Embed Size (px)
DESCRIPTION
Presentation to The Institute of Internal Auditors Australia annual conference SOPAC 2013. While presentations on auditing and social media miss the overall Governance Framework that needs to be in place. A Social Media Policy is just one component of one part of that Framework. The presentation demonstrates the structure of the framework, and gives some advice as to how to get started in such an audit.
Citation preview
Auditing Social Media The Practicalities
SOPAC2103 – Session 1B
m: +61 403 345 632
Twitter: @adamson
4 March 2013, Brisbane, Australia
Contents
1. Having a Social Media Strategy is Key
2. Governance
3. Auditing Practicalities
Presentation at: www.slideshare.net/kinshipdigital/
About me
Hypothetical
Risk • NOT just PR / brand reputation
• BUT also implications for logistics, retail stores, customer experience,
purchasing, supplier relations, purchasing, government relations, regulators
e.g. ACCC
DO YOU have cross-functional social media risk management plans?
4
Objectives
1. To convey the importance of an effective social media Strategy
2. To outline the components of social media Governance
3. To address some auditing practicalities
Key aspects of social media in business
Strategy formulating policy and strategy through researching
your brand, customers, partners and competitors
Intelligence monitoring, collecting and analyzing social data to
make informed, agile business and policy decisions
Communities building ‘owned’ social platforms for listening, support,
building, collaborating, content
Governance social business metrics, ROI, policy and guidelines,
processes, risk management, compliance
About you?
Personal audience poll - show of hands
On which networks are you
active?
Having a Social Media STRATEGY is Key
This is the first question for auditors
Social Media Policy is not Strategy
χ NOT Strategy
χ NOT Governance
But is important, and specifically, it should:
Educate employees, then empower them;
Help employees understand and own the risks;
Hold employees accountable;
Address organization social media account “ownership” and hand-
offs when spokespeople leave.
Good news! There IS a methodology
1.Assess
2.Strategise
3.Create
4.Protect
5.Participate
6.Share
7.Engage
8.Monitor
Social
Business
Framework
Key is to integrate social with business
1. Social strategy which aligns with
business strategy
2. Social business risk which is part of
business risk management and
compliance programs
Regulators ?
Advertising Standards Bureau, ACCC,
Australian Association of National
Advertisers (AANA), ASIC, APRA, etc.
Cross-functional
A social risk management program needs cross-functional input:
Compliance
Technology
Information Security
Legal
HR
PR & Comms
Digital Marketing
Social Media!
12
Governance
Social Media Strategy
Regular Reporting of ROI
Mandatory Monitoring of Social Channels
Social Media Policy Plans, Action, Compliance
Management of 3rd Party Vendors
Employee Training
Compliance Protocols
Governance - Heads-Up – Be prepared !
Social Media Strategy Required • A strategic plan with actions and operational descriptions.
• Clear roles and responsibilities whereby the board of directors and/or senior
management spell out how use of social media contributes to the strategic goals of the
institution, while also spelling out what kind of controls will be put in place.
• How ongoing social media risks will be monitored and assessed.
Regular Reporting of ROI • Regular reports to the board of directors and/or senior management, which enable a
periodic evaluation of the effectiveness of the social media program and whether the
program is achieving its stated objectives.
14
Governance - Heads-Up – Be prepared 2
Mandatory Monitoring of Social Channels • An oversight process for monitoring information posted to social media sites
(administered by the institution or a contracted third party).
Social Media Policies & Procedures & Compliance • Policies regarding the use and monitoring of social media, and compliance with all
applicable consumer protection laws.
• Social media policies should incorporate procedures addressing risks from online
postings, edits and replies.
15
Governance - Heads-Up – Be prepared 3
Manage 3rd-Party Vendors Ensure Customers Are Protected • Customer privacy and security of their personal data are a top concern.
• Institutions working with third-party social media vendors will be required to manage
those relationships within defined parameters to ensure compliance with all regulations
You Have to Tell Employees What’s Okay and What’s Not • An employee training program that incorporates the organisations’s policies and
procedures for official, work-related use of social media, and potentially for other uses
of social media, including defining impermissible activities.
Compliance Protocols • Audit and compliance functions to ensure ongoing compliance with internal policies
and all applicable laws, regulations, and guidance.
