Post on 03-Feb-2022
ACUIA – Social Media
© 2012 Crowe Horwath LLP 2 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Agenda
Social Media Uncovered
Use of social media by organizations and their
employees
Risks and Rewards
Challenges and benefits associated with connection and
communication
Taking action
How to manage risks through policies, education, and
monitoring
© 2012 Crowe Horwath LLP 3 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Social Media Revolution 2012
Is social media a fad?
© 2012 Crowe Horwath LLP 4 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Still think social media is a fad?
Source http://www.crowehorwath.com/socialmedia
© 2012 Crowe Horwath LLP 5 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
“You can either get on the social bus or you can get dragged
behind it, your choice.”
CIO Magazine
© 2012 Crowe Horwath LLP 6 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Definitions
What is Social Media? The Message
Media designed to be disseminated through social networks
Created using highly accessible and scalable publishing techniques
Examples include, Posts, Tweets, Groups, Applications
What is a Social Network? The Connection
A social network service focuses on building and reflecting of social networks or social
relations among people who share interests and/or activities.
Instant communication to the masses, feeling of community
© 2012 Crowe Horwath LLP 7 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Organizations get in the Game
Leverage Social Networks to reach the millions of Americans
participating
Brand Awareness and Loyalty - Spread the word from supporters to friends
Recruit employees
Get critical feedback on products, ideas
Post promotions, contests, etc.
Many employees leverage social networks to build their network
LinkedIn used to target customers
Building strong connections with business contacts by engaging in day to day
life
© 2012 Crowe Horwath LLP 8 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
5 Ways Financial Institutions Continue to use Social Media
Community Building
Example: Mobank
Product Research
Example: 1st Mariner Bank
• Customer Service
• Marketing and Promotion
• Transparency
Source: 5 Ways Banks Continue to Use Social Media, http://socialmediabanking.blogspot.com/2011/09/five-ways-banks-continue-to-use-social.html
Example: Bank of America
Twitter: @BofA_Help Example: Nicolet National Bank
Example: Citi
© 2012 Crowe Horwath LLP 9 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
2012 – Norton Cybercrime Report
© 2012 Crowe Horwath LLP 10 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
2011 - Symantec State of Security Survey
Symantec recently released their
2011 State of Security Survey
In this, 46% of survey respondents
reported that social media is a
“somewhat/extremely significant
industry trend affecting difficulty of
security”, second only to mobile
devices.
Additionally, among SMBs surveyed,
20% of respondents incurred at least
$100,000 in expenses from attacks
within the last year.
The top sources of these costs were: Lost productivity and revenue
Lost organizational, customer or employee data
Damage to company’s brand/reputation
© 2012 Crowe Horwath LLP 11 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Social Media Considerations and Risks
Reputational & Financial
Risks
Information Security &
Privacy Risks
Employment Risks
© 2012 Crowe Horwath LLP 12 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Reputational Risks: Your Company’s Image Online
Do you understand how your organization is represented online?
Employees, customers, and affiliates
Fact or fiction
Brand hijacking
ReTweet – messages multiply
Financial Impact
False “news” could be posted that could impact stock price, financial
transactions, etc.
Example: November 2010—A single tweet said a Qantas© plane had
crashed. Stock price immediately dropped 5%.
© 2012 Crowe Horwath LLP 13 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Reputational Risks: Your Company’s Image Online
Chrysler’s Twitter Account
Employee believed they were posting to their personal account.
“Whoa – what? RT @chryslerautos: I find it ironic that Detroit is known as the
#motorcity and yet no one here knows how to (expletive) drive.”
Quantas Twitter Campaign
During a marketing campaign asking people to use the #QuantasLuxury hashtag, all
of the planes were grounded.
BREAKING NEWS: Quantas introduce #QuantasLuxury class. Same as standard class, but
the plane leaves the ground.
© 2012 Crowe Horwath LLP 14 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Information Security Risks
Clickjacking
Users are generally
unaware that it has happened.
Link Shortening
Convenient for posting, especially with space limitations.
Where does it lead to?
Rogue Applications
Anyone can create an application.
The developer determines what information
they want access to.
Users don’t understand the risks of allowing
access to their information.
