The perfect internal auditor
What makes an internal auditor perfect? I share a piece from a decade or two again and ask how expectations have changed, especially given changes in technology. Feb. 7, 2012
Comments:
3
Rank:
21883
Page Views:
84 (Stats updated nightly)
Blog posts about internal audit and risk management
If you are interested in risk management and/or internal audit, you might be interested in these posts. They were the most popular of my posts on the Internal Auditor (IIA) Online web site last year.
If you are interested only in discussions around GRC, have a look at #13 which includes commentary on what the term should mean to executives, practitioners, and others. Jan. 31, 2012
Comments:
0
Rank:
21997
Page Views:
67 (Stats updated nightly)
A more radical view of what the Audit Committee should worry about in 2012
What should be on the audit committee agenda in the new year? Do we stay with the traditional set of questions, or should we take a more strategic view - such as the adequacy of information, the maturity of risk management, the quality of the external auditor, the adequacy of enterprise systems, etc? Jan. 22, 2012
Comments:
0
Rank:
22057
Page Views:
58 (Stats updated nightly)
Integrating business planning, performance management, and risk management
An article about integrated business planning and performance management talks about surprises but fails to mention risk management. Don't you need to integrate risk management if you are to optimize performance? Jan. 16, 2012
Comments:
0
Rank:
21710
Page Views:
111 (Stats updated nightly)
How to assess the effectiveness of internal control
The new draft internal control framework from COSO includes guidance on how to assess whether the system of internal control is effective. In this post, I summarize what the document says. I then ask your views on whether you agree with this way of assessing the adequacy of internal control.
Why is this important? The COSO framework is globally accepted and affects every risk, control, assurance, and governance professional. Jan. 10, 2012
Comments:
2
Rank:
22011
Page Views:
64 (Stats updated nightly)
Normans most popular 2011 posts on GRC, risk management, audit, and more
Jan. 5, 2012
Comments:
5
Rank:
20952
Page Views:
266 (Stats updated nightly)
My governance, risk, and assurance wish list for 2012
Jan. 2, 2012
Comments:
6
Rank:
21934
Page Views:
72 (Stats updated nightly)
Mobile will brings both risks and opportunities. Is your companys strategy optimized?
Nov. 26, 2011
Comments:
0
Rank:
21334
Page Views:
184 (Stats updated nightly)
What's the cost of a data breach? New study provides insights
Nov. 10, 2011
Comments:
0
Rank:
21803
Page Views:
93 (Stats updated nightly)
PwC Global Information Security Study
Oct. 21, 2011
Comments:
0
Rank:
21517
Page Views:
143 (Stats updated nightly)
Survey results: how people define GRC
Oct. 8, 2011
Comments:
0
Rank:
21178
Page Views:
219 (Stats updated nightly)
Protiviti study on IT auditing raises more questions than it answers
Oct. 7, 2011
Comments:
0
Rank:
21889
Page Views:
80 (Stats updated nightly)
Maybe its time to change your approach to information security
Sep. 12, 2011
Comments:
0
Rank:
20295
Page Views:
372 (Stats updated nightly)
Shining the spotlight on mobile risks and opportunities
Sep. 9, 2011
Comments:
1
Rank:
20369
Page Views:
360 (Stats updated nightly)
Study reports on the Benefits of Continuous Monitoring
Aug. 26, 2011
Comments:
0
Rank:
20654
Page Views:
318 (Stats updated nightly)
Protiviti suggests Refocusing the Internal Audit Agenda
Aug. 18, 2011
Comments:
0
Rank:
20576
Page Views:
328 (Stats updated nightly)
Risk management is not a quarterly exercise; it should be a way of life
Aug. 10, 2011
Comments:
0
Rank:
20326
Page Views:
367 (Stats updated nightly)
The solutions I would buy for GRC
Aug. 4, 2011
Comments:
0
Rank:
20620
Page Views:
322 (Stats updated nightly)
Is there a proven link between corporate governance, ratings, and corporate performance?
