Date post: | 17-May-2015 |
Category: |
Economy & Finance |
Upload: | igo2-pty-ltd |
View: | 315 times |
Download: | 1 times |
Social media Beyond the risks,
how it can work in organisations
For the Institute of Internal Auditors, Australia
Walter Adamson GM Victoria, iGo2 Group [email protected] 4 December 2012
Objectives of this webinar
To allow Internal Auditors to:
communicate effectively with those managing the use of social
media when they are conducting an audit
to understand the inherent release of control of information posted
in social media
to understand the tools and systems which might be in use to
distribute and monitor social media activity
to understand what governance and control means regarding
social media when its utility is heavily linked to not being ‘in control’
Walter Adamson
Set up BHP IS Audit Group
Certified IS Auditor
CIO (Asia Pacific Minerals)
Certified Social Media Strategist (2009)
Linkedin.com/in/adamson
My social web: xeeme.com/walter
@adamson
Audience poll #1
Which networks do you
currently use?
COMMUNICATE – CORE TERMS
Some key social media facets
Strategy formulating policy and strategy through researching
your brand, customers, partners and competitors
Intelligence monitoring, collecting and analyzing social data to
make informed, agile business and policy decisions
Communities building ‘owned’ social platforms for listening, support,
building, collaborating, content
Governance social business metrics, ROI, policy and guidelines,
processes
How to think about social
Elevate your view. Take a look
down from on high:
It’s not about the tools but
about what you want to
achieve
Social network fundamentals
Three key issues:
1. N – Network size
2. C – Contribution
3. P – Participation
The behavioural and methodological foundation of success
in social media lays in the NCP Model
Social Presence
What is Presence?
Presence is about your voice
being heard
Reach is about increasing the
pathways for your voice to
travel
Influence is about increasing
the impact your voice has on
others.
Social Architecture
Social Media Policy
Specifically, it should:
Educate employees, then empower them;
Help employees understand and own the risks;
Hold employees accountable;
Address organization social media account “ownership” and hand-
offs when spokespeople leave.
RELEASE OF CONTROL
Audience poll #2
Do you find social media to be
challenging to audit because it
is changing so fast?
Challenge
Simply put, the risk challenge with social is because of its
potential viral and permanent nature.
Loss of control
Hashtags become Bashtags
“Dude, I used to work at McDonald’s. The #McDStories I could tell
would raise your hair.” (via Twitter)
“#McDStories I lost 50lbs in 6 months after I quit working and eating
at McDonald’s” (via The Daily Mail)
“These #McDStories never get old, kinda like a box of McDonald’s
10 piece chicken McNuggets left in the sun for a week” (via The LA
Times)
McDonald’s execs recognized the PR disaster in progress and ended
the campaign after two hours. But it was too late. The trending topic
had already gained a life of its own.
Good news! There IS a methodology
1.Assess
2.Strategise
3.Create
4.Protect
5.Participate
6.Share
7.Engage
8.Monitor
Social
Business
Framework
Examine risks by business use case
Recruitment & Retention
Investor relations
Public relations
Marketing / branding
Lead generation
Customer service & complaints
Innovation & product development
Employee relations
Business partner relations
Key is to integrate social with business
1. Social strategy which aligns with
business strategy
2. Social business risk which is part
of business risk management and
compliance programs
Regulators ? Advertising Standards
Bureau, ACCC, Australian
Association of National Advertisers
(AANA), ASIC, APRA, etc.
Internal audit as a partner
“As advisers, internal audit can
partner with management to
develop a strategy in such a
way that it does not violate
the International Standards for
the Professional Practice of
Internal Auditing. You can’t
even address lower issues
until you’ve really got a
strategy and governance
process in place.”
- Mike Jacka, a senior audit manager with
Farmers Insurance Group (Phoenix).
TOOLS AND SYSTEMS
When Social goes Wrong
Governance
Monitoring
Risk Management
Crisis Management
Bankrupt!
Customer Brand (You)
Partner Competitor
Phase 8 – Monitor 6.Share
2.Strategise
1. Assess
3.Create
4.Protect
5.Participate
6.Share
8.Monitor
Monitoring tools and services
decided
Keyword and location searches
Competitor tracking
Brand tracking
Key measures agreed
Integration in place
Workflow and escalation processes
defined
Mobile considered
Monitoring fundamentals
Be aware that tools have 3 parts:
1. Social data sourcing
2. Data processing and analysis
3. Reporting and insight delivery
Does Listening support governance?
Does the listening platform
support governance rules and
roles and workflow?
If it can’t exceptions are created.
