Norman Marks
Blog
Actions
Media Outlet details
| Scope | National |
|---|---|
| Language | English |
| Country | United States of America |
|
Similarweb UVM |
Request pricing |
|
Comscore UVM |
Request pricing |
Recent Articles
Search ArticlesWe are political animals
As babies (and perhaps even earlier) we kick and scream to get what we want. We reward those who please us with smiles and laughs. Later, our parents teach us with “do this to get a carrot” and “if you do that you will get a stick”. We use politics to get our way. OK, maybe that is not the way some define and use the word, primarily in government. It is not how Aristotle used the word when he described us as political animals.
How should you audit Enterprise Risk Management?
Before addressing HOW to audit Enterprise Risk Management (ERM) we need to consider WHY you should audit it. WHAT is effective ERM? I will tell you first that it is not just the periodic review of a list of risks.
Last week’s post, where I covered Richard Chambers’ blog post about the cost of internal audits, got a lot of attention. I agreed for the most part with Richard, but this week he and I are not aligned.
The release of the IIA’s updated Quality Assessment Manual made me think about the differences and the stresses between: Quality Conformance (a.k.a. compliance) Efficiency Effectiveness The IIA says: For the first time, The IIA’s Quality Assessment Manual is authoritative IIA Global Guidance in this 2024 edition. The manual now incorporates the requirements of the 2024 Global Internal Audit Standards that will be effective for quality assessments beginning January 9, 2025.
The CRO as the Navigator of the Business
Michael Rasmussen and I friends both in real life and on Facebook (which is not always the case). I met him through OCEG (which I recommend as they have some excellent resources) where we were two of the first three OCEG Fellows. (The other one was Brian Barnier. I recommend following both of them.) Michael posted a photo on FB from a class he was leading.
Excellent authoritative guidance for internal auditors
I am talking about the Chartered Institute of Internal Auditors’ (CIIA) Internal Audit Code of Practice. It was released today, and I strongly encourage everybody to read and consider it, not only in the UK, but around the world. You can read the Press Release here when it is posted later today or tomorrow. Is it perfect? No. As usual I can see areas for improvement. But they are relatively small and the Code is a serious and very significant upgrade (sorry IIA) to GIAS.
A risk “quant” speaks out against qualitative risk assessments, and explains very useful tools
I am privileged to call Alexei Sidorenko “friend”. I first met him when he invited me to come to Moscow and speak at a risk management conference he organized, He is an experienced and insightful risk practitioner and CRO whose thoughts I listen to and recommend you do the same. Recently he shared his opinion and advice on his Risk Academy blog, Quant models overthrow traditional risk management: embrace or perish? It’s an odd title, but the content is interesting.
Are you an effective leader?
Home > Risk > Are you an effective leader? Are you an effective leader? One of my tests of a leader, perhaps the most important, is whether people are willing (if not eager) to follow them. Being the titular head with staff reporting to you doesn’t make you a leader. It may make you a boss, but not a leader. History is rife with stories of soldiers who killed their officer. There’s even a name for it: fragging.
A good kind of lazy auditor
My congratulations to David Dufek for his recent article for the IIA’s Internal Auditor magazine, Building a Better Auditor: Be Lazier. He makes several excellent points, but misses one: it can take hard work to be what he calls “the good kind of lazy”. He says, and I agree with him: Being the good kind of lazy doesn’t compromise your responsibility — and can boost performance. This is the central theme: Auditing too much or too often can lead to diminishing returns.
An open letter about the definition of risk
a. Risk management creates and protects value. Risk management contributes to the demonstrable achievement of objectives and improvement of performance in, for example, human health and safety, security, legal and regulatory compliance, public acceptance, environmental protection, product quality, project management, efficiency in operations, governance and reputation. b. Risk management is an integral part of all organizational processes.