Jul. 23, 2011
Comments:
0
Rank:
20475
Page Views:
345 (Stats updated nightly)
PwC has sound advice on Continuous Auditing
Jul. 23, 2011
Comments:
0
Rank:
20044
Page Views:
409 (Stats updated nightly)
Facts, risks, and opportunities: The explosion of data about us and our companies
Jul. 18, 2011
Comments:
0
Rank:
20425
Page Views:
353 (Stats updated nightly)
Accenture 2011 Global Risk Management Study: Important, startling, but deceiving results
Jul. 9, 2011
Comments:
5
Rank:
20298
Page Views:
371 (Stats updated nightly)
RIMS report on ERM standards and guidelines: a recommended read
Jun. 27, 2011
Comments:
0
Rank:
20212
Page Views:
385 (Stats updated nightly)
UK Bribery Act - free session in London
Jun. 9, 2011
Comments:
1
Rank:
20403
Page Views:
355 (Stats updated nightly)
Are you worried about SOD and other user/IT access issues?
May. 31, 2011
Comments:
0
Rank:
20129
Page Views:
399 (Stats updated nightly)
KPMG reports major problems in how risk management is understood and practiced
KPMG reports major problems in how risk management is understood and practiced May. 27, 2011
Comments:
2
Rank:
19564
Page Views:
475 (Stats updated nightly)
Continuous monitoring of controls is not the same as inspecting the integrity of transactions
May. 11, 2011
Comments:
0
Rank:
20239
Page Views:
381 (Stats updated nightly)
Shedding New Light on Governance, Risk and Compliance (GRC)
May. 5, 2011
Comments:
0
Rank:
20027
Page Views:
412 (Stats updated nightly)
Just what is risk appetite and how does it differ from risk tolerance?
Apr. 27, 2011
Comments:
0
Rank:
20083
Page Views:
404 (Stats updated nightly)
The essential ingredient to effective risk management: the culture
Apr. 27, 2011
Comments:
0
Rank:
20131
Page Views:
398 (Stats updated nightly)
Theres a ton of interesting content in Deloittes Tech Trends 2011
Apr. 11, 2011
Comments:
5
Rank:
18694
Page Views:
582 (Stats updated nightly)
Protivitis Jim DeLoach provides insights into risk management
Apr. 11, 2011
Comments:
1
Rank:
19886
Page Views:
435 (Stats updated nightly)
CFO.com discusses the growth of ERM adoption
Is the need for ERM recognized? Is it growing in practice? Apr. 8, 2011
Comments:
1
Rank:
20005
Page Views:
417 (Stats updated nightly)
Measuring the Maturity of Risk Management
Risk management maturity models Mar. 29, 2011
Comments:
2
Rank:
19689
Page Views:
460 (Stats updated nightly)
Making mistakes and poor decisions because of old risk information
Mar. 22, 2011
Comments:
0
Rank:
19300
Page Views:
510 (Stats updated nightly)
What do they say about the latest release of SAPs solutions for GRC?
SAP releases new version of its solutions for GRC processes, 10.0 Mar. 22, 2011
Comments:
0
Rank:
19160
Page Views:
526 (Stats updated nightly)
The risk of incompetent investigations
Mar. 14, 2011
Comments:
1
Rank:
19507
Page Views:
483 (Stats updated nightly)
New Business Analytics Blog for Practitioners and Consultants (covering GRC, BI, and more)
Mar. 4, 2011
Comments:
0
Rank:
19708
Page Views:
457 (Stats updated nightly)
Which came first, strategy or risk: which is the chicken and which is the egg?
Mar. 2, 2011
Comments:
0
Rank:
19056
Page Views:
536 (Stats updated nightly)
Essential reading for all members of the board and CEOs, CIOs, CAEs, and General Counsel
Feb. 27, 2011
Comments:
0
Rank:
19633
Page Views:
468 (Stats updated nightly)
Board members use social media so why not you?
