cch social media risk audit control october 29, 2013
DESCRIPTION
Risk Audit & Control in a Social Media World Hosted by:Accounting TodayOctober 29, 2013 This is a presentation that was broadcast to more than 400 accounting professionals. The recording is available from Accounting Today. If you would like to help with our survey and share your views go to: https://www.surveymonkey.com/s/FQWN5Z3TRANSCRIPT
10/30/2013
1
Welcome to Today’s Web Seminar!
October 29, 20132:00 PM ET
Sponsored by: Hosted by:
Moderator: Dan HoodEditor-in-Chief of Accounting Today
Dan Hood has been with the publication for over a decade, previously serving as managing editor. He has also served as a business editor for the New York DailyNews Express, and as a production editor for The Wall Street Journal Europe.
10/30/2013
2
Turning Information into Action
Introductions:
Jim Kaplan, CIA and CFE, AuditNet®
Internet for auditors pioneer who has been using social media to network with other professionals and build the oldest Internet community for professional auditors.
http://www.auditnet.org/
Risk Audit and Control in a Social Media World
SourceMedia, Inc. is pleased to be able to offer CPE for this web session. It is imperative that you adhere to the following instructions to obtain CPE credit:
1. To receive credit, you must be in attendance for a minimum of 50 minutes. AccountingToday is not responsible for late arrivals or connections issues.
2. There will be required polling questions asked periodically throughout the session, allof which you must answer. Please remember to click “Submit” after choosing your answer.
3. If you have completed the above, please allow up to five business days from date of today’s session, to receive an email from [email protected]. This email will contain instructions on how you can download and print your CPE Certificate.
Please note CPE Certificates will ONLY be sent to those attendees who stayed for at least 50 minutes and answered all required polling questions. Please email any certificate questions to [email protected].
SourceMedia Inc. is registered with the National Association of State Boards of Accountancy (NA SBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Nashville, TN, 37219-2417 or by visiting the web site: www.nasba.org.
10/30/2013
3
Risk Audit & Control in a Social Media World
Hosted by:Accounting Today
October 29, 2013
Risk Audit and Control in a Social Media World
Social/professional networking
Risks associated with social media for networking
Auditor’s role in the social media life cycle.
Best practices for using social media.
Leveraging social media for professional networking and benefits
If we build it …
Closing and questions
Agenda
Risk Audit and Control in a Social Media WorldRisk Audit and Control in a Social Media World
10/30/2013
4
Risk Audit and Control in a Social Media World
Social Networking Defined
What is a social network?
An online community of people with a common interest who use a Web site or other technologies to communicate with each other and shareinformation, resources, etc.: a business-oriented social network.
Important clarification – business oriented rather than personal
Need to understand the primary orientation of the Network to focus on professional relationships
Network Orientation Business Use
Business High
Mixed Medium
Mixed Limited
Mixed Medium
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Social Media Defined
What is Social Media?
Web- and mobile-based technologies used to disseminate information
and solicit feedback on a real-time basis which are used to turn
communication into interactive dialogue among organizations,
communities, and individuals
A group of Internet-based applications that build on the ideological and
technological information of Web 2.0… allows for the creation and
exchange of user-generated content
Social media expedites conversation in contrast to traditional media,
which delivers content but doesn't allow readers/viewers/listeners to
participate in the creation or development of the content.
Example of social media include internet forums, weblogs, social blogs,
microblogging, wikis, social networks, podcasts
Risk Audit and Control in a Social Media World
10/30/2013
5
Risk Audit and Control in a Social Media World
Professional Networking in the Digital Age
Online networking sites have become increasingly popular. These
resources allow participants to quickly and easily expand their circle of
contacts, share information and keep abreast of industry trends.
Executives involved in hiring decisions also are finding these online
communities to be a valuable tool. According to a survey by
Accountemps®, nearly two-thirds (62 percent) of executives interviewed
said professional networking sites, such as LinkedIn, will prove useful in
the search for job candidates in the next few years. And one in three (35
percent) cited social networking sites such as Facebook as a recruiting
resource they plan to tap.
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Why is it so popular?
Community - allows people to join together based on common interests and
values.
Transparent – when used properly it can project authenticity
Engaging – communication channel opening dialogues with many individuals
Borderless – the world is flattening and we are no longer restricted to
connecting with only those who are close
Creative – fosters innovation and expression
The Pew Research Center found that’s the “major reason” given by six of every
10 users of Facebook, Twitter or LinkedIn. And half of the people surveyed said
the ability to reconnect with old friends played a “significant role” in using
social networking.