© 2012 Crowe Horwath LLP 15 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Blocking Social Media
Proofpoint July 2010 Survey
Roughly half of large enterprises
explicitly prohibit the use of social
networks.
Facebook – 53%
Twitter – 49%
“Where there's a will, there's a
way”
200 million people access
Facebook via a mobile device each
day
Excel spreadsheet = Facebook HardlyWork.in
© 2012 Crowe Horwath LLP 16 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Legal and Employment Risks
Firing employees based on Social Media posts
National Labor Relations Report
Hiring employees
What’s true, what’s false, and what’s been inflated?
Employee’s right to privacy
What are an employer’s rights to pursue action when the content is private?
FTC regulations
All posts made on your company’s websites or by your employees must be
transparent, accurate.
© 2012 Crowe Horwath LLP 17 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Inappropriate vs. Appropriate Social Media Postings
© 2012 Crowe Horwath LLP 18 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Appropriate, Inappropriate or Not Sure?
© 2012 Crowe Horwath LLP 19 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Appropriate, Inappropriate or Not Sure?
© 2012 Crowe Horwath LLP 20 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Appropriate, Inappropriate or Not Sure?
© 2012 Crowe Horwath LLP 21 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Appropriate, Inappropriate or Not Sure?
© 2012 Crowe Horwath LLP 22 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Appropriate, Inappropriate or Not Sure?
© 2012 Crowe Horwath LLP 23 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Appropriate, Inappropriate or Not Sure?
© 2012 Crowe Horwath LLP 24 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Taking action
How to manage risks through policies, education, and
monitoring
© 2012 Crowe Horwath LLP 25 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Perform a Risk Assessment
What are the risks out there?
Have you considered likelihood of occurrence?
What is the potential damage?
How strong are the controls you already have in place?
© 2012 Crowe Horwath LLP 26 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Social Media Risk Assessment – 4 Step Approach
Risk Scenario Inventory
Identify risk scenarios from within and outside of the company
Library of risk scenarios
Assess Impact of Risks
Likelihood and Impact
Inherent risk
Controls in place to reduce inherent risk
Residual risk
Prioritized/ranked list of risks
Manage/Mitigate Ranked Risks
Combination of people, process and technology(s)
Monitor and Enhance
On-going monitoring
Potential enhancement of mitigating controls to manage new risk scenarios
© 2012 Crowe Horwath LLP 27 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Crafting an Effective Social Media Policy
Prepare to create/modify your policies by engaging a multidisciplinary
team:
HR
Recruiting
Legal
Marketing
IT
Risk Management
Public Relations
Compliance
Senior Leadership
© 2012 Crowe Horwath LLP 28 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Evolution of Social Media Use/Progression in Organizations
Marketing, Communications/PR
Marketing often overseer of social media brand presence
Communications responsible for organizational branding
HR and Legal
HR or Legal often responsible for defining the use of social media by employees
Legal provides guidance on appropriate use of social media from a compliance
perspective
Security and IT
IT is now being charged with review of “data loss prevention”
Security is called in when a threat of breach or actual breach occurs
Risk Management
Relatively fresh involvement from risk management groups
Very few organizations have actually conducted a risk assessment of social media
Internal Audit
Being built into audit plans on an annual basis
© 2012 Crowe Horwath LLP 29 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Common Policies Needed to Mitigate Risk
Appropriate Use of Social Media Sites
On work equipment or during work hours on
personally owned equipment
For business use vs. for personal use
May need to consider different business
needs of different departments
At any time that impacts the company, its
information and its reputation
Description of what is appropriate based on
legal/HR input
Suggested Departments Involved:
HR – for employment law/HR implications
IT – for monitoring/bandwidth analysis
Department Heads – understand business
need
© 2012 Crowe Horwath LLP 30 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Common Policies Needed to Mitigate Risk, cont.
Information Security Policies and Procedures
Phishing and Malware prevention standards and
policies
Procedures to follow in the event of believed
compromise
Communication of the risks of over sharing
information on the company
Nondisclosure Agreement
Should cover releases of information in all forms
including Social Media
Should cover intellectual property, company
strategy, and customer info
Suggested Departments Involved:
HR – employee HR implications
IT – current/future IT standards/procedures
Legal – understanding law and content of NDA
http://riseabovethestatic.com
© 2012 Crowe Horwath LLP 31 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Common Policies Needed to Mitigate Risk, cont.