Feb. 25, 2011
Comments:
3
Rank:
18461
Page Views:
619 (Stats updated nightly)
10 reasons not to like the COSO ERM framework a discussion with Grant Purdy
Feb. 21, 2011
Comments:
0
Rank:
19347
Page Views:
503 (Stats updated nightly)
A radical thought about governance
Feb. 17, 2011
Comments:
4
Rank:
18936
Page Views:
550 (Stats updated nightly)
Protiviti provides sound insights into risk management failures
Feb. 15, 2011
Comments:
0
Rank:
19353
Page Views:
502 (Stats updated nightly)
Report from Davos includes fascinating discussion of governance and risk issues
Feb. 15, 2011
Comments:
1
Rank:
19197
Page Views:
521 (Stats updated nightly)
The most-viewed posts on Norman Marks IIA Blog
Feb. 11, 2011
Comments:
9
Rank:
17910
Page Views:
702 (Stats updated nightly)
The GRC Survey: The results are in
Feb. 1, 2011
Comments:
0
Rank:
18501
Page Views:
613 (Stats updated nightly)
Continuous auditing: putting theory into practice
Continuous auditing presents an opportunity for internal audit to move to the next level of service and value to its stakeholders: providing assurance when they need it. Jan. 28, 2011
Comments:
0
Rank:
16615
Page Views:
900 (Stats updated nightly)
A new study on Effective GRC Management: Positioning your company for growth
The Aberdeen Group has released a new report on GRC and its value. I discuss the results in this post. Jan. 25, 2011
Comments:
0
Rank:
16773
Page Views:
874 (Stats updated nightly)
COSO releases two new guides on risk management
COSO has issued to new 'thought leadership papers'. How valuable are they? Jan. 17, 2011
Comments:
0
Rank:
18343
Page Views:
637 (Stats updated nightly)
Top risks to watch in 2011
What are the top risks to watch in 2011? I share my list and a report from the World Economic Forum Jan. 17, 2011
Comments:
1
Rank:
17055
Page Views:
831 (Stats updated nightly)
Reflections on GRC in 2010
This year has been one of both progress and frustration when it comes to GRC. While there is a lot to cheer about, and hope for 2011, irritants and obstacles continue. I share my thoughts here. Dec. 14, 2010
Comments:
0
Rank:
17536
Page Views:
761 (Stats updated nightly)
Major challenges for risk management
I was recently interviewed to promote an ERM conference. I was asked a number of questions about risk management and share my answers. Do you agree? Dec. 14, 2010
Comments:
0
Rank:
17947
Page Views:
695 (Stats updated nightly)
One size fits all for ERM?
Does every organization need a risk management function to the same extent? Does the auditor of ERM use the same standard? Nov. 25, 2010
Comments:
0
Rank:
17811
Page Views:
718 (Stats updated nightly)
Do you need help assessing the value of software for GRC?
Are you considering acquiring software to help with your GRC processes? SAP has developed some tools to help, reflecting customer experience with a variety of the products. Nov. 22, 2010
Comments:
0
Rank:
15730
Page Views:
1056 (Stats updated nightly)
Is there value in the concept of GRC?
Nov. 19, 2010
Comments:
0
Rank:
17660
Page Views:
741 (Stats updated nightly)
Building the case for ERM
Exdecutives haven't bought into the value of risk management. This blog suggests the source of the problem and a solution. Oct. 28, 2010
Comments:
0
Rank:
17556
Page Views:
758 (Stats updated nightly)
Is the term GRC just hype? Join an active debate
Is the term "GRC" hype, used by consultants and software vendors to sell services and products? Sep. 22, 2010
Comments:
7
Rank:
14858
Page Views:
1230 (Stats updated nightly)
The heart of GRC - so misunderstood!
The term "GRC" is broadly misunderstood. Its not about the former Versa product (SAP BusinessObjects Access Control). Its also not just about risk and compliance.
Learn more here. Jun. 17, 2010
Comments:
0
Rank:
15176
Page Views:
1168 (Stats updated nightly)
How does SAP enable world-class GRC processes?
What is GRC, what are GRC processes, and how does SAP help customers build world-class GRC processes? Jun. 1, 2010
Comments:
0
Rank:
15168
Page Views:
1169 (Stats updated nightly)
Two new reports question the effectiveness of risk management practices
Two new reports provide different perspectives on the effectiveness of risk management - leading to major questions. Join the discussion Apr. 17, 2010
Comments:
1
Rank:
15618
Page Views:
1079 (Stats updated nightly)
Where is the value when you integrated solutions for GRC?