16
Relevant laws (US) Financial Institutions
• Truth in Savings Act/Regulation DD and Part 707
• Fair Lending Laws: Equal Credit Opportunity Act/Regulation B and Fair Housing Act
• Truth in Lending Act/Regulation Z
• Real Estate Settlement Procedures Act
• Fair Debt Collection Practices Act
• Unfair, Deceptive, or Abusive Acts or Practices
• Deposit Insurance or Share Insurance.
• Electronic Fund Transfer Act/Regulation E
• Rules Applicable to Check Transactions
• Bank Secrecy Act/Anti-Money Laundering Programs (BSA/AML)
• Community Reinvestment Act
• Privacy Gramm-Leach-Bliley Act Privacy Rules and Data Security Guidelines.
• CAN-SPAM Act and Telephone Consumer Protection Act
• Children’s Online Privacy Protection Act
• Fair Credit Reporting Act
17
Audit questions
Are there methodologies, techniques and tools in place covering:
• Social Media Strategy
• Regular Reporting of ROI
• Mandatory Monitoring of Social Channels
• Social Media Policy Plans, Action, Compliance
• Management of 3rd Party Vendors
• Employee Training
• Compliance Protocols
18
Auditing Practicalities
6 Step Audit Approach
1. Strategy Assessment – overall goals, plans, actions, reporting?
2. Presence Assessment – where are you the social web?
3. Listening Assessment – what data and how managed?
4. Organisation & Internal Culture Assessment
5. Process Assessment – workflow, timeliness, escalation?
6. Governance Assessment
• Policy
• Roles
• Risk Assessment
• Compliance
Practicalities Examine risks by business use case
Recruitment & Retention
Investor relations
Public relations
Marketing / branding
Lead generation
Customer service & complaints
Innovation & product development
Employee relations
Business partner relations
Operational Risk
1. Social media is one of several platforms vulnerable to account takeover and
the distribution of malware.
2. Organisations must ensure that the controls they implements to protect their
systems and safeguard customer information from malicious software
adequately address social media usage.
3. Financial institutions’ incident response protocol regarding a security event,
such as a data breach or account takeover, should include social media.
22
Hijacked
Burger King’s official Twitter handle suffered a cyber attack on Monday [Feb 18, 2013].
Hackers switched the branding to that of rival McDonald's and claimed the restaurant
chain “just got sold ... because the whopper flopped.”
The hackers sent more than 25 tweets and re-tweets on the handle, several poking fun at
Burger King, insinuating unethical behaviour about its employees and using
intentionally offensive language and racial slurs.
http://www.foxbusiness.com/technology/2013/02/18/burger-king-twitter-account-hacked-rebranded-to-mcdonald/
23
No opt-out !
An institution that has chosen not to use social media must still be
prepared to address the potential for negative comments or
complaints that may arise within social media platforms and provide
guidance for employee use of social media.
24
Resources
Awareness
• Mark Pearson @journlaw
• Social media best practice: New guidelines released
Australian Association of National Advertisers (AANA) see http://www.leadingcompany.com.au/technology/social-media-best-
practice-new-guidelines-released/201211283150
• New US Financial Institution Regulation
http://www.ffiec.gov/press/pr012213.htm
About KINSHIP Digital
27
KINSHIP Digital is a social consultancy that specialises in understanding, developing and protecting its clients’ reputation, brands, businesses and people in Social Media. Follow us @KinshipD www.kinshipdigital.com
Join the Social Governance
Community
28
Easiest way - SEARCH
Walter Adamson Speaker Notes
Walter Adamson is a social media business specialist. He is General Manager Victoria of Kinship Digital
which helps clients attract & retain employees & customers by leveraging social media tools. This
includes reputation monitoring, governance and risk management.
Walter has an extensive background in enterprise and as an independent consultant focused on IT
strategy and advising owners and managers of IT businesses. He was also the Independent Advisor to
the ICT Strategy Board of the Government of Victoria for 4 years.
He has held executive roles as CIO, VP International Business Development, and Corporate VP IT
Strategy, and also worked in Corporate Planning at BHP. Walter established the Internal IT Audit function
at BHP and led it for 3 years, and was one of the first Certified Information Systems Auditors in Australia.
He is also a Certified Social Media Strategist and holds a M.Sc. in Computing Science.
Connect on Linkedin http://linkedin.com/in/adamson
Follow me on Twitter @adamson
m: +61 403 345 632
29
