may, 2012 © 2014, jacka & scott. by the end of this seminar, you will have had an opportunity to:...

May, 2012 2014, Jacka & Scott

By the end of this seminar, you will have had an opportunity to: Develop an understanding what is meant by social media, the full spectrum of opportunities, and how companies use this new tool Develop an understanding of what makes up good social media strategies, governance, and policies. Identify the risks in various aspects of social media Identify the elements of an audit over an organizations social media activities 2014, Jacka & Scott

If you know nothing about social media you should leave here knowing: Whats going on What your organization is facing Where the risks are How the organization and auditing can respond 2014, Jacka & Scott

If you already know something about social media you should leave here knowing: More about whats going on More about what your organization is facing More about where the risks are More about how the organization and auditing can respond 2014, Jacka & Scott

The following topics will be covered during the seminar: Social Media Defined Social Media Strategies Governance and Social Media Measuring and Monitoring The Regulators Social Media Risks The Social Media Audit 2014, Jacka & Scott

A brief history of social media Social media a definition Social media the conversation Lessons for Internal Audit 2014, Jacka & Scott

BBS, Usenet, Listserv CompuServ, Prodigy, Genie GeoCities, theGlobe.com Classmates, SixDegrees, Friendster MySpace, LinkedIn, Facebook, Twitter YGIAGAM 2014, Jacka & Scott

Your customers/your potential customers/your advocates/your competitorsgetting together to talk about you Comic-Con (or, what I learned from my kids summer vacation) 2014, Jacka & Scott

The #1 Risk REPUTATION PROTECTING AND CONTROLLING YOUR BRAND Controlling (as best as possible) the conversation about your brand 2014, Jacka & Scott

The online forms of communicating to the masses which include blogs, microblogs, social networking sites, and podcasts (Answer.com) Social media is the new term for socializing online. It allows people to freely interact with each other online whenever and wherever they want. (CubixDev) An umbrella term that defines the various activities that integrate technology, social interaction, and the construction of words and pictures. (iContact) Social media is technically a means for social interaction through the web. (Online Schools) Social media are media for social interaction, using highly accessible and scalable publishing techniques. (Wikipedia) 2014, Jacka & Scott

A Set of web-based broadcast technologies that enable the democratization of content, giving people the ability to emerge from consumers of content to publishers. 2014, Jacka & Scott

Survey to find how the organization is using social media Include in meetings within the organization Survey Search to find the conversations Google search Top site searches 2014, Jacka & Scott

The social media strategy Who uses social media Brand and social media The social media plan Lessons for internal audit 2014, Jacka & Scott

Ignoring Social Media Assuming Non-Participation Needs No Further Strategy No Overarching Strategy Converted strategies are sufficient 2014, Jacka & Scott

What is our business, who is our customer, what is our value to our customer, what will our business be, and what should it be? Analytical thinking & commitment of resources to action and innovation. Making decisions today about an uncertain future. Taking the right risks while exploring opportunities - Peter Drucker 2014, Jacka & Scott

Focuses on Strategy, not tactics Promotes a unique value proposition Addresses real customer needs Has a 3-5 year outlook Lays the groundwork for implementation Is appropriately documented 2014, Jacka & Scott

Aligns with business objectives Incorporated in other strategies Identify target market and how each uses social media 2014, Jacka & Scott

Seven categories of participation in social media - not exclusive and people may participate in more than one category at any given time. Creators - People who publish blogs, develop images, create video content, host podcasts, etc. Conversationalists - People who provide status updates in sites like Twitter Critics - People who provide reviews and comments on blogs and forums Lee & Bernoff - 2007 2014, Jacka & Scott

Collectors - People who vote on and tag articles and other content Joiners - People who join larger social networking sites such as Facebook and LinkedIn and create profiles Spectators - People who are more passive, but enjoy reading, watching, and listening to social media that has been developed by creators, conversationalists, and critics. Inactives - People who do not participate in any form of social media Lee & Bernoff - 2007 2014, Jacka & Scott

The set of expectations, memories, stories, and relationships that, taken together, account for a consumers decision to choose one product or service over another - Seth Godin 2014, Jacka & Scott

Understanding and trying to influence every possible touch point the business has with stakeholders/customers 2014, Jacka & Scott

Goals and Objectives Channels Engagement Staffing and Funding Metrics (to be discussed later in detail) 2014, Jacka & Scott

Increasing revenue Improving customer satisfaction and loyalty Recruiting and retaining the best talent Product development and innovation Enhancing brand awareness and perception 2014, Jacka & Scott

Determine who is driving social media activities Get the strategies and plans Include brand strategies What are they trying to do with social media? Do they permeate other strategies and plans? What types of customers have been identified? Consider doing a strategic level review 2014, Jacka & Scott

Governance and frameworks Roles of governance providers Social media policies 2014, Jacka & Scott

