Social media and internal audit: Moving toward the digital enterprise

  • 580 views
Uploaded on

No longer confined to areas of entertainment and life management, social media and social software have become an integral part of the digital business landscape. With more and more users linking, …

No longer confined to areas of entertainment and life management, social media and social software have become an integral part of the digital business landscape. With more and more users linking, liking, friending and following, how can Internal Audit (IA) help assess and mitigate risks associated with social business?

This paper discusses the proactive steps IA can take to help address such growing challenges as:

Brand and reputation damage
Regulatory compliance
Information leakage
Third-party risk
Governance risk

In each of these categories, IA can play a critical role in understanding the potential risks of engaging in social business. IA can also help to monitor and manage threats and strike a balance between risks and opportunities.

For more: http://www.deloitte.com/view/en_US/us/Services/audit-enterprise-risk-services/Internal-Audit-Transformation/24499b17c904e310VgnVCM1000003256f70aRCRD.htm

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
580
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
16
Comments
1
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Social media and the role of Internal Audit Moving toward the Digital Enterprise
  • 2. Copyright © 2014 Deloitte Development LLC. All rights reserved.2 Social media risk landscape Organization People Technology Data Unauthorized disclosure Intellectual property leakage Vulnerabilities Identity theft Brand/ reputation loss Public Unsatisfied constituents Network availability Viruses/ Worms Loss of productivity HR policy violations Social engineering/ impersonation Privacy risk Trademark infringement Loss of control over content Copyright issues Lack of situational awareness Negative publicity False impression/ misguidance
  • 3. Copyright © 2014 Deloitte Development LLC. All rights reserved.3 Social media assessment DiscoverListen Analyze ReportScope Interactively engage job seekers to attract top talent Keeping close tabs on competitive offerings and vulnerabilities Sales Proactively managing issues, crowdsourcing resolution, and escalation of high priority issues Service Engage customers to share messaging and track social sentiment Marketing Human resource management Engaging suppliers and contractors around priorities, exceptions, and “fire-drills” Supply chain Dynamically developing and enhancing products with feedback from customers and employees Product development
  • 4. Copyright © 2014 Deloitte Development LLC. All rights reserved.4 Social media assessment (cont.) DiscoverListen Analyze ReportScope Research Hypothesis Tool selection Gather raw data Insights • Company name • Competitors • Keywords • Industry • Ask questions • Look for information • Seek sources • Speculate • Formulate • Free search tools • Off-the-shelf software packages • Third-party vendors, etc. • Numbers • Charts • Graphs • Lists • Pictures • People • Interesting patterns • Anomalies
  • 5. Copyright © 2014 Deloitte Development LLC. All rights reserved.5 Social media assessment (cont.) DiscoverListen Analyze ReportScope People • Has effective training been delivered to all users? • Do users (including employees) receive regular awareness communications regarding policies and risks? Process/data • Have business processes that utilize social media been reviewed to determine whether they are aligned with policies and standards of the enterprise? • Are content control processes in place to determine whether social communications intended to represent the company are approved before dissemination? Technology • Does IT have a strategy and the supporting capabilities to manage technical risks presented by social media? • Do technical controls and processes adequately support social media policies and standards? • Does the enterprise have an established process to address the risk of unauthorized/fraudulent use of its brand on social media sites?
  • 6. Copyright © 2014 Deloitte Development LLC. All rights reserved.6 Social media assessment (cont.) DiscoverListen Analyze ReportScope Potential risks Legal and regulatory compliance • Disclosure of confidential data • Protection of intellectual property rights, patents, and trademarks • Regulatory noncompliance Security and privacy • Identity theft and social engineering • Technical exploits: Malware, viruses/worms, etc. • Insufficient monitoring capabilities Brand and reputation damage • Bad press • Defamation, unfavorable, or untrue posts • Insufficient monitoring and listening capabilities Social governance and strategy • Lack of policy • Lack of risk oversight • Misalignment of social strategy with strategic vision Employees • Inappropriate use of social media • Distraction/productivity loss • Inadequate training and awareness
  • 7. Copyright © 2014 Deloitte Development LLC. All rights reserved.7 Social media assessment (cont.) DiscoverListen Analyze ReportScope Strategy Risk Management Governance Policies Procedures Audit & Compliance Education Training Awareness Social media governance Strategy – The basis for aligning activities with standards and strategic objectives. Risk Management – Provides for structured management, mitigation, and continuous monitoring of risks. Governance – Sets the policy and process framework to realize opportunities and manage/mitigate risks Audit and Compliance – Ensures adherence to relevant regulations, laws, standards, and internal policies and procedures Training, Education, and Awareness – Ensures employees remain current on new and existing policies and procedures related to social media.
  • 8. Copyright © 2014 Deloitte Development LLC. All rights reserved.8 Social media assessment (cont.) • Identify key internal and external stakeholders • Obtain relevant documents • Define/agree on scope and search criteria • Identify areas of focus • Define search terms • Generate social media research reports • Review raw data and identify patterns, anomalies, and areas for additional focus • Obtain stakeholder feed of “current state” • Review existing security policies, strategies, governance • Review user access to owned social sites • Review regulatory requirements • Aggregate the results using broad themes • Identify prioritized emerging risks and potential impacts • Validate the observations • Collaborate with subject matter specialists and management to stratify emerging risks, potential impact • Develop risk mitigation response strategies • Identify recommendations DiscoverListen Analyze ReportScope
  • 9. Copyright © 2014 Deloitte Development LLC. All rights reserved.9 Contacts Khalid Wasti Director Deloitte & Touche LLP +1 212 436 5156 kwasti@deloitte.com LinkedIn: www.linkedin.com/pub/khalid-wasti/9/1a/537 Tune in to this brief audio/visual presentation at: http://event.on24.com/clients/deloitte/portal/index.html?playlis t=itia&event=730358
  • 10. This publication contains general information only and is based on the experiences and research of Deloitte practitioners. Deloitte is not, by means of this publication, rendering business, financial, investment, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte, its affiliates, and related entities shall not be responsible for any loss sustained by any person who relies on this publication. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting. Copyright © 2014 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited