July 17, 2013

The Deloitte Postdigital Grapevine – Social Media and the Role of the Internal Audit

This article’s full contents are available on the Deloitte blog.

Organisations today are embracing new digital technologies to leapfrog or keep pace with growing competition in the marketplace. Powerful platforms (such as mobile, analytics, social media, cloud, and cyber intelligence) can potentially impact every facet of the organisation and create new opportunities. However these emerging technologies and platforms can also introduce significant disruptive forces into the business. The convergence of these macro forces reflects a new basis for competition, is changing the environment in which we both live and work, and has become the core of the “Postdigital Enterprise”.

No longer confined to areas of entertainment and life management, social media and social software have become an integral part of the postdigital business landscape. According to the South African Social Media Landscape 2012 study, 95% of major brands surveyed have some form of social media strategy aimed at
consumers. With more and more users linking, liking, friending, and following, the “postdigital grapevine” is an important medium for communicating with customers, increasing brand awareness, and promoting innovation and collaboration among employees.

According to The South African Social Media Landscape 2012 study 15% of companies using social media believe their skills are optimal, which may explain why most companies surveyed intend to make investments in training existing staff in social media best practices. Social business is typically viewed as a tool for external-facing activities, and is considered particularly useful for managing customer relationships. Increasingly, its relevance to innovation and competitive differentiation is also being recognised.

For many companies, the barrier to adopting social business is risk. According to a 2012 survey of 192 executives conducted by Deloitte & Touche and Forbes Insights, social media was identified as the fourth largest risk over the next three years, through 2015, placing it on par with financial risk. These are the risks that companies should be aware of:

Brand and reputation damage
Numerous corporate social media debacles over the last few years have brought attention to the phenomenon of brand sabotage. They have also demonstrated why brand stewards should be concerned about attacks – whether intentional or unintentional – on their brands.

Regulatory compliance
Compliance and legal risks arise from potential violations of or nonconformance with laws, rules, regulations, prescribed practices, internal policies and procedures, or
ethical standards. These risks also emerge when an organisation’s social media policies and procedures may not have kept pace with regulatory changes. Failure to adequately address these risks can expose an organisation to enforcement actions and/or civil lawsuits

Information leakage
Information leakage prevention is an effort by companies to keep sensitive information from leaving the virtual walls of the organisation. Because social media allows employees to speak to broad audiences, insufficient controls could lead to the disclosure of sensitive information, such as personal accounts, health information, intellectual property, customer data, personally identifiable
information, etc. Information leakage may result in loss of competitive advantage and brand damage.

Third-party risk
Outsourcing social media activities can expose companies to substantial risks, particularly copyright and trademark infringement. For example, business impersonation (in which social sites or social identities that are similar to your company’s name or brand are used for unauthorised business activities) can facilitate abuse of business trademarks and copyrights. In addition, organisations that have relationships with third-party affiliate marketers run the risk of non-compliance with applicable state and federal laws that govern advertising and marketing activities. Any advertising or marketing activities that take place through social media are subject to the same rules and regulations that similar practices would be in traditional media.

Governance risk
A lack of governance can result in many uncoordinated and inefficient activities, which can also lead to missed opportunities for gaining competitive advantage or sustaining market leadership. The urgency to meet the needs and expectations of departments across the organisation, exacerbated by enterprise-grade solutions that are often procured without IT oversight, can result in even greater chaos.

Value-adding role for Internal Audit
Leading practices for social media are still in their nascent stages and have, to a large degree, evolved reactively. What’s more, many organisations have only fragmented views of their social media infrastructure, which hinders effective risk management.

Be Sociable, Share!

Leave a Comment