Update Q&A Extended

​Embracing the Social Business

Internal auditors should help their organizations consider social media's risk implications, says Michael Juergens, a principal at Deloitte & Touche LLP.​

Comments Views

How does social media impact common risk areas that internal auditors already are assessing, such as regulatory compliance, governance, and reputation management?

Social media has moved from a distraction and a marketing tool to a truly disruptive business platform and only will continue to increase in importance. Leading-edge organizations are transforming their businesses through social media using m​ethods such as eliminating linear transactional processes, changing workforce collaboration, and "gamification" (using game design techniques to engage users and solve problems). These changes create significant risk, both by altering the nature of existing risks within business processes and technologies and by creating new risk dimensions that internal auditors need to be aware of.

What kinds of assurance and advice can internal auditors offer social business activities?

As organizations socially reengineer their businesses, internal audit should be on the forefront of helping company leaders think through the risk implications, including how to manage and monitor these risks. Too often internal audit takes a sideline seat through periods of business change, using budgets, resources, and time lines as convenient reasons not to get involved until the answers are more clear. Internal auditors should be leading the risk discussions during social reengineering and helping the organization plan and deploy risk and control resources appropriately, depending on the social initiatives in play.

What is your advice for auditors who are asked to assist with their organization's social business activities?

Keep learning aggressively about new technologies, platforms, and methods of social deployment. Don't be afraid to jump into areas where all the risk, audit, and control answers are not self evident or readily available in an audit program. Ask good questions and remember that it's okay to not have all the answers.​

 

 

Comment on this article

comments powered by Disqus
  • TempleUnivITACS
  • EMC_RSA
  • IIA-GRC