Presentation to Internal Auditors to: communicate effectively with those managing the use of social media when they are conducting an audit; to understand the inherent release of control of information posted in social media; to understand the tools and systems which might be in use to distribute and monitor social media activity; to understand what governance and control means regarding social media when its utility is heavily linked to not being ‘in control".
Independent Call Girl Number in Kurla Mumbai📲 Pooja Nehwal 9892124323 💞 Full ...
Social media governance: How to audit risks and controls
1. Social media
Beyond the risks,
how it can work in organisations
For the Institute of Internal Auditors, Australia
Walter Adamson
GM Victoria, iGo2 Group
walter.adamson@igo2group.com
4 December 2012
2. Objectives of this webinar
To allow Internal Auditors to:
communicate effectively with those managing the use of social
media when they are conducting an audit
to understand the inherent release of control of information posted
in social media
to understand the tools and systems which might be in use to
distribute and monitor social media activity
to understand what governance and control means regarding
social media when its utility is heavily linked to not being ‘in control’
3. Walter Adamson
Set up BHP IS Audit Group
Certified IS Auditor
CIO (Asia Pacific Minerals)
Certified Social Media Strategist (2009)
Linkedin.com/in/adamson
My social web: xeeme.com/walter
@adamson
6. Some key social media facets
formulating policy and strategy through researching
Strategy your brand, customers, partners and competitors
monitoring, collecting and analyzing social data to
Intelligence make informed, agile business and policy decisions
building ‘owned’ social platforms for listening, support,
Communities building, collaborating, content
social business metrics, ROI, policy and guidelines,
Governance processes
7. How to think about social
Elevate your view. Take a look
down from on high:
It’s not about the tools but
about what you want to
achieve
8. Social network fundamentals
Three key issues:
1. N – Network size
2. C – Contribution
3. P – Participation
The behavioural and methodological foundation of success
in social media lays in the NCP Model
9. Social Presence
What is Presence?
Presence is about your voice
being heard
Reach is about increasing the
pathways for your voice to
travel
Influence is about increasing
the impact your voice has on
others.
11. Social Media Policy
Specifically, it should:
Educate employees, then empower them;
Help employees understand and own the risks;
Hold employees accountable;
Address organization social media account “ownership” and hand-
offs when spokespeople leave.
13. Audience poll #2
Do you find social media to be
challenging to audit because it
is changing so fast?
14. Challenge
Simply put, the risk challenge with social is because of its
potential viral and permanent nature.
15. Loss of control
Hashtags become Bashtags
“Dude, I used to work at McDonald’s. The #McDStories I could tell
would raise your hair.” (via Twitter)
“#McDStories I lost 50lbs in 6 months after I quit working and eating
at McDonald’s” (via The Daily Mail)
“These #McDStories never get old, kinda like a box of McDonald’s
10 piece chicken McNuggets left in the sun for a week” (via The LA
Times)
McDonald’s execs recognized the PR disaster in progress and ended
the campaign after two hours. But it was too late. The trending topic
had already gained a life of its own.
16. Good news! There IS a methodology
1.Assess
8.Monitor 2.Strategise
Social
7.Engage Business 3.Create
Framework
6.Share 4.Protect
5.Participate
17. Examine risks by business use case
Recruitment & Retention
Investor relations
Public relations
Marketing / branding
Lead generation
Customer service & complaints
Innovation & product development
Employee relations
Business partner relations
18. Key is to integrate social with business
1. Social strategy which aligns with
business strategy
2. Social business risk which is part
of business risk management and
compliance programs
Regulators ? Advertising Standards
Bureau, ACCC, Australian
Association of National Advertisers
(AANA), ASIC, APRA, etc.
19. Internal audit as a partner
“As advisers, internal audit can
partner with management to
develop a strategy in such a
way that it does not violate
the International Standards for
the Professional Practice of
Internal Auditing. You can’t
even address lower issues
until you’ve really got a
strategy and governance
process in place.”
- Mike Jacka, a senior audit manager with
Farmers Insurance Group (Phoenix).
23. 1. Assess
8.Monitor
2.Strategis
e
6.Share 3.Create
Phase 8 – Monitor
6.Share 4.Protect
5.Participat
Monitoring tools and services
e
decided
Keyword and location searches
Competitor tracking
Brand tracking
Key measures agreed
Integration in place
Workflow and escalation processes
defined
Mobile considered
24. Monitoring fundamentals
Be aware that tools have 3 parts:
1. Social data sourcing
2. Data processing and analysis
3. Reporting and insight delivery
25. Does Listening support governance?
Does the listening platform
support governance rules and
roles and workflow?