Risk Audit and Control in a Social Media World
10/30/2013
6
Polling Question #1
Risk Audit and Control in a Social Media World
Social Media Options
YouTube
Blogs
Discussion Forums
According to survey by CEO.com - Social media will become one of the
two most important forms of engagement with employees and
customers, second only to face to face interactions.
Risk Audit and Control in a Social Media World
10/30/2013
7
Risk Audit and Control in a Social Media World
Social Media Risks
Social media and cloud computing are top concerns – Internal audit executives and professionals recognize they must have superior knowledge and understanding of these areas and their inherent risks, and how their organizations are leveraging as well as controlling them, in order to perform their jobs at a high level and add value to the organizations they serve.
- Protiviti 2012 Internal Audit Capabilities and Needs Survey
March 20, 2012
Social Media and Cloud Computing Top Internal Auditors' Technology Hot List, According to New Protiviti Research
The Biggest Social Media Risk: Not Paying Attention to Social Media according to major corporate executives
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Social Media Risks
Prioritized concerns from a survey
conducted by Grant Thornton and FERF
1. Disclosure of proprietary information
2. Negative comments about the company
3. Exposure of personally identifiable
information
4. Fraud
5. Out of date information
As the use of social media continues to grow, so too does the risk of fraud involving social media.
- Social Media and its associated risk – Grant Thornton and FERF
Risk Audit and Control in a Social Media World
10/30/2013
8
Risk Audit and Control in a Social Media World
Social Media Risks and Controls
Risks
• Employees or non-employees creating a social media page representing your company without management/IT consent or approval
• Trade secrets or other business secrets being inadvertently or even deliberately shared
• Dissatisfied customers or disgruntled employees voicing their opinions freely
• Viruses, spyware and network vulnerabilities occurring due to the interactivity and open nature of social media architecture
Controls
• The extent to which social media will be officially sanctioned by the organization
• Who is allowed to use the social media sites
• How users gain approval to use the social media sites
• Standards/policy of social media use inside and outside of the workplace
• Brand monitoring and legal involvement
• How to report false pages
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Internal Audit’s Role
Social media is now embedded in our personal and business culture and auditors need to know the what the risks and controls are, how to audit this new communication tool and also how to adapt it for use within the audit environment.
Jim Kaplan, AuditNet®
Internal audit’s role in social media may include the following:
• Understand how social media is being used within the organization
• Review social media policies
• Understand the potential risks of social media
• Conduct a social media risk assessment
• Ensure that controls are in place to address social media risks
Review and monitor compliance with implemented processes
Assess implemented controls
• Records retention issue
Internal audit should NOT be developing business processes that mitigate risk
• Why?
Risk Audit and Control in a Social Media World
10/30/2013
9
Polling Question #2
Risk Audit and Control in a Social Media World
Social Media Audit Objectives and Scope
Objective—The objective of the social media audit/assurance review is to
provide management with an independent assessment relating to the effectiveness of controls over the enterprise’s social media policies and processes.
Scope—The review will focus on governance, policies, procedures, training
and awareness functions related to social media. Specifically, it will address:
• Strategy and governance—policies and frameworks
• People—training and awareness
• Processes
• Technology
The selection of the social media projects and initiatives will be based on the risks introduced to the enterprise by these systems.
Risk Audit and Control in a Social Media World
10/30/2013
10
Risk Audit and Control in a Social Media World
Social Media Audit Program Sample Steps
• Social Media Audit Program — Should be a comprehensively written program to detect,
implement, and monitor compliance with the laws and regulations that impact the
various components of social media. It should provide written procedures to ensure
compliance.
• Identification of inappropriateness with social media channels and non-compliance
with the Social Media Policy — The company should clearly identify what is acceptable
and what is not acceptable, based on a risk assessment and the outlined rules and
specifications of the Social Media Audit Program.
• Prior examination/audit findings — If weaknesses were previously cited in the
company’s social media examination or audit that may impact the company’s social
media program, has management taken appropriate steps to institute corrective actions?
• Training program(s) — Training should be tailored to address all employees. Incident
response — A formal review should be made of all alleged and/or actual incidents and
how the company handled the incident.
• Internal audit and annual reports — Management should regularly report on its
responsiveness to cited weaknesses in the social media program.
