Risk Audit & Control in a Social Media World
Hosted by:Accounting TodayOctober 29, 2013
This is a presentation that was broadcast to more than 400 accounting professionals. The recording is available from Accounting Today.
If you would like to help with our survey and share your views go to: https://www.surveymonkey.com/s/FQWN5Z3
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Cch social media risk audit control october 29, 2013
1. 10/30/2013
Welcome to Today’s Web Seminar!
October 29, 2013
2:00 PM ET
Sponsored by:
Hosted by:
Moderator: Dan Hood
Editor-in-Chief of Accounting Today
Dan Hood has been with the publication for
over a decade, previously serving as
managing editor. He has also served as a
business editor for the New York Daily
News Express, and as a production editor
for The Wall Street Journal Europe.
1
2. 10/30/2013
Introductions:
Jim Kaplan, CIA and CFE, AuditNet®
Internet for auditors pioneer who has been using
social media to network with other professionals
and build the oldest Internet community for
professional auditors.
http://www.auditnet.org/
Turning Information into Action
Risk Audit and Control in a Social Media World
SourceMedia, Inc. is pleased to be able to offer CPE for this web session. It is imperative
that you adhere to the following instructions to obtain CPE credit:
1. To receive credit, you must be in attendance for a minimum of 50 minutes.
AccountingToday is not responsible for late arrivals or connections issues.
2. There will be required polling questions asked periodically throughout the session, all
of which you must answer. Please remember to click “Submit” after choosing your
answer.
3. If you have completed the above, please allow up to five business days from date of
today’s session, to receive an email from sourcemedia@webinarcerts.com. This email
will contain instructions on how you can download and print your CPE Certificate.
Please note CPE Certificates will ONLY be sent to those attendees who stayed for at least
50 minutes and answered all required polling questions. Please email any certificate
questions to sourcemedia@webinarcerts.com.
SourceMedia Inc. is registered with the National Association of State Boards of Accountancy (NA SBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors.
State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE
Sponsors, 150 Fourth Avenue North, Nashville, TN, 37219-2417 or by visiting the web site: www.nasba.org.
2
3. 10/30/2013
Risk Audit &
Control in a
Social Media
World
Hosted by:
Accounting Today
October 29, 2013
Agenda
Social/professional networking
Risks associated with social media for networking
Auditor’s role in the social media life cycle.
Best practices for using social media.
Leveraging social media for professional networking and benefits
If we build it …
Closing and questions
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
3
4. 10/30/2013
Social Networking Defined
What is a social network?
An online community of people with a common interest who use a Web
site or other technologies to communicate with each other and share
information, resources, etc.: a business-oriented social network.
Important clarification – business oriented rather than personal
Need to understand the primary orientation of the Network to focus on
professional relationships
Network
Orientation
Business Use
Business
High
Mixed
Medium
Mixed
Limited
Mixed
Medium
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
Social Media Defined
What is Social Media?
Web- and mobile-based technologies used to disseminate information
and solicit feedback on a real-time basis which are used to turn
communication into interactive dialogue among organizations,
communities, and individuals
A group of Internet-based applications that build on the ideological and
technological information of Web 2.0… allows for the creation and
exchange of user-generated content
Social media expedites conversation in contrast to traditional media,
which delivers content but doesn't allow readers/viewers/listeners to
participate in the creation or development of the content.
Example of social media include internet forums, weblogs, social blogs,
microblogging, wikis, social networks, podcasts
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
4
5. 10/30/2013
Professional Networking in the Digital Age
Online networking sites have become increasingly popular. These
resources allow participants to quickly and easily expand their circle of
contacts, share information and keep abreast of industry trends.
Executives involved in hiring decisions also are finding these online
communities to be a valuable tool. According to a survey by
Accountemps®, nearly two-thirds (62 percent) of executives interviewed
said professional networking sites, such as LinkedIn, will prove useful in
the search for job candidates in the next few years. And one in three (35
percent) cited social networking sites such as Facebook as a recruiting
resource they plan to tap.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
Why is it so popular?
Community - allows people to join together based on common interests and
values.
Transparent – when used properly it can project authenticity
Engaging – communication channel opening dialogues with many individuals
Borderless – the world is flattening and we are no longer restricted to
connecting with only those who are close
Creative – fosters innovation and expression
The Pew Research Center found that’s the “major reason” given by six of every
10 users of Facebook, Twitter or LinkedIn. And half of the people surveyed said
the ability to reconnect with old friends played a “significant role” in using
social networking.
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
5
6. 10/30/2013
Polling Question #1
Social Media Options
LinkedIn
Facebook
Twitter
YouTube
Blogs
Discussion Forums
According to survey by CEO.com - Social media will become one of the
two most important forms of engagement with employees and
customers, second only to face to face interactions.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
6
7. 10/30/2013
Social Media Risks
The Biggest Social Media Risk: Not Paying Attention to
Social Media according to major corporate executives
March 20, 2012
Social Media and Cloud Computing Top Internal Auditors' Technology Hot
List, According to New Protiviti Research
Social media and cloud computing are top concerns – Internal audit executives and
professionals recognize they must have superior knowledge and understanding of these
areas and their inherent risks, and how their organizations are leveraging as well as
controlling them, in order to perform their jobs at a high level and add value to the
organizations they serve.