Human Resources Policies and Procedures
Candidate screening procedures that consider Social Media.
If, when and how management will
access and/or review employee
personal social media sites.
Termination policies that establish
grounds for termination, and
appropriately align with
employment contracts, labor
agreements, state laws.
• Suggested Departments Involved:
HR – current/future practices
Legal – current case law on social media
Department Heads – agreement with policies set forth
© 2012 Crowe Horwath LLP 32 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Common Policies Needed to Mitigate Risk, cont.
Marketing and Communication Policies and Procedures
Highly dependent on your corporate strategy for social media.
Consider policies and procedures on how new campaigns, ideas will be
generated, vetted, and approved.
When to engage the multidisciplinary team.
Consider policies on how you will monitor Social Media buzz, and respond
where appropriate.
Suggested Departments Involved:
Marketing – current/future strategy
and business needs/use
HR – implications of improper
communications
IT – incident response/monitoring
© 2012 Crowe Horwath LLP 33 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Communicating Social Media Policies
Communicate your Corporate Social Media
strategy
How you will use Social Media? Why you
will avoid Social Media?
Talk about the risks and rewards of Social
Media with your employees
Communicate when policies are updated,
when practices change significantly, and in
the event of an incident
This should occur at least annually
© 2012 Crowe Horwath LLP 34 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Training on Social Media
Steps to training employees and mitigating your risk
Step 1 – Communicate your strategy to your employees.
Help them understand why you’re using social media.
How it’s going to help you reach your business goals.
Step 2 – Understand your employees and the risk.
How are they using social media.
When are they using social media.
Perform a social media risk assessment.
Step 3 – Tailor training to employees.
Focus your training on the areas identified above.
Use real life examples to enforce your points.
Step 4 – Modify as necessary.
Today it’s Facebook and Twitter, tomorrow it will be something else.
Focus on content distribution, not the networks on which it’s distributed.
Retrain as necessary, just like information security, as it’s constantly changing.
© 2012 Crowe Horwath LLP 35 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Availability of Technology/Tools for Social Media Management
Category 1 – Listening
Listening to customers
Examples Radian6; Lithium; NM Incite; Attensity, Jive etc.
Category 2 – Social Media Management
Organize, manage the entire social media publishing lifecycle
May or may not have strong out-of-the box compliance
Examples Hootsuite, Actiance, Sprinklr, Expion etc.
Category 3 – Regulatory Compliance
Complying with internal policies and/or regulatory requirements
Examples Social iQ Networks, SocialLogix, Kronovia, Smarsh etc.
© 2012 Crowe Horwath LLP 36 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Conclusions – What We Learned Today
What are social networks and what is social media
Why you should care about social networks
Addressing potential risks from social networks
What is and is not appropriate to post on a social media site
Legal aspects
Taking action to mitigate social media risks
In Summary: Social Media
May have significant organizational risks and rewards
Although regulators are playing catch-up, organizations should take
proactive steps towards social media
Policies, procedures and appropriate staff training
Monitor your organization on social media
© 2012 Crowe Horwath LLP 37 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Final Thoughts – Questions
© 2012 Crowe Horwath LLP 38 Audit | Tax | Advisory | Risk | Performance
The Unique Alternative to the Big Four®
Crowe Horwath LLP is an independent member of Crowe Horwath International, a Swiss verein. Each member firm of Crowe Horwath International is a separate
and independent legal entity. Crowe Horwath LLP and its affiliates are not responsible or liable for any acts or omissions of Crowe Horwath International or any
other member of Crowe Horwath International and specifically disclaim any and all responsibility or liability for acts or omissions of Crowe Horwath International or
any other Crowe Horwath International member. Accountancy services in Kansas and North Carolina are rendered by Crowe Chizek LLP, which is not a member
of Crowe Horwath International. This material is for informational purposes only and should not be construed as financial or legal advice. Please seek guidance
specific to your organization from qualified advisers in your jurisdiction. © 2011 Crowe Horwath LLP
For more information, contact:
Lucas Morris
630.574.1850
lucas.morris@crowehorwath.com
Raj Chaudhary
312.899.7008
raj.chaudhary@crowehorwath.com