Do you integrate GRC solutions with each other, or with the ERP, or with both? Apr. 17, 2010
Comments:
2
Rank:
15568
Page Views:
1087 (Stats updated nightly)
Risk-based Continuous Monitoring/Auditing Developments
New developments in the area of continuous auditing/monitoring, or CCM are discussed Apr. 5, 2010
Comments:
0
Rank:
15512
Page Views:
1099 (Stats updated nightly)
Protiviti tools enhance ROI for Access Control and Process Control
New Protiviti tools enhance ROI for Access Control and Process Control Mar. 19, 2010
Comments:
0
Rank:
15645
Page Views:
1072 (Stats updated nightly)
Success Stories as Customers Implement Solutions for GRC
Three customers talk about their successful use of SAP BusinessObjects solutions for GRC Mar. 19, 2010
Comments:
0
Rank:
15266
Page Views:
1152 (Stats updated nightly)
Can you believe all claims by software vendors?
Can you believe all the claims by vendors of GRC software? Mar. 11, 2010
Comments:
4
Rank:
14829
Page Views:
1238 (Stats updated nightly)
Continuous controls monitoring grossly misunderstood!
A new acronym is creeping into the GRC vocabulary: CCM/T. Does it make sense? Mar. 3, 2010
Comments:
1
Rank:
14992
Page Views:
1203 (Stats updated nightly)
Selecting the right GRC solution for your organization
Feb. 9, 2010
Comments:
1
Rank:
14581
Page Views:
1293 (Stats updated nightly)
Food for Thought on Risk Appetite
An interesting discussion on risk appetite Feb. 9, 2010
Comments:
1
Rank:
15031
Page Views:
1197 (Stats updated nightly)
Is GRC just about Risk, or is it more?
Does the fact that there is no shared definition of GRC cause confusion in the marketplace? A conversation between Eric Krell of Business Finance, and Norman Marks of SAP. Jan. 26, 2010
Comments:
0
Rank:
14853
Page Views:
1231 (Stats updated nightly)
New GRC discussions
New discussions on What is GRC, Continuous Monitoring/Auditing, and linking Risk and Strategy Jan. 16, 2010
Comments:
0
Rank:
14393
Page Views:
1331 (Stats updated nightly)
We all have lessons to learn from the Heartland data breach whether board member, executive, or professional
IT professionals, board members, executives, and auditors: the major data breach at Heartland is an opportunity to learn. Reliance on compliance audits may be misplaced. Sep. 2, 2009
Comments:
0
Rank:
13232
Page Views:
1564 (Stats updated nightly)
Seminar on continuous monitoring and auditing
A seminar on continuous auditing and monitoring will be help in Singapore on October 9th Aug. 26, 2009
Comments:
0
Rank:
14070
Page Views:
1398 (Stats updated nightly)
S&P Publishes Status Report on ERM and Credit Ratings Project
Standard and Poor's, a major credit rating agency, is assessing listed companies' risk management processes. They have published an interim report. Aug. 10, 2009
Comments:
0
Rank:
14285
Page Views:
1355 (Stats updated nightly)
Integrating risk management and automated controls
The value of a top-down and risk-based approach to testing controls. Jul. 10, 2009
Comments:
1
Rank:
13763
Page Views:
1461 (Stats updated nightly)
The Current State of Internal Auditing
EDPACS, a journal for IT audit and security professionals, has published an opinion piece by Norman Marks, SAP BusinessObjects, and Jay Taylor, GM on the state of the profession of internal auditing. Jul. 2, 2009
Comments:
6
Rank:
13021
Page Views:
1613 (Stats updated nightly)
The value of SAP BusinessObjects Process Control a personal view
Jun. 15, 2009
Comments:
0
Rank:
13748
Page Views:
1461 (Stats updated nightly)
The next evolution of internal auditing, beyond continuous auditing
SAP BusinessObjects releases new paper on taking internal audit beyond continuous auditing May. 6, 2009
Comments:
4
Rank:
12977
Page Views:
1622 (Stats updated nightly)
GRC application fragmentation
Why so much talk about GRC process and department convergence, but so little about the problem of GRC application fragmentation? May. 1, 2009
Comments:
6
Rank:
10158
Page Views:
2471 (Stats updated nightly)
Internal auditing software
Internal auditing software Apr. 9, 2009
Comments:
2
Rank:
11988
Page Views:
1879 (Stats updated nightly)
Isn't it time for risk management?
The OECD has concluded that one of the main causes of the financial crisis was a failure of risk management at many companies. Isn't now the time to put a process and system in place? Apr. 1, 2009
Comments:
1
Rank:
11430
Page Views:
2037 (Stats updated nightly)