LinkedIn, Facebook, Twitter, YouTube – all recognisable names and all part of social media. Many organisations have dismissed it as a fad. However this fast-growing form of communication is here to stay, and it’s critical that organisations understand the inherent risks and benefits, as well as evaluate how well the organization is managing them. The focus of a new book, social media risk is somewhat uncharted territory for internal auditors and was a highly anticipated session topic at The Institute of Internal Auditors’ (IIA’s) General Audit Management (GAM) Conference held in Las Vegas recently.
“Social media is not a fad,” says GAM Conference speaker Peter Scott, APR, co-author of Auditing Social Media: A Governance and Risk Guide, newly published by The IIA Research Foundation (IIARF). “Brands must realize that they are no longer in control of the conversation. While this creates a great opportunity, there are real risks associated.”
“Companies that don’t understand the risks of social media are putting themselves at reputational and regulatory risk,” says Scott. “There are many hidden risks and implications for human resources, customer service, etc.”
Mike Jacka, CIA, CPA, senior audit manager for Farmers Insurance and co-facilitator of the GAM Conference session says that social media is often delegated to junior staff members in an organisation because there is the perception they grasp its value. "In actuality, while they may understand how to deploy the tactics, they lack business acumen and are not privy to the highest levels of knowledge or strategy in their organisation necessary to center social media efforts around business objectives.”
Also considering the subject from CAEs’ perspectives, The IIA’s Audit Executive Center at The Institute of Internal Auditors (IIA) – a new service from The IIA that provides targeted thought-leadership, and resources to audit executives – has released a Knowledge Briefing, Social Media: Risks and Opportunities. The briefing details the results of an August 2010 survey conducted to understand the overall state of social networking in organisations represented by IIA members.
The report finds that 60 percent of organisations that maintain an active social media presence, more than half have a formal (39 percent) or informal (23 percent) social media policy. However, 38 percent do not have a social media policy. Of those organisations with a social media policy, 71 percent do not conduct formal training or promote policy awareness.
“These statistics speak to basic corporate social media governance issues that organisations should address,” said IIA Vice President of North American Services Hal Garyn. “Chief audit executives should ensure there’s proper oversight and management of this highly visible communication channel that can significantly influence the organisation’s reputation.”
Jacka and Scott, who also contributed to the Audit Executive Center Knowledge Briefing, provide nine risks in the briefing to which CAEs should pay attention:
1. Lack of social media strategy
2. Intellectual property issues
3. Inappropriate disclosure of information
4. Compliance with applicable laws
5. Liability issues
6. Human resources issues
7. Lack of, or ineffective, key performance indicators
8. Not having the right social media “evangelists”
9. Not incorporating social media as part of the crisis communications plan
MORE ARTICLES ON SOCIAL MEDIA