Presented at The Institute of Internal Auditors 2013 annual conference - auditing social media beyond the Social Media Policy by reference to Strategy and a strong Governance Framework.
BUT also implications for logistics, retail stores, customer experience, purchasing, supplier relations, purchasing, government relations, regulators e.g. ACCC DO YOU have cross-functional social media risk management plans? 4
and strategy through researching your brand, customers, partners and competitors Intelligence monitoring, collecting and analyzing social data to make informed, agile business and policy decisions Communities building ‘owned’ social platforms for listening, support, building, collaborating, content Governance social business metrics, ROI, policy and guidelines, processes, risk management, compliance
NOT Governance But is important, and specifically, it should: Educate employees, then empower them; Help employees understand and own the risks; Hold employees accountable; Address organization social media account “ownership” and hand- offs when spokespeople leave.
which aligns with business strategy 2. Social business risk which is part of business risk management and compliance programs Regulators ? Advertising Standards Bureau, ACCC, Australian Association of National Advertisers (AANA), ASIC, APRA, etc.
Required • A strategic plan with actions and operational descriptions. • Clear roles and responsibilities whereby the board of directors and/or senior management spell out how use of social media contributes to the strategic goals of the institution, while also spelling out what kind of controls will be put in place. • How ongoing social media risks will be monitored and assessed. Regular Reporting of ROI • Regular reports to the board of directors and/or senior management, which enable a periodic evaluation of the effectiveness of the social media program and whether the program is achieving its stated objectives. 14
Social Channels • An oversight process for monitoring information posted to social media sites (administered by the institution or a contracted third party). Social Media Policies & Procedures & Compliance • Policies regarding the use and monitoring of social media, and compliance with all applicable consumer protection laws. • Social media policies should incorporate procedures addressing risks from online postings, edits and replies. 15
Ensure Customers Are Protected • Customer privacy and security of their personal data are a top concern. • Institutions working with third-party social media vendors will be required to manage those relationships within defined parameters to ensure compliance with all regulations You Have to Tell Employees What’s Okay and What’s Not • An employee training program that incorporates the organisations’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities. Compliance Protocols • Audit and compliance functions to ensure ongoing compliance with internal policies and all applicable laws, regulations, and guidance. 16
covering: • Social Media Strategy • Regular Reporting of ROI • Mandatory Monitoring of Social Channels • Social Media Policy Plans, Action, Compliance • Management of 3rd Party Vendors • Employee Training • Compliance Protocols 18
plans, actions, reporting? 2. Presence Assessment – where are you the social web? 3. Listening Assessment – what data and how managed? 4. Organisation & Internal Culture Assessment 5. Process Assessment – workflow, timeliness, escalation? 6. Governance Assessment • Policy • Roles • Risk Assessment • Compliance
vulnerable to account takeover and the distribution of malware. 2. Organisations must ensure that the controls they implements to protect their systems and safeguard customer information from malicious software adequately address social media usage. 3. Financial institutions’ incident response protocol regarding a security event, such as a data breach or account takeover, should include social media. 22
on Monday [Feb 18, 2013]. Hackers switched the branding to that of rival McDonald's and claimed the restaurant chain “just got sold ... because the whopper flopped.” The hackers sent more than 25 tweets and re-tweets on the handle, several poking fun at Burger King, insinuating unethical behaviour about its employees and using intentionally offensive language and racial slurs. http://www.foxbusiness.com/technology/2013/02/18/burger-king-twitter-account-hacked-rebranded-to-mcdonald/ 23
use social media must still be prepared to address the potential for negative comments or complaints that may arise within social media platforms and provide guidance for employee use of social media. 24
New guidelines released Australian Association of National Advertisers (AANA) see http://www.leadingcompany.com.au/technology/social-media-best- practice-new-guidelines-released/201211283150 • New US Financial Institution Regulation http://www.ffiec.gov/press/pr012213.htm
that specialises in understanding, developing and protecting its clients’ reputation, brands, businesses and people in Social Media. Follow us @KinshipD www.kinshipdigital.com
business specialist. He is General Manager Victoria of Kinship Digital which helps clients attract & retain employees & customers by leveraging social media tools. This includes reputation monitoring, governance and risk management. Walter has an extensive background in enterprise and as an independent consultant focused on IT strategy and advising owners and managers of IT businesses. He was also the Independent Advisor to the ICT Strategy Board of the Government of Victoria for 4 years. He has held executive roles as CIO, VP International Business Development, and Corporate VP IT Strategy, and also worked in Corporate Planning at BHP. Walter established the Internal IT Audit function at BHP and led it for 3 years, and was one of the first Certified Information Systems Auditors in Australia. He is also a Certified Social Media Strategist and holds a M.Sc. in Computing Science. [email protected] Connect on Linkedin http://linkedin.com/in/adamson Follow me on Twitter @adamson m: +61 403 345 632 29