors have products that would have produced similar results.

continue reading...

Lehman and E&Y: The Examiner's Report Sparks a Flurry of Issues and Questions

Posted on Mar 15, 2010

If you haven’t already read at least the executive summary of the bank examiner’s report regarding Lehman Brothers' demise, you should. A New York Times story covers some of the main points and contains links to the 2,200-page document.

continue reading...

Updating IIA Guidance on Continuous Auditing/Monitoring

Posted on Mar 8, 2010

Peter Millar (of ACL Services) is leading a small team (Brad Ames of HP and myself) in a project to update the Global Technology Audit Guide (GTAG) on Continuous Auditing. This is a routine update, such as we go through for all IIA guidance, but it provides the opportunity to upgrade the current guidance.

continue reading...

My Ideal Internal Audit Department

Posted on Mar 3, 2010

How about these as attributes of an ideal internal audit department?

continue reading...

What Is Assurance? Does Your Department Provide It?

Posted on Mar 1, 2010

I want to take two views in answering this question — the first is from day-to-day living, and the second is from The IIA's International Standards for the Professional Practice of Internal Auditing (Standards).

continue reading...

Please Provide Comments on the IIA Standards

Posted on Feb 20, 2010

The IIA has asked for input on the International Standards for the Professional Practice of Internal Auditing (Standards). You can access information here. I strongly support this initiative and ask that you provide your comments. 
continue reading...

King III: A Great Step for Corporate Governance?

Posted on Feb 19, 2010

Last year, the Institute of Directors in South Africa published the King Code of Governance for South Africa 2009 (King III). It is effective July 1, 2010. In my opinion, it was one of the most important advances in corporate governance in years. I am pleased that one of the contributors was IIA–South Africa.

continue reading...

What Is the Best Framework for Governance?

Posted on Feb 15, 2010

A reader asked me for a source of guidance on best governance practices, which she wanted for her U.S. company. Before I discuss how I answered, it is worth considering the plethora of frameworks and guidance.

continue reading...

Food for Thought on Risk Appetite

Posted on Feb 2, 2010

A friend of mine, Richard Anderson, has released a new paper on the topic of risk appetite. Richard is an expert on risk management, especially compared to me. True, I have implemented risk management at one company, run it at another, and assessed risks for management for many years as chief audit executive. But Richard not only has greater experience and insight but has been involved in major risk thought leadership for a long time. For example, he quotes from the BS31100 standard, which he developed, as defining risk appetite as the “amount and type of risk that an organization is prepared to seek, accept, or tolerate.”

continue reading...

Another Source of Information on Governance, Risk Management, and Internal Auditing

Posted on Feb 1, 2010

I appreciate the number of people who have taken the time to visit and read my comments on governance. Quite a few have gone to the next level and shared their insights and perspectives with the community, enriching the discussion.

continue reading...