The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of objectives 2014, Jacka & Scott

Governance: The systems and processes by which the organization is directed, controlled, and held to account Risk Management: The culture, processes, and structures that are directed to the effective management of potential opportunities and adverse effects Compliance: The systems and processes that ensure conformity with business rules, policy and legislation 2014, Jacka & Scott

No Group Responsible Starts everywhere at once No single champion Missed Risks and Rewards Misunderstand underlying risks Focus on controls and risk versus opportunities Wrong Group in Charge No wrong group, but Examples Risk, Compliance, Legal, IT 2014, Jacka & Scott

Provides broad oversight on all strategic decisions including social media Should understand why decisions were made and the related risks Properly educated on social media Updated as appropriate 2014, Jacka & Scott

Properly educated on social media Projects are advancing as expected Continued alignment with overall strategies and objectives Significant issues are brought to executives attention Overall objectives are being met Periodically updated 2014, Jacka & Scott

Liaison with executive management Coordinates interdepartmental activities Regular meetings with updates Ultimately responsible for success Properly educated on social media 2014, Jacka & Scott

Keys to Successful Social Media Committees Committee makeup/department feedback Knowledge of the unique situation Roles and responsibilities Objectives Requirements of social media Task definitions Measures of Success Prioritization Issue Elevation Statement of direction 2014, Jacka & Scott

Clear communications on what employees can and cannot do on social networks Specific restrictions regarding use of social media for non- work related activities Considerations for all social media communications Add value Conversational style Honesty and respect Transparency and disclosure Confidentiality Ownership and registering properties Endorsements and recommendations Degree of personal and professional use 2014, Jacka & Scott

The organizations monitoring practices An outline of other policies that may be impacted by social media Guidance on Conflicts of Interest Issues IT requirements related to UserIds and passwords Guidance on responding to comments Guidance for crisis communication Requirements that all applicable laws will be followed Consequences 2014, Jacka & Scott

External social media policies should include: Commenting allowed and disallowed Comment moderation Offensive language Attacks and threats Off topic Proprietary information Banning 2014, Jacka & Scott

Proactive and reactive management Social media account disclosure Service-level agreements Hours of operation and response time Error correction What the organization will disclose and comment on 2014, Jacka & Scott

Discuss with the board Discuss with executive management Coordinate with assurance providers Review social media policies 2014, Jacka & Scott

Metrics Considerations Value Added Metrics Monitoring Considerations Who is Your Spokesperson? Triage Crisis Management 2014, Jacka & Scott

No Metrics With no measures, how do you determine success Misaligned with Organizational Goals Is everyone measuring the same thing Poor Metrics What is a poor metric? 2014, Jacka & Scott

Website hits There have been 60,000 page views on our new website!! Blog Comments My latest post had fifteen comments in the last half hour! Facebook Friends We have successfully achieved our objective of having one million followers on Facebook! Twitter Followers Our most recent Tweet on new product development was retweeted by half our followers!!! 2014, Jacka & Scott

Brand Recognition Advocate Numbers and Frequency Customer Service Issue Resolution Rate Sales & Marketing Sales Generated Human Resources Potential Candidate Engagement 2014, Jacka & Scott

Conversations Will Occur Monitoring is Key Monitor Even Where You Are Not Leading the Conversation The Risk of Not Paying Attention Who is watching, how often are they watching, what do they watch, and what do they do with what they find? 2014, Jacka & Scott

Listening Learning Responding Measuring Sharing 2014, Jacka & Scott

The Intern The 3 rd Party The Employee The Executive 2014, Jacka & Scott

Even with the best reputation management, crises will happen If done correctly, crisis management can actually enhance the brand and reputation Companies are judged not on the crisis itself, but on the response 2014, Jacka & Scott

Providing no response Replying No Comment Offering disorganized, conflicting statements Issuing a verdict before examining the facts 2014, Jacka & Scott

Quick and agile (minutes not days) Predetermine when to mobilize a response Keep everyone informed transparency in communications Role of the board They should ask for a crisis management plan; they should know the plan They are not the spokespeople Predetermine what events they need to know 2014, Jacka & Scott

Identify media experts ahead of time Know the local responders Train, Re-Train, Keep Training Conduct simulations 2014, Jacka & Scott

Short and practical Who does what, when and where List the team Internal and external contact details Crafted messages Proven ability to implement Develop a process to allow for flexibility 2014, Jacka & Scott

Candor Explanation Affirmation Declaration Contrition Certification Commitment Restitution 2014, Jacka & Scott

Determine how social media success is being measured Find who is monitoring social media Determine if there is a triage process Determine if the education that occurs regarding social media Review the disaster recovery plan/crisis management plan 2014, Jacka & Scott

Communication The Cast of Characters 2014, Jacka & Scott

It is all about communication An insurance example Regulators are defining it as broadly as possible 2014, Jacka & Scott

