The Risks of Social Media: Internal Audit
Monday, April 8, 2013
Print Mail Download i

Internal audit has never been easy, but modern business practices are challenging IA professionals even further. Social media, fraud risk and data analysis tools are areas in need of attention and, in some cases, improvement.

The 2013 Internal Audit Capabilities and Needs Survey, released by Protiviti, show that 43% of respondents have no social media policy within their organization. Among those with a policy, many fail to address even the most basic issues, such as information security and approved use of social media applications.

What’s most alarming, however, is that more than half (51%) of organizations do not address social media risk as a part of their risk assessment process — 45% indicate they have no plans to do so in the coming year’s audit plans. Of those that do address the topic, 84% rated their organization’s social media risk-assessment capability as “not effective” or “moderately effective.”

“The survey findings are surprising in that they show how many businesses are either inadequately prepared or altogether inactive in putting effective processes and policies in place around social media,” said Brian Christensen, executive vice president, global internal audit, at Protiviti. “From a risk management perspective, this poses significant potential problems for businesses that can range from reputational risk to IT infrastructure risk as a result of unchecked exposures to customer, vendor and company information.”

Other findings related to internal audit include:

  • Continuous auditing was the top priority in terms of audit process knowledge in 2011 and 2012, but dropped down to #18 in the 2013 rankings.
  • For audit process knowledge, auditing IT – new technologies was the third-highest “needs-improvement” priority, and scored significantly lower than any other area evaluated with regard to existing competency.
  • Concerns among chief audit executives were generally aligned with the broader sampling of respondents. However, they did rank audit process knowledge around Computer-assisted Audit Techniques (CAATs) as a higher priority for improvement, compared to the overall ranking.

In 2013, we can no longer view social media as a “new” risk. Businesses must prepare for the worst, whether it’s an attack on a company’s reputation via Facebook or a rogue employee stealing an organization’s Twitter account password, social media risk can manifest itself in many ways. There is only one way for companies to deal with it, however.

Be prepared.

Risk Management Magazine and Risk Management Monitor. Copyright 2024 Risk and Insurance Management Society, Inc. All rights reserved.

Current Legal Analysis

More from Risk and Insurance Management Society, Inc. (RIMS)

3 Things Every Organization Should Do to Protect Against Cybercriminals
by: Risk Management Magazine
Proactive Tips for Businesses Facing Hail Damage Claims
by: Risk Management Magazine
Navigating the Supply Chain Crisis
by: Risk Management Magazine
7 Tips to Mitigate the Risks of Summer Staff Parties
by: Risk Management Magazine
How to Manage Supplier Risk and Performance in an Uncertain Global Economy
by: Risk Management Magazine
Five Strategies to Protect Against Ransomware and Other Cyberattacks
by: Risk Management Magazine
Cyberrisk Management Tips for Businesses Amid the Russia-Ukraine War
by: Hilary Tuttle
Detecting and Confronting Procurement Fraud
by: Risk Management Magazine
Should You Revisit Insured Property Value Estimates?
by: Risk Management Magazine
RIMS ERM Conference 2021: Introducing the New RIMS Maturity Model
by: Adam Jacobson

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins