In today’s business world, practically every organization has a presence on social media, enabling them to reach huge numbers of customers and stakeholders globally. While enhancing sales might be the primary driver for creating a social media presence, social media has a much broader scope. It builds new relationships with customers, employees, and other stakeholders, expanding awareness about the organization and its brand. It influences customer education, engagement, and feedback. And it heightens the organization’s attractiveness as an employer and strengthens its reputation.
With that broader reach comes new and different types of risks for organizations and their employees, such as reputational, dark web, and data protection risks. For internal auditors, the most relevant questions relate to aspects of how the social media presence is being managed. Organizations must develop policies covering aspects such as who in the organization has the authority to use social media, what gets communicated, and which of its stakeholders should receive the communications.
Consequently, internal auditors should invest resources to audit compliance with social media policies and guidelines. To do so, auditors need to build an adequate audit approach for the still-developing area of social media-related engagements.
Social Media Strategy
A good starting point for auditing social media is the organization’s social media strategy. Actually, the first question auditors should ask is whether the organization has such a document at all.
A social media strategy can help establish the general basis of the organization’s governance, use, oversight, and approach. The strategy also should contain the goals the organization aims to achieve from a long-term strategic perspective, thus setting the foundation for social media implementation.
Another important strategic component that internal auditors should evaluate is the specific channels that influence the organization, including validation of links, social handles, profile and account information, mission statement for the account, and key demographics. Moreover, auditors should assess whether organizational and social media goals are aligned.
Policies and Procedures
After dealing with the organization’s strategic approach, the next step is to check that the social media strategy has been written into relevant policies, procedures, guidelines, and instructions. Starting with the regulatory framework that is relevant for the organization’s industry, internal auditors should evaluate whether policies and procedures comply with state, local, and national labor laws and protected free speech rights. Ensure that relevant documents are reviewed for consistency and approved by the appropriate experts from different parts of the organization such as senior management and the legal, risk management, and internal audit functions. Finally, the assessment should seek the perspective of the organization’s employees, including those responsible for social media. One concern is whether employees have documented style guides to follow for social media posts.
Another important aspect of auditing social media is assessing whether it has adequate resources. Once the organization decides to have a social media presence, the organization needs to dedicate employees to manage its presence and establish tools for monitoring it. Appropriate management of social media should include using tools that provide information such as mentions of the organization’s name, relevant post reviews, and audience behavioral patterns.
To get an understanding of the organization’s social media activities, internal auditors should search the web to identify where the organization has a presence. Additionally, identifying some of the best posts and evaluating the themes that make them popular — such as the topic, pictures, and people focus — can inform management about the relevance of those posts to customers and stakeholders.
Identifying key metrics can give internal auditors a basis for evaluating the performance of the current social media. This not only includes assessing the current metrics in place, but also whether there should be other or different metrics. Various social media analytics tools can help auditors simplify this step.
Roles and Responsibilities
The wide scope of influence social media could have on the organization creates the necessity to establish appropriate roles and responsibilities. It would be confusing to have all the departments posting on social media on behalf of the organization at the same time and without any alignment. Likewise, it would be confusing if any employee could provide requested feedback or reply to a comment on social media.
These issues challenge internal auditors to validate that the roles and responsibilities are documented and are clear to all employees. When it comes to security, auditors should evaluate owners of each account and review security protection measures in place such as tools for controlling passwords.
Internal Communication and Training
Considering that social media can significantly impact the organization if not managed well, organizations need relevant internal communication and training programs. Employees need to know the rules for representing the organization on social media to avoid potentially negative consequences. For these reasons, internal auditors should review social media-related communication to employees as well as the frequency of training provided.
Another important aspect of auditing social media is reviewing whether the organization has developed crisis scenarios and assessing how the crisis would be communicated on social media channels. Generally, a crisis creates opportunities for a wide range of miscommunication throughout the organization. Internal auditors should make sure managers and social media employees are aware that such situations might happen and have a clear plan for managing those situations.
Room for Improvement
Internal auditors can provide an independent perspective and good insight for management to consider. However, to keep up with the dynamics of social media, the organization always should look for opportunities to improve social media channels as well as the controls around their use. Employees who manage social media should coordinate with other departments within the organization and constantly evaluate new developments and topics of interest in their industry, region, and community. Internal auditors can help those employees make improvements to the structure and design of the organization’s social media approach that can enhance its performance.