Guidance Concerning the Use of Endorsements and Testimonials in Advertising Require disclosure The post of a blogger who receives cash or in-kind payment to review a product is considered an endorsement Ann Taylor (or can you afford $11,000 per blogger) Reverb Communications 120,000 reasons Legacy Learning 250,000 more 2014, Jacka & Scott

Facebook as a screening tool/Facebook as a background check Civil rights, protected classes and social media Currently theoretical Best practices in hiring Social media checks in conjunctin with background checks Only use public profiles Establish policies Document adverse decisions 2014, Jacka & Scott

Has issued guidance on SM Policies Rulings continue to evolve 2014, Jacka & Scott

Testimonial Rule Third-party commentary Fair Disclosure Rule Social media postings as good as news releases 2014, Jacka & Scott

Solicitation Number 1127679 Use of Social Media to Inform and Evaluate FDA Risk Communications 2014, Jacka & Scott

Federal Financial Institution Examination Council FRB, FDIC, NCIA, OCC, CFPB Social media defined Risk management over social media Designed with full participation Contain all components (e.g. governance, policies, training, etc.) Compliance, reputation, and operational risk 2014, Jacka & Scott

Know your regulators Know all your regulators Know what other regulators are doing Keep up-to-date 2014, Jacka & Scott

What is a Risk? What Weve Already Covered But Wait Theres More 2014, Jacka & Scott

The possibility that an event will occur and adversely affect the achievement of objectives COSO Internal Control Integrated Framework 2013 2014, Jacka & Scott

Likelihood Impact Velocity Persistence/Duration 2014, Jacka & Scott

Acceptance Avoidance Reduction Sharing 2014, Jacka & Scott

The #1 risk is to your brand Strategic Governance Planning Monitoring Metrics Regulatory 2014, Jacka & Scott

Viruses and Malware Data leakage/theft Brand Hijacking Customer gets exposed to hijacked and fraudulent presence Lack of Control Over Corporate Content Employee posting wrong or improper content Unrealistic Customer Service Expectations Service at the speed of the internet Mismanagement of Communications Impact of retention regulations or e-discovery Per ISACA White Paper 2014, Jacka & Scott

Viruses and Malware Antivirus and anti-malware controls installed Brand Hijacking Find a firm to protect your brand. Update customers Lack of Control Over Corporate Content Establish social media policies. Capture and log Unrealistic Customer Service Expectations Ensure staff can handle. Timeline for responses Mismanagement of Communications Establish policies and procedures Per ISACA Workpaper 2014, Jacka & Scott

We have covered some already HR, regulatory Document retention/Archiving/E Discovery Right of use/copyrights and trademarks (e.g. images, text, music, etc.) Celebrity Endorsements Proprietary information Fake Information Competitors Contracts (see next section) 2014, Jacka & Scott

Unqualified Vendors Overdelegation One-sided Contracts Ownership of Content Poor Metrics Violations 2014, Jacka & Scott

Should contain Scope of Work Compensation SLAs Agency Expenses Ownership of Assets Copyright information Non-disclosure Team Members Conflicts Right to Audit Approval Process & Communications 2014, Jacka & Scott

(Yes, this is a catch-all) Procedures Organizational Design Human Resources Information & Communication Training Employees, Executives and the Board Quality Assurance 2014, Jacka & Scott

Strategy Governance/Oversight Planning & Plan Execution Policies & Procedures Metrics Monitoring Regulatory/Compliance IT Legal Third-Party Human Resources 2014, Jacka & Scott

Lack of a formal or an inadequate social media strategy could result in poor alignment with organizational strategies, invalid assessments of the strategies success, and inappropriate communication related to the organizations initiatives To determine whether a social media strategy has been developed that is complete, aligned with other corporate strategies, and appropriately documented and communicated 2014, Jacka & Scott

Expected controls: Strategy document Communication process Meeting documentation Approvals 2014, Jacka & Scott

Match organizational strategies to social media strategies to verify alignment Review strategy to verify it includes basic requirements Strategic, not tactical, level All stakeholders considered (not just Marketing, etc.) Identify target audience, desired relationship, and desired conversational engagement Identify social media channels Properly identifies necessary resources 2014, Jacka & Scott

Review business strategies to ensure social media initiatives are included Review necessary documentation to ensure appropriate approvals were obtained 2014, Jacka & Scott

Lack of appropriate governance and oversight related to social media initiatives could result in poorly aligned goals, mixed messaging to customers, inadequate interdepartmental communication, and a lack of direction related to social media initiatives. To determine whether effective oversight has been established for the use of all social media, including social media specifically developed by the organization. 2014, Jacka & Scott

Expected controls Communication process Board of Directors Meeting Documentation Social Media Committee Documentation - Charter, Purpose, Objectives Assurance Partners Reviews 2014, Jacka & Scott

