Internal Audit (IA) for Social Media

Similar documents
Securing Enterprise Social Media and Mobility Apps

Information Technology Risks in Today s Environment

Mid-market technology trends: Leveraging disruption to drive value The Dbriefs Private Companies series Anthony Stephan, Principal, Deloitte

Social media in the fund industry Current situation, opportunities and challenges

Welcome to the postmodern era for public sector ERP

Extended Enterprise Risk Management

Securing Capabilities in the Cloud: Security and Privacy in the Evolution of Cloud Computing

Cloud Computing Opportunities & Challenges

New Technology: Mission Impossible?

Four faces of the CFO

A View from the C-Suite: The Value Proposition of Shared and Global Business Services The Conference Board 20th Annual Global Business and Shared

Internal Audit and Technology Sustainable Analytics

Implementing Analytics in Internal Audit. Jordan Lloyd Senior Manager Ravindra Singh Manager

Are you ready for Industry 4.0? FY2017 Stakeholder engagement summary

INDUSTRY STUDY. The Definitive Buyer's Guide to the Global Market for Learning Management Solutions 2013

Diversity and inclusion: Why training isn't enough The HR Executive Dbriefs series

Partnering with the business to create a successful self-service analytics framework

Developing a Successful Product

Brand, Reputation and Culture Risk. January 15, 2018

Enterprise Risk Management

Accenture and Adobe: Delivering Digital Experiences Together

Board Bio Leading Practices. Building your Board Bio Pre-Work for Deloitte Workshop

SAP Jam Collaboration, advanced plus edition

Collaboration between humans and technology is creating a new labor class

International Finance Corporation

Legacy System Modernization. Imperatives. Challenges. Approach. Case Studies. PA TechCon. May 4, Considerations

ERP Edge Tech Mahindra Oracle Cloud Transforming your business to capture profit in the Cloud

Courageous Principals From Insight to Action. Deloitte University, The Leadership Center

Developed and engaged staff. Individualized career paths. Alternative leadership routes. Diverse workforce

Tuning in to the Emotions of the Capital Markets with Sentiment Analysis

SAMPLE SOCIAL MEDIA POLICY

Quality Assessments what you need to know

Reimagining IT: Leading technology organizations into the future The Dbriefs Technology Executives series

Unlock your digital marketing potential

Third Party Risk Management ( TPRM ) Transformation

CODE OF CONDUCT, ETHICS & SOCIAL RESPONSABILITY. syone

Cover Slide. Incorporating Social Media and Customer Service: How to Develop a Strategy

2018 SPRING PRODUCT UPDATE. What s New in Oracle HCM Cloud

Risk Advisory Services Developing your organisation s governance for competitive advantage

Seven principles for effective change management Sustaining stakeholder commitment in higher education

3.1. Breach Use of social media which contravenes Ermha s Social Media Policy, any other Ermha Policy, or the law.

Global Manufacturing Industry Landscape

Insurance Analytics: Organizing Analytics capabilities to get value from Data Analytics solutions A Deloitte point of view on Data Analytics within

SAP Jam Collaboration, advanced plus edition

Building A Holistic and Risk-Based Insider Threat Program

Take 3 Improving patient outcomes

Deloitte s High-Impact HR Operating Model: Business HR. Deloitte Consulting LLP

Social Networking and Internet Marketing in the Financial Services Sector

Certified Identity Governance Expert (CIGE) Overview & Curriculum

Audit Committee Performance Evaluation

The power of social media. How CMOs and CIOs can partner to build business value using social media

Delivering smarter audits Insights through innovation

INSIDE. 2 Introduction 12 Conclusion 4 6. How Prepared Are Corporate Law Departments?

Beyond EDI Unlocking new value with transactions enabled by SAP Ariba and the Ariba Network

IBM Impact Grants. Offering Portfolio

Globalization of HR and How Digital Transformation can Help. In partnership with: HR.Payroll.Benefits.

