WATCH REPLAY: Norman Marks talk about what should risk management be about at #RAW2022

We may talk about risk being the effect of uncertainty on objectives (ISO 31000), but we need to define it a little differently if we are to make risk management something valuable in running the business.

In this session, Norman Marks (a retired CRO and CAE) will share his opinion, that risk management should be about helping people make the business decisions necessary for success.

He will explain that it is difficult to help decision-makers consider the effects of uncertainty (both positive and negative) if you don’t understand what decisions are being made, how they are made, when they are made, and what triggers the need for a decision.

He will talk about the need to provide ‘actionable’ information: information that goes well beyond a list of risks or a heat map, even the quantification of individual risks.



Norman Marks, CPA, CRMA is a retired senior executive. He works with individuals and organizations around the world, advising them on risk management, internal audit, corporate governance, enterprise performance, and the value of information.

Norman was the chief audit executive of major global corporations for twenty years and is a globally-recognized thought leader in the professions of internal auditing and risk management. In addition, he served as chief risk officer, compliance officer, and ethics officer, and led what would now be called the IT governance function (information security, contingency planning, methodologies, standards, etc.) He managed the Sarbanes-Oxley Section 404 (SOX) programs and investigation units at several companies.

He is the author of more than a dozen books, including:

– Auditing at the Speed of Risk with an Agile, Continuous Audit Plan (2022)

– Risk Management for Success (2020)

– Making Business Sense of Technology Risk (2019)

– Risk Management in Plain English: A Guide for Executives (2018)

– World-Class Risk Management (2015)

Norman is a retired member of the review boards of several audit and risk management publications (including the magazines of ISACA and the IIA), a frequent speaker internationally, the author of multiple award-winning articles (receiving the IIA’s Thurston award in 2004 and 2014), and a prolific blogger.

Norman was profiled by the magazines of the AICPA and the IIA as an innovative and successful internal auditing leader. He has also been honored as a Fellow of the Open Compliance and Ethics Group for his GRC thought leadership, and as an Honorary Fellow of the Institute of Risk Management for his contributions to risk management. In 2018, he was inducted into the IIA’s American Hall of Distinguished Practitioners. He sits on a couple of not-for-profit boards.

Norman can be found at:

·        Norman Marks on Governance, Risk Management, and Internal Audit


RISK-ACADEMY offers online courses


Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!


ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.


Advanced Risk Governance

This course gives guidance, motivation, critical information, and practical case studies to move beyond traditional risk governance, helping ensure risk management is not a stand-alone process but a change driver for business.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.