Review meeting minutes to verify appropriate involvement at board level Review documented discussions to verify appropriate involvement of executive management Analyze training completed at the board and executive management level to ensure all necessary parties understand the full impact of social media Review Social Media Committee documentation to ensure it is providing direction to the appropriate committees Ensure the charter, purpose, and objectives for the Social Media Committee has been appropriately reviewed and approved 2014, Jacka & Scott

Review documentation on standing committee members to verify the make up of the committee is appropriate Conduct a survey for all social media activities and verify this matches similar surveys conducted by the committee Determine if appropriate reviews have been conducted by assurance providers Identify other related committees and initiatives and verify coordination with the social media committee Conduct a survey of employees to determine their involvement in social media 2014, Jacka & Scott

Inadequate planning for social media initiatives may result in delayed implementation, inadequate measures of success, and wasted resources. To determine whether the organizations planning related to social media is complete, in alignment with the related strategies, and appropriately communicated 2014, Jacka & Scott

Expected controls Articulated Strategy and Plan - Organization Articulated Strategy and Plan - Department Social Media Committee Documentation - Charter, Purpose, Objectives Approval of Goals Approval of Vendor Contracts 2014, Jacka & Scott

Review social media plans for completeness including: Specific, measurable, achievable, relevant, and time bound Social media channels Stakeholder engagement style, frequency, consistency Departments responsible Limitations (e.g. restricted channels, resource constraints) Resource allotments 2014, Jacka & Scott

Compare social media plans to organizational plans to ensure alignment Identify all vendors used in social media initiatives and ensure: Contracts match organizational guidelines Appropriate SLAs have been established Clear measures of success and deliverables are defined Review QA work done related to outside vendors. Re-perform this work to ensure the accuracy of the process 2014, Jacka & Scott

Compare goals with the current state of the project to ensure timely completion. If delays have been identified, review the actions taken to verify appropriate elevation of these issues Analyze expenses to identify vendors who may be working on social media. 2014, Jacka & Scott

Inadequate or improper metrics related to social media operations can result in a focus on the wrong activities, an inability to determine success, and improper reporting of overall results. To determine whether metrics have been established to ensure successful implementation and use of social media. 2014, Jacka & Scott

Expected controls Approval of Metrics Policies and Procedures Periodic status reports Defined actions from results 2014, Jacka & Scott

Verify that metrics have been established Review metrics to ensure the following Measurable Align with Strategies/Goals/Objectives (both for the organization and social media) Are value-add measures Acceptable ranges defined Verify that responsibility for gathering metrics has been established, including appropriate reporting of results 2014, Jacka & Scott

Review metric reports to verify the accuracy of reporting If metrics are falling outside the acceptable ranges, verify appropriate actions have been taken Review oversight committee documentation to ensure that reporting to these groups matches the actual results of reviews 2014, Jacka & Scott

Poor monitoring can result in missed issues and opportunities, poor customer service, and a negative impact on the brand. To determine whether appropriate monitoring systems have been established over communications related to social media. 2014, Jacka & Scott

Expected controls Policies and Procedures Periodic Reporting Issue Escalation Process (Triage) 2014, Jacka & Scott

Review policies and procedures to ensure appropriate monitoring and reporting has been established Verify keywords, hot topics, and restricted issues have been identified for monitoring Discuss triage procedures with employees to ensure an understanding of how they are used Review previous reports and actions taken to ensure compliance with triage procedures Monitor current and past activities on social media to identify potential issues and verify appropriate actions were taken 2014, Jacka & Scott

Poor evaluation of regulatory and compliance issues related to social media can result in fines and penalties, as well as damage to the organizations reputation. To determine whether the organizations actions related to social media comply with all applicable federal and local regulatory issues. 2014, Jacka & Scott

Expected controls Review of Laws and Regulations Communication of Review Results Tests of Compliance 2014, Jacka & Scott

Review pertinent regulations to determine if they were identified by the organization If regulations have been identified, verify that these were appropriately communicated and necessary actions taken Review risk assessments to ensure social media has been included Verify that, if social media issues are identified during risk assessment, the results have been appropriately elevated 2014, Jacka & Scott

Is this an audit, or an advisory engagement? 2014, Jacka & Scott

Groundswell Charlene Li & Josh Bernoff Sociallyawareblog.com Socially Aware Newsletter Daliah Saper saperlaw.com Glassdoor.com Jobitorial.com FFIEC Guidance - https://www.ffiec.gov/press/pr121113.htm https://www.ffiec.gov/press/pr121113.htm Google alert social media risk 2014, Jacka & Scott

may, 2012 © 2014, jacka & scott. by the end of this seminar, you will have had an opportunity to:...

Documents

social media audit

social media brand

social media strategy

social media measuring

definition social media

regulators social media

icontact social media

social interaction