Social Media Policy. Reference: HR th December Induction CD/ Sharepoint/ EDRMS HR Site/ Website

Smarter Commerce for healthcare and life sciences

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

The Robots Are Here! RPA Services in Greece

Data protection in light of the GDPR

Transformation in the Internal Audit Function Neil White October 5, 2017

DELOITTE DIGITAL & SPRINKLR. Today s customer experience means communicating on customers terms, needs, and interests

The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,

Social Media Guidelines: King County 1

Social Analytics in Media & Entertainment The three-minute guide

Virtual Experience Platform. An Overview

WORKFORCE OPTIMISATION & RPA.

Engaging the workforce. Getting past once-and-done measurement surveys to achieve always-on listening and meaningful response

Five Ways Financial Services Can Increase Business Through Enterprise Social Networking. CLEARVALE White Paper January 2014

IT Strategic Plan Portland Community College 2017 Office of the CIO

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

An intelligent approach to unlocking value in service delivery transformation Focus on risk from the start

Harnessing the power of GIS

Mergers and Acquisitions in the Biotechnology Industry

Big Data: Essential Elements to a Successful Modernization Strategy

Work Like a Network: Accelerating Team Collaboration with Social

HR Metrics Key to Strategic Planning

High-Impact Talent Management in the Mid-Market November 30, 2016

Deloitte Accelerated Value: SaaS innovation for the digital core. Extending the potential of core systems, addressing tomorrow s needs

Setting the Foundation for Career Success. Jennifer Vessels

Outsourcing transparency evolution

QUICK FACTS. Delivering a Managed Services Solution to Satisfy Exponential Business Growth TEKSYSTEMS GLOBAL SERVICES CUSTOMER SUCCESS STORIES

Internal Audit innovation Structured methods to unlock new value

Results from state agency workshop: Values sought from social media tools

VIEWPOINT ARTICLE. Managing Risk in FM Outsourcing. AgileOAK.com

perspective Googlization and Amazonization of Procurement Essential building blocks for increasing user and spend adoption

Social Business Strategy & Execution

SAP Jam Collaboration, enterprise edition

Real Time Close. Case Study and Demo

Measuring Corporate Culture: Enhancing the Board s Understanding

Understanding employee engagement after a corporate acquisition A global communications company. EngagePath client spotlight

Leading financial institutions are transforming the way they manage IT risk

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting

Blockchain Unleashed: Petrochemical Industry Impact

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Risk Management For and By the BOT. Secured BOT Series

4/26. Analytics Strategy

Social Networking Advisory Services

Transcription:

Internal Audit (IA) for Discussion Document June 26, 2012

1 http://www.youtube.com/watch?v=0euel3n7fds

Contents #Who we Are # Perspective # Benefits and Challenges 2

Our Capabilities in /Collaboration Deloitte leverages our broad capabilities to assist clients to create value from social media 3

Definition is continuing to evolve and so the definition is also changing. Here are just some of the recent definitions. Wikipedia: Social media includes web-based and mobile based technologies which are used to turn communication into interactive dialogue among organizations, communities, and individuals. Social media is ubiquitously accessible, and enabled by scalable communication techniques. Merriam Webster: Forms of electronic communication (as Web sites for social networking and microblogging) through which users create online communities to share information, ideas, personal messages, and other content (as videos). About.com Social media is a type of online media that expedites conversation as opposed to traditional media, which delivers content but doesn't allow readers/viewers/listeners to participate in the creation or development of the content. 4

Includes: Wikis, Social Networks, Blogs, Presence & Microblogging, Online Sharing of Videos & Media, and Social Bookmarking & Tagging.

Perspective An understanding of these perspectives is important before we start defining the Internal Audit Program. These perspectives cover the social media interactions of an organization. Organization-Internal Hosted on organization-owned or controlled technology Restricted to organization employees only (in some special cases to clients and vendors) Top risk considerations Technology adoption Lack of collaboration and sharing Organization-Public Hosted on organization-owned technology (like a CEO blog on organization's website) or is hosted by an external provider on their technology Open to public Sponsored by the organization or one of its business units in accordance with the organization policy Security and privacy Brand / reputation Regulatory and Legal Company Personal Hosted by an external provider on their technology Open to public Not sponsored by the organization Information Leakage Intellectual Property 6

