Embed Size (px)
Citation preview
A survey report from Grant Thornton LLP and Financial Executives International
Social media and its associated risks
David Florio, CA, CA.IT, PCI DSS QSAPartner, Advisory Services / Business Risk Services T +1 416 369 6415 E [email protected]
© Grant Thornton LLP. All rights reserved.
Social Media Facts
Source: socialnomics.com
© Grant Thornton LLP. All rights reserved.
Use of social media is expected to increase significantly over the next 12 months
© Grant Thornton LLP. All rights reserved.
What are the risks?
© Grant Thornton LLP. All rights reserved.
How concerned are executives about potential risks of social media?
© Grant Thornton LLP. All rights reserved.
A broken guitar attracts over 10 million views
© Grant Thornton LLP. All rights reserved.
Preparedness: More than half (61%) of respondents indicated their organizations do not have an incident management plan
Does your organization have a social media policy?
© Grant Thornton LLP. All rights reserved.
Social media policy— Key points
• How should employees respond to company references in social media?
• How should employees represent themselves?• Who should officially communicate on behalf of the
company?• When to fact check something (references to legal
issues)?• Guidelines to avoid conflict• Prohibiting the sharing of non-public financial and personal
information• Properly crediting sources
© Grant Thornton LLP. All rights reserved.
Marketing is most often responsible for monitoring the social media policy
© Grant Thornton LLP. All rights reserved.
Social Media Risk to Audit Plan and Internal Audit's Role
Governance processes
Corporate Governance
Compliance
(Reg/Leg)
Operational Governance
Project Governance
Execute
Social Media Risk Assessment
(Risk assessment andMulti -year audit plan)
Risk Assessment
Assurance and Risk
Special Projects / Follow -up
Social Media Risk & Control Report
• Regulatory compliance • Social Media technology and integration
• Governance and Policy assessment
• Practices reviewPlan & ExecuteAudit
Report Follow -up
Manage the internal audit
Stakeholder Expectations
People Financials Regulatory Requirements
Timelines Communications
© Grant Thornton LLP. All rights reserved.
Conclusion
• Many executives acknowledge there is risk involved in social media, yet this risk has not been well defined for them
• Governance structures to monitor compliance and manage risk associated with social media trends are emerging
• As the negative incidents associated with social media begin to receive public attention, senior leaders will need to react – and look for thoughtfulness and good planning
© Grant Thornton LLP. All rights reserved.
Activities You Should Consider
• Perform a periodic social media audit– Risk management– Policies– People/Awareness– Processes– Technology
• Develop a governance strategy that addresses:– Policy development– Training– Monitoring and enforcement
• When launching a new social media tool, perform a risk assessment