Social listening post - tools
Workflow and decision tree
GOVERNANCE AND CONTROL
What would it mean to you if you could assure your organisation that social media was well controlled?
EMPLOYEES Inappropriate use of social media
INTERNAL Confusion of roles & responsibilities
INCONSISTENT Social media measurement practices
OUTDATED Crisis communications models
EXPANDING Social media footprint
NON-EXISTENT Governance models & policies
DISJOINTED Content & Community Practices
TECHNOLOGY Disjointed and uncoordinated
Social Media “Marketing” Has Caused
Internal Business Challenges
This is one of the most
common problems we see
Confusion of Roles and Responsibilities
It’s not just the Team
It’s about cross-organisational roles and coordination.
Confusion of Roles and Responsibilities
6 Step Audit Approach
1. Strategy Assessment – overall goals
2. Presence Assessment – where are you the social web
3. Listening Assessment – what data and how managed
4. Organisation & Internal Culture Assessment
5. Process Assessment – workflow, timeliness, escalation
6. Governance Assessment
• Policy
• Roles
• Risk Assessment
• Compliance
Consider starting with an Assessment
“A big challenge is trying to
figure out everything that’s going
on, because you will be shocked
by the different people doing
social media that you don’t even
know about,” says Mike Jacka.
Organisational Model for Social Media
Then, get a grip on the model
OR
Check Approval Workflows
e.g. For New Presence Creation
Have you reviewed the Social Media Guidelines?
Yes
Is there a true need to create
a new social media
channel?
Yes
Is there a pre-existing presence you can partner
with?
Yes
Do you know the internal contact?
Yes Be sure to
connect with them.
No
Reach out to the Social Business
Center of Excellence
No
Looks like you may need to
create a presence but two
considerations.
1. Have you notified your
manager about this?
Yes See #2.
No Be sure to discuss with your manager
2. Do you have resources to sustain the
presence long term?
Yes
Create a presence and not social
media team.. Share PW with manager
No Discuss needs with
manager
I’m Not Sure
Click here to connect with the Social Business COE to discuss.
No
Hold off until there is
community demand
No Review Social
Media Guidelines
Finish
To allow Internal Auditors to:
communicate effectively with those managing the use of social
media when they are conducting an audit
to understand the inherent release of control of information posted
in social media
to understand the tools and systems which might be in use to
distribute and monitor social media activity
to understand what governance and control means regarding
social media when its utility is heavily linked to not being ‘in control’
CONCLUSION
You can successfully apply internal audit frameworks to social media.
APPENDICES
FOR REFERENCE
Regulatory compliance considered
Data collection, retention and archiving determined
Employee protections in place, including the social media policy and training
Company protections in place, including legal
Social architecture assessed in context of risk and monitoring
Crisis management plan developed and integrated
Risk assessment and risk management in place – and practice is conducted
Executive and Board reporting in place – critical items in relation to
business strategy and risk
4. Protect Phase of iGo2 Strategy Methodology
Overview
2.Strategise
5.Participate
6.Share
7.Engage
8.Monitor
4.Protect
1. Assess
3.Create
4. Protect Phase
Risk Management - 1
2.Strategise
5.Participate
6.Share
7.Engage
8.Monitor
4.Protect
1. Assess
3.Create
Identify – listening, brainstorming, reviewing
Assign an owner
Qualitative or quantitative evaluation
Mitigation – accept, reduce, reject, transfer
Categorising social media risk:
Reputation
Compliance and regulatory
Legal, IP, Privacy
Operational – reducing employee productivity
4. Protect Phase
Risk Management - 2
2.Strategise
5.Participate
6.Share
7.Engage
8.Monitor
4.Protect
1. Assess
3.Create
Identify and review risks
Review historical activities
Workflow triage from listening
Review 3rd party case studies and reports
Create and review threat lists
Incorporate risk management into social initiatives
Keep up with platform developments and associated legal terms
A Multi-level Governance Model
0th level: Terms of Usage posted with some very simple
"guidelines" (not policy, not rules, etc.)
1st level: community managers and/or helpful individuals
2nd level: corporate platform managers
3rd level: exec sponsors
4th level: ad-hoc committee of exec VPs (IT, HR, etc.) for issues that
requires serious discussion
Levels 0 through 2 open and transparent, e.g. anyone can comment
and/or contribute.
Awareness
Mark Pearson @journlaw
Social media best practice: New
guidelines released Australian
Association of National Advertisers
(AANA) see
http://www.leadingcompany.com.au/technolog
y/social-media-best-practice-new-guidelines-
released/201211283150