Social media benefits Social media Challenges 1 Generate Prospects and Leads (Sales) Decrease time to market for new products Increase marketing effectiveness Develop new revenue opportunities Leverage interest based marketing & advertising 1 Loss of Control The voice of the customer is amplified Companies no longer control the message or topic Messages might include negative publicity 2 Decrease Costs Decrease R&D costs for new products by listening to your customers (and prospects) Focus on inexpensive social media tools instead of using the traditional expensive marketing channels 2 Inconsistent message When engaging several employees in the social media world, their messages and responses may not always be consistent and aligned with the strategy of the company Decrease customer support costs 3 Increase Loyalty Increase customer insights and intelligence ( Voice of Customer ) Improve customer experience responsiveness Improve customer education, expertise and service Direct contact with the customer instead of indirect through the retail channels 3 Confidential Information The use of social media sites enables users to circumvent company controls, opening up the potential to violate communication policies Education and training for employees is a key component to managing loss of information 4 Manage Brand Reputation Increase brand awareness through social media Protect brand and manage reputation Benefit from spontaneous reactions from the community by connecting like-minded peers 4 Productivity loss Social media drives collaboration among coworkers but can also be a major distraction in the work place 2009 Deloitte Touche Tohmatsu

Social media has started to impact talent: As the new generation of employees assimilates into the workforce, they will bring their online social habits with them One of the top reasons employees leave within their first three years of employment is a lack of connectedness and sense of belonging to the organization Today s workforce is required to digest vast amounts of information, collaborate across geographical and hierarchical boundaries, and continuously multi-task and make quick decisions, all amid a flurry of distractions Percentage of Employees Who Have Left Their Job Because They Felt Disconnected from the Organization 1 Knowledge workers are strapped for productivity, with the average employee being interrupted every three minutes during their work day Did you know? 90% of employees decide to stay or leave a company within six months of employment 89% of new hires indicate that they do not have the necessary tools and knowledge to do their job effectively 52.9% Gen Y employees indicate that they can be more innovative if company s culture embraces contribution from all levels 2 I Feel Most Productive at Work When I Am Surrounded by Colleagues with Whom I Have a Good Working Relationship/Rapport 1 Social media can allow companies to connect with the next generation of employees using a channel these employees relate to Sources: Deloitte Research 2008; Human Capital Institute & Corporate Executive Board 2007; SelectMinds/Intellisurvey 2007-2008; Gloria Marks, University of California at Irvine SelectMinds, 9/2007 2 Deloitte Generation Y: powerhouse of the global economy Survey, 2009 2009 Deloitte Touche Tohmatsu

Contents # Risk Landscape # Assessment Overview #Next Steps 9

Risk Landscape usage presents behavioral, application and technology related risks. The risk landscape is vast and continuously evolving Anticipated Risks Legal & Regulatory Compliance Security & Privacy Brand and reputation damage Productivity loss Disclosure of confidential information Violation of copyright laws Protection of intellectual property rights Legal and financial ramifications for noncompliance with industry regulations Identity theft, Social engineering Ability to retain and log social media communication; data retention Technical exploits: Malware, Viruses/Worms, Flash Vulnerabilities, XML injection Posting unfavorable or confidential information on a public site Unclear behavioral expectation of end users to use social media Defamation, Copyright infringement Use of social media can be a distraction i.e. employees accessing non-work related social media sites Acceptable use of social media 10

Threat Landscape Copyright Issue Unsatisfied Constituents Identity Theft Lack of Situational Awareness Unauthorized Disclosure Intellectual Property leakage Data Technology Vulnerabilities Virus/ Worms/Trojans People Impact network availability (DOS) HR Policy Violations Loss of Productivity Social Engineering / Impersonation Privacy Risk Loss of Control Over Content Trademark Infringement Brand / Reputation Loss Negative Publicity False Impression/ Misguidance Organization Public