If it can’t exceptions are created.
28. GOVERNANCE AND CONTROL
What would it mean to you if you could assure your
organisation that social media was well controlled?
29. Social Media “Marketing” Has Caused
Internal Business Challenges
EMPLOYEES EXPANDING
Inappropriate use of social media Social media footprint
INTERNAL NON-EXISTENT
Confusion of roles & responsibilities Governance models & policies
INCONSISTENT DISJOINTED
Social media measurement practices Content & Community Practices
OUTDATED TECHNOLOGY
Crisis communications models Disjointed and uncoordinated
30. Confusion of Roles and Responsibilities
This is one of the most
common problems we see
31. Confusion of Roles and Responsibilities
It’s not just the Team
It’s about cross-organisational roles and coordination.
32. 6 Step Audit Approach
1. Strategy Assessment – overall goals
2. Presence Assessment – where are you the social web
3. Listening Assessment – what data and how managed
4. Organisation & Internal Culture Assessment
5. Process Assessment – workflow, timeliness, escalation
6. Governance Assessment
• Policy
• Roles
• Risk Assessment
• Compliance
33. Consider starting with an Assessment
“A big challenge is trying to
figure out everything that’s going
on, because you will be shocked
by the different people doing
social media that you don’t even
know about,” says Mike Jacka.
35. Check Approval Workflows
e.g. For New Presence Creation
Be sure to
Yes connect with
them.
Reach out to the
Do you know the Social Business
No
internal contact? Center of
Yes Excellence
Yes See #2.
1. Have you
notified your
manager about
this? No
Be sure to discuss
Is there a pre- with your manager
existing presence Looks like you
Yes
you can partner may need to
Is there a true with? No create a presence
need to create but two Create a presence
Yes a new social considerations. and not social
Yes
media media team.. Share
2. Do you have PW with manager
Have you channel? Hold off until resources to
reviewed the there is sustain the
Social Media No presence long
community Click here to
Guidelines? demand I’m term?
connect with the Discuss needs with
Review Social Not No
Sure
Social Business manager
No Media COE to discuss.
Guidelines
36. Finish
To allow Internal Auditors to:
communicate effectively with those managing the use of social
media when they are conducting an audit
to understand the inherent release of control of information posted
in social media
to understand the tools and systems which might be in use to
distribute and monitor social media activity
to understand what governance and control means regarding
social media when its utility is heavily linked to not being ‘in control’
39. 1. Assess
2.Strategis
8.Monitor e
7.Engage 3.Create
4. Protect Phase of iGo2 Strategy Methodology
6.Share
Overview
4.Protect
5.Participat
e
Regulatory compliance considered
Data collection, retention and archiving determined
Employee protections in place, including the social media policy and training
Company protections in place, including legal
Social architecture assessed in context of risk and monitoring
Crisis management plan developed and integrated
Risk assessment and risk management in place – and practice is conducted
Executive and Board reporting in place – critical items in relation to
business strategy and risk
40. 1. Assess
2.Strategis
8.Monitor e
7.Engage 3.Create
4. Protect Phase
6.Share
4.Protect
Risk Management - 1
5.Participat
e
Identify – listening, brainstorming, reviewing
Assign an owner
Qualitative or quantitative evaluation
Mitigation – accept, reduce, reject, transfer
Categorising social media risk:
Reputation
Compliance and regulatory
Legal, IP, Privacy
Operational – reducing employee productivity
41. 1. Assess
2.Strategis
8.Monitor e
7.Engage 3.Create
4. Protect Phase
6.Share
4.Protect
Risk Management - 2
5.Participat
e
Identify and review risks
Review historical activities
Workflow triage from listening
Review 3rd party case studies and reports
Create and review threat lists
Incorporate risk management into social initiatives
Keep up with platform developments and associated legal terms
42. A Multi-level Governance Model
0th level: Terms of Usage posted with some very simple
"guidelines" (not policy, not rules, etc.)
1st level: community managers and/or helpful individuals
2nd level: corporate platform managers
3rd level: exec sponsors
4th level: ad-hoc committee of exec VPs (IT, HR, etc.) for issues that
requires serious discussion
Levels 0 through 2 open and transparent, e.g. anyone can comment
and/or contribute.
43. Awareness
Mark Pearson @journlaw
Social media best practice: New
guidelines released Australian
Association of National Advertisers
(AANA) see
http://www.leadingcompany.com.au/technolog
y/social-media-best-practice-new-guidelines-
released/201211283150