​Social Overconfidence​​
A recent survey suggests organizations don't manage social media risk as well as they think they do.​

Comments Views

​​​​Recently consumer activists have accused J.M. Smucker Co. of deleting negative posts about genetically modified organisms in food products from its Facebook page. Similarly, some banks have shut down social forums due to negative feedback, while other businesses have suffered brand damage or been forced to change strategies due to the force of social media.

Such incidents demonstrate that even well into the social media era, businesses aren't prepared to address the risks emerging from social media services, a new Accenture report warns. "Traditional risk management policies were not designed for, quite literally, minute-by-minute monitoring of social media chatter to identify brand, strategy, compliance, legal, and market risks," says Steve Culp, senior managing director for Accenture Finance & Risk Services, in the report, A Comprehensive Approach to Managing Social Media Risk and Compliance. Yet, with research firm eMarketer projecting social networks to top 2.5 million users by 2017, businesses have much to gain from social media — and have much at risk, Culp writes in the report's foreword.

One glaring problem is that businesses may overestimate their ability to manage social media risks. In a September 2013 Grant Thornton survey, 71 percent of executive respondents said that although their company is concerned about social media risks, it believes those risks could be mitigated or avoided. Thirteen percent said social media didn't pose any "appreciable" risks for their company. The survey further revealed that 59 percent of respondent organizations don't have a social media risk assessment plan, while only 36 percent provide social media training.

The Accenture report asserts that part of the problem is most discussions of social media risks have focused on reputational damage, which may "hide or obscure other types of risks under a single label of brand value and reputation." These include strategic, business, regulatory, legal, and market risks that can lead to fraud, intellectual property loss, privacy violations, and other negative consequences. Organizations with a narrow view of social media risk aren't likely to have a broad approach to managing all those risks, the report says.

Managing Social Risk

The Accenture report advocates implementing a social media risk management program comprising governance-, process-, and system-related activities. Governance activities focus on creating structures and policies for managing social risks, including formally defined roles across the organization, business-unit coordination, acceptable use policies, and well-defined risk tolerance levels.

Process activities aim to adjust operations to assess and monitor social media risks proactively. These include identifying all categories of social risks, as well as risk assessment, reporting, monitoring, and mitigation. System activities are intended to mitigate social media risks by managing data effectively and leveraging technologies such as data mining, text analytics engines, and dashboards.

Alongside these three dimensions, the Accenture framework posits three risk management enablers. First, organizations need a risk-aware culture in which people understand how the business is exposed to social media risks and what they must do to help manage them. Employees must know and adhere to rules and guidelines for social media usage and be held accountable for their performance, the report points out.

Compliance is the second enabler. Businesses throughout the world are subject to a plethora of regulations involving social media, such as rules over governance, financial disclosures, product claims and advertising, sales and marketing, payments, and information management. Social media compliance should provide a safety net for identifying emerging risks, the report states. It should be an extension of the organization's other compliance risk management programs and should encompass governance and oversight, policies and procedures, risk assessments and monitoring, and metrics.

The third enabler is performance management and measurement, which the report says is essential to giving company leaders an "end-to-end view" of social media risks, their impacts, and their capacity to be controlled. Performance measures should include identifying risks through data mining and analysis, risk reporting, risk management, measuring risk mitigation performance, and identifying improvement opportunities.

Establishing these three enablers addresses the human dimension of social media and "can lead to changed behaviors in social media usage," Culp writes. Ultimately, effective social media risk management can "make a difference in the business outcomes the company delivers," he observes.

​​​Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.



Comment on this article

comments powered by Disqus
  • IIA GRC_July 2020_Premium 1
  • AuditBoard_July 2020_Premium 2
  • IDEA_July 2020_Premium 3