Risk Intelligence Map (RIM) Provides breakdown of social media areas Governance, Strategy and Planning, Operations / Technology and identifies areas for which organization to focus on to help mitigate risk from social media Risk Intelligence Map Governance Strategy and Planning Ethics and Compliance Operations Technology and Infrastructure Governance Landscape Strategy Planning Ethics Compliance Enterprise Marketing and Communicatio n Relationship Legal Talent Product and Services Information Technology Security and Privacy Monitoring Technology Guiding Principles Economic Conditions/ Industry Trends Strategy Investments Code of Ethics Compliance Culture Integration with Business Processes Branding and Reputation Stakeholder Engagement Legal and Regulatory Compliance Corporate Culture Innovation, Research and Development Architecture Identity and Access Analytics Content Sharing (Videos, Photos) Board Structure and Oversight Geopolitical Policy Digital Crisis Ethical Culture/Personal Ethics Policies and Procedures Innovation and Collaboration Integrated Marketing Systems Public Relations Litigation and Dispute Resolution Employee Code of Conduct Crowd Sourcing Employee Dashboard and User Interface Virus and Malware Trends Monitoring Social Networking Sites Reputation and Stakeholder Relations Laws and Regulations Web 2.0 Business Model Change Monitoring and Auditing Compliance Information Knowledge Campaign/Onlin e Promotion Corporate Service/Support Intellectual Property Talent Concept Recruitment and Testing/Product Testing Cloud Computing Security Employee Monitoring Blogs Sustainability and Climate Change (S&CC) Platforms Alliances/Joint Ventures Knowledge Reporting and Prevention Supervision Training and Development using Social Media Buzz Marketing/Viral Campaigns Customer/Partn er Feedback Copyright/ Trademark Infringement Team Launch Mobile Devices Information Leakage Content Monitoring Microblogging Risk Oversight and Supervision Technological Advances/ Changes Outsourcing Program Evaluation Conflicts of Interest Controls and Monitoring Internal Communication Agency Community e-discovery Performance Tools Privacy and Data Protection Influencer Monitoring Internet Forums Competition Technology Adoption Program Assessment and Evaluation Cyber Law Compliance Content Influencer Employee Productivity Business Continuity Identity Theft Measurement Wikis Customer Demands and Trends Customers Allegations & Investigations Compliance Reporting Media Response Training on Change Security Infrastructure Location Based Services (LBS) Influencers Influencer Strategy Corporate Actions and Discipline Market Research Conversations Employee Relationships Technology Contracting, Outsourcing and Licensing Training E-Commerce/ Sales Trust/ Transparency Workplace Harassment/ Abuse Ethics Communication Virtual Workplace

Risk Intelligence Map Sample Risk Class Risk Categories Sub Categories Specific Risks

Data Leakage

Monitoring - ISACA Strength: Phrase mentions within last 24 hours / total possible mentions Sentiment: Generally positive to generally negative Passion: Likelihood those talking will do so repeatedly Reach: Number of unique authors / total number of mentions

Monitoring - AICPA Strength: Phrase mentions within last 24 hours / total possible mentions Sentiment: Generally positive to generally negative Passion: Likelihood those talking will do so repeatedly Reach: Number of unique authors / total number of mentions

Assessment Overview Time 2-3 Weeks 1 Week Key Activities Phase Project Planning and Scoping Preliminary discussions to Conduct understand social workshops/inteviews media/collaboration footprint Finalize scope, develop project plan Identify relevant stakeholders/schedule interviews Customize Assessment program Develop document request Risk Identification Review relevant supporting documentation and artifacts Identify risks and risk interactions Document observations Validate observations with stakeholders Analysis Collaborate with Deloitte SME and management to: Assess impact risks identified Develop risk ranking for each assessmet area Determine areas of improvement Develop risk mitigation activities Draft recommendations Reporting Prioritize recommendations and proposed initiatives Consolidate initiatives into an overall roadmap identifying short term and strategic goals Estimate level of effort Document Summary Report Deliverables Project plan Scope Boundary Customized Assessment Program Workshop package Complete assessment program Preliminary Risks Preliminary Recommendations Draft Report Final Report 17

Questions? 18 Footer Copyright 2012 Deloitte Development LLC. All rights reserved.

Contact info Khalid Wasti Director Deloitte & Touche LLP (212) 436-5156 kwasti@deloitte.com 19

About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Copyright 2012 Deloitte Development LLC. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback