Social media: to be handled with care: it may be up to the audit committee to ensure that management puts in place a risk-aware social media governance framework.

Author:Whalen, Dennis T.

ENGAGING CUSTOMERS in real time. Adding sales channels. Listening to the marketplace for risks and opportunities. Communicating with shareholders. Collaborating across the enterprise. The power of social media as a strategic business tool also presents substantial risk that can undermine a company's reputation, at viral speed.

Even to those companies not actively using them, social networks pose inherent risk--from threats to confidential information or intellectual property to reputational damage and the potential for regulatory infractions.

A key challenge for audit committees--or whichever board committee has responsibility for this area of risk--is to help ensure that management (often spearheaded by marketing and closely supported by legal, HR, compliance and IT) has in place a social media governance framework that effectively addresses the range of internal and external risks. To this end, we offer some key considerations:

* Can management demonstrate an understanding of how the use of social media is evolving and impacting the business--and the associated risks? How can social media impact our marketing strategy, sales channels, and how we reach and engage our customers? Are we listening to what the marketplace is saying about the company? Have we identified and communicated the risks posed by the evolution of social media, including unique risks to the organization in areas such as workforce effectiveness, information protection, reputation risk and legal/regulatory risk? How effective are our controls around these risks?

* Is someone actively monitoring the major social media networks to identify potential problems and opportunities? Is the company using a social media-monitoring tool, and is the use of such a tool incorporated into the company's enterprise risk management process? How does the company decide when to react to potential reputational issues being discussed in various social media--and, when needed, how does the company respond and under whose direction?



* Do we have a single, clearly defined policy regarding employee use of social media both on the company's enterprise technology and employees' personal devices? Employee use of social media raises a host of issues unique to the company, including employee commentary on company matters and workplace conduct, the protection of the company's IP rights (logos, registered phrases, developing products, business plans)...

To continue reading