- Protiviti 2012 Internal Audit Capabilities and Needs Survey
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
Social Media Risks
As the use of social media continues to grow, so too does the
risk of fraud involving social media.
- Social Media and its associated risk – Grant Thornton and FERF
Prioritized concerns from a survey
conducted by Grant Thornton and FERF
1. Disclosure of proprietary information
2. Negative comments about the company
3. Exposure of personally identifiable
information
4. Fraud
5. Out of date information
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
7
8. 10/30/2013
Social Media Risks and Controls
Risks
•
Employees or non-employees creating a social media page representing your
company without management/IT consent or approval
•
Trade secrets or other business secrets being inadvertently or even deliberately
shared
•
Dissatisfied customers or disgruntled employees voicing their opinions freely
•
Viruses, spyware and network vulnerabilities occurring due to the interactivity and
open nature of social media architecture
Controls
•
The extent to which social media will be officially sanctioned by the organization
•
Who is allowed to use the social media sites
•
How users gain approval to use the social media sites
•
Standards/policy of social media use inside and outside of the workplace
•
Brand monitoring and legal involvement
•
How to report false pages
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
Internal Audit’s Role
Social media is now embedded in our personal and business culture and auditors need
to know the what the risks and controls are, how to audit this new communication
tool and also how to adapt it for use within the audit environment.
Jim Kaplan, AuditNet®
Internal audit’s role in social media may include the following:
•
Understand how social media is being used within the organization
•
Review social media policies
•
Understand the potential risks of social media
•
Conduct a social media risk assessment
•
Ensure that controls are in place to address social media risks
Review and monitor compliance with implemented processes
Assess implemented controls
•
Records retention issue
Internal audit should NOT be developing business processes that mitigate risk
•
Why?
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
8
9. 10/30/2013
Polling Question #2
Social Media Audit Objectives and Scope
Objective—The objective of the social media audit/assurance review is to
provide management with an independent assessment relating to the
effectiveness of controls over the enterprise’s social media policies and
processes.
Scope—The review will focus on governance, policies, procedures, training
and awareness functions related to social media. Specifically, it will address:
•
People—training and awareness
•
Processes
•
Strategy and governance—policies and frameworks
•
Technology
The selection of the social media projects and initiatives will be based
on the risks introduced to the enterprise by these systems.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
9
10. 10/30/2013
Social Media Audit Program Sample Steps
•
Social Media Audit Program — Should be a comprehensively written program to detect,
implement, and monitor compliance with the laws and regulations that impact the
various components of social media. It should provide written procedures to ensure
compliance.
•
Identification of inappropriateness with social media channels and non-compliance
with the Social Media Policy — The company should clearly identify what is acceptable
and what is not acceptable, based on a risk assessment and the outlined rules and
specifications of the Social Media Audit Program.
•
Prior examination/audit findings — If weaknesses were previously cited in the
company’s social media examination or audit that may impact the company’s social
media program, has management taken appropriate steps to institute corrective actions?
•
Training program(s) — Training should be tailored to address all employees. Incident
response — A formal review should be made of all alleged and/or actual incidents and
how the company handled the incident.
•
Internal audit and annual reports — Management should regularly report on its
responsiveness to cited weaknesses in the social media program.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
Social Media Best Practices
1. Designate a social media champion in your department or firm to
monitor and leverage networking capabilities
2. Integrate social media into audit projects and planning.
3. Respond within minutes or hours (not days) to any comments on social
media about customer service. You need to track your firm or
organization to do this
4. Tell a continual story through social media – there should be a trend
and voice to your efforts.
5. Measure and Analyze everything. If you can’t measure it you can’t
manage it.
6. Stay educated and connected to social media – the wave is here and
you don’t want to get left behind when it hits your organization.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
10
11. 10/30/2013
Professionals and Social Networking
10 Reasons for auditors to use social networking tools
1.
Network with other auditors for advice on issues
2.
Get answers to audit technology questions and issues
3.
Benchmark best practices
4.
Share (reports, programs, issues)
5.
Share methodologies
6.
Foster one to one and one to many communications/discussions1
7.
Research audit and technology issues using advanced search skills1
8.
Establish a dialogue with your professional network1
9.
Establish knowledge feeds1
10.
Gain knowledge for risk, control and audit of social media
Auditors need to be plugged into social networks to stay current with
professional issues and the latest tools and technologies!
Jim Kaplan
1
core competency for digital literacy
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
The Best Social Media Apps for Auditors
The most powerful and comprehensive Audit Tool for
Google Apps - Scan, control and secure all Sites, Docs,
Groups, Calendars and Users giving you more security
over the data that you own. If you have not installed
this tool - you don't know what you're missing.
This easy to use report program can scan all sites,
documents, email groups and calendars at your
domain and show you exactly who has access to your
information. For domain admins it is an essential
Audit tool allowing you to show management and
auditors exactly who has access to what.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
11
12. 10/30/2013
Guidance and Publications
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Adding Value for Audit
So how can auditors use social networking to add value to the audit
function?
1.
Networking with other auditors for advice on issues
2.
Getting answers to technology questions
3.
Fostering communication through discussions and
4.
Benchmarking
5.
Sharing (reports, programs, issues)
6.
Sharing methodologies
7.
Receiving knowledge feeds on training, conferences and other CPE
opportunities
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
12
13. 10/30/2013
Leveraging Social Media for Audit
Connect
Share
Build
Network
The
Missing
Link is You
Contribute
Explore
Educate
Research
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
Polling Question #3
13
14. 10/30/2013
Stay Connected
Auditing is an information-intensive,
complex profession. Many issues require
auditors to keep up to date on rules and
regulations, and auditing procedures can
be difficult to master.
Joining a social network facilitates your
ability to stay on top of news and trends,
to ask questions and receive answers and
to share knowledge with peers.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
Share Knowledge
Many specializations of auditing require very
high levels of knowledge.
Joining a network allows you to find other
specialists in your field who can help you
learn more. Or if you are an expert at what
you do, joining a network gives you a
platform to become more recognized for
your own expertise.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
14
15. 10/30/2013
Solve Problems
Tracking down the answer to an auditing
question can take hours or even days using
standard methods of online and offline
research.
Joining a network hooks you up to a wide
range of colleagues, one of whom is likely to
have the answer you need or who can lead
you to the right person (within a few degrees
of separation), saving you time and money.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
Facilitate Networking
Finding the time to do traditional
networking (meetings, lunches, phone
calls) can be difficult and requires
everyone to be available at the same
time.
In contrast, your online social network
can be accessed at any time. Matching
schedules becomes moot, as connecting
with people and getting information can
be done asynchronously.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
15
16. 10/30/2013
Leverage the Internet
Companies and individuals in today’s world
increasingly seek out leads, customers,
referrals and partners on a national and even
global basis. Business ventures can be
conducted “virtually” through online
connections.
Joining a social network opens the doors to this
new global world, offering opportunities to find
new business, new partners, or to collaborate
with others on projects.
Risk Audit and Control in a Social Media World
Build Relationships
The old methods of persuasion marketing and
hard-sell advertising are shifting. People today
prefer to build relationships with the companies
they do business with.
Joining a social network gives you the capability
to form relationships with potential clients and
colleagues. Many large accounting and auditing
firms already recognize this and are establishing a
presence on social networks where they offer free
workshops and answer questions to demonstrate
their expertise and build trust.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
16
17. 10/30/2013
Synergy and Value
Social networking is already the accepted
form of connecting with others for the
‘Millennial’ generation of young auditors
entering the workforce. As social networks
become increasingly used by them, the stakes
will rise for those who continue to be
reluctant to join.
In other words, if you do not have a presence
on a social network, you will simply lose
ground to those who do.
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
What is Your Response to Social Networking?
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
17
18. 10/30/2013
AuditNet® and Social Networking – or if we build it…
AuditNet® has engaged in social networking for almost 20 years.
Founded on the principle of establishing an online communication
sharing network for auditors
Started sharing audit programs in 1995 and now have more than
2,000 audit program templates
Created a LinkedIn group that has over 7,500 members
http://www.auditnet.org/PAIN.htm
Created a network of more than 125k professional auditors from
221 countries on 5 continents.
Web site average for 6 months since redesign – 131,000 visits with
more than 1 million page views.
Use LinkedIn and Twitter for surveys on audit use of technology
and best practices
Video based training and Training without Travel™ Webinars for
ACL, IDEA, Excel for Auditors, Internal Audit Skills and Detecting
and Preventing Fraud using Data Analytics
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
Q&A Session: Questions
Risk Audit and Control in Social Media World
Risk Audit and Control in aaSocial Media World
18
19. 10/30/2013
For more information …
http://www.auditnet.org
CCH Accounting Research Manager & Audit Resources
http://www.cchgroup.com/arm
Risk Audit and Control in a Social Media World
Real-World Strategies for Effective Document Management
38
19
20. 10/30/2013
SourceMedia, Inc. is pleased to be able to offer CPE for this web session. It is imperative
that you adhere to the following instructions to obtain CPE credit:
1. To receive credit, you must be in attendance for a minimum of 50 minutes.
AccountingToday is not responsible for late arrivals or connections issues.
2. There will be required polling questions asked periodically throughout the session, all
of which you must answer. Please remember to click “Submit” after choosing your
answer.
3. If you have completed the above, please allow up to five business days from date of
today’s session, to receive an email from sourcemedia@webinarcerts.com. This email
will contain instructions on how you can download and print your CPE Certificate.
Please note CPE Certificates will ONLY be sent to those attendees who stayed for at least
50 minutes and answered all required polling questions. Please email any certificate
questions to sourcemedia@webinarcerts.com.
SourceMedia Inc. is registered with the National Association of State Boards of Accountancy (NA SBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors.
State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE
Sponsors, 150 Fourth Avenue North, Nashville, TN, 37219-2417 or by visiting the web site: www.nasba.org.
20