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Social Media Best Practices
1. Designate a social media champion in your department or firm to monitor and leverage networking capabilities
2. Integrate social media into audit projects and planning.
3. Respond within minutes or hours (not days) to any comments on social media about customer service. You need to track your firm or organization to do this
4. Tell a continual story through social media – there should be a trend and voice to your efforts.
5. Measure and Analyze everything. If you can’t measure it you can’t manage it.
6. Stay educated and connected to social media – the wave is here and you don’t want to get left behind when it hits your organization.
Risk Audit and Control in a Social Media World
10/30/2013
11
Risk Audit and Control in a Social Media World
Professionals and Social Networking
10 Reasons for auditors to use social networking tools
1. Network with other auditors for advice on issues
2. Get answers to audit technology questions and issues
3. Benchmark best practices
4. Share (reports, programs, issues)
5. Share methodologies
6. Foster one to one and one to many communications/discussions1
7. Research audit and technology issues using advanced search skills1
8. Establish a dialogue with your professional network1
9. Establish knowledge feeds1
10. Gain knowledge for risk, control and audit of social media
Auditors need to be plugged into social networks to stay current with professional issues and the latest tools and technologies!
Jim Kaplan1 core competency for digital literacy
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
The Best Social Media Apps for Auditors
The most powerful and comprehensive Audit Tool for Google Apps - Scan, control and secure all Sites, Docs, Groups, Calendars and Users giving you more security over the data that you own. If you have not installed this tool - you don't know what you're missing.
This easy to use report program can scan all sites, documents, email groups and calendars at your domain and show you exactly who has access to your information. For domain admins it is an essential Audit tool allowing you to show management and auditors exactly who has access to what.
Risk Audit and Control in a Social Media World
10/30/2013
12
Risk Audit and Control in a Social Media World
Guidance and Publications
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Adding Value for Audit
So how can auditors use social networking to add value to the audit function?
1. Networking with other auditors for advice on issues
2. Getting answers to technology questions
3. Fostering communication through discussions and
4. Benchmarking
5. Sharing (reports, programs, issues)
6. Sharing methodologies
7. Receiving knowledge feeds on training, conferences and other CPE
opportunities
Risk Audit and Control in a Social Media World
10/30/2013
13
Risk Audit and Control in a Social Media World
Leveraging Social Media for Audit
Network Contribute
Educate
Share Connect
Explore
Build
Research
TheMissing
Link is You
Risk Audit and Control in a Social Media World
Polling Question #3
10/30/2013
14
Risk Audit and Control in a Social Media World
Stay Connected
Auditing is an information-intensive,
complex profession. Many issues require
auditors to keep up to date on rules and
regulations, and auditing procedures can
be difficult to master.
Joining a social network facilitates your
ability to stay on top of news and trends,
to ask questions and receive answers and
to share knowledge with peers.
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Share Knowledge
Many specializations of auditing require very
high levels of knowledge.
Joining a network allows you to find other
specialists in your field who can help you
learn more. Or if you are an expert at what
you do, joining a network gives you a
platform to become more recognized for
your own expertise.
Risk Audit and Control in a Social Media World
10/30/2013
15
Risk Audit and Control in a Social Media World
Solve Problems
Tracking down the answer to an auditing
question can take hours or even days using
standard methods of online and offline
research.
Joining a network hooks you up to a wide
range of colleagues, one of whom is likely to
have the answer you need or who can lead
you to the right person (within a few degrees
of separation), saving you time and money.
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Facilitate Networking
Finding the time to do traditional
networking (meetings, lunches, phone
calls) can be difficult and requires
everyone to be available at the same
time.
In contrast, your online social network
can be accessed at any time. Matching
schedules becomes moot, as connecting
with people and getting information can
be done asynchronously.
Risk Audit and Control in a Social Media World
10/30/2013
16
Risk Audit and Control in a Social Media World
Leverage the Internet
Companies and individuals in today’s world
increasingly seek out leads, customers,
referrals and partners on a national and even
global basis. Business ventures can be
conducted “virtually” through online
connections.
Joining a social network opens the doors to this
new global world, offering opportunities to find
new business, new partners, or to collaborate
with others on projects.
Risk Audit and Control in a Social Media World
Build Relationships
The old methods of persuasion marketing and
hard-sell advertising are shifting. People today
prefer to build relationships with the companies
they do business with.
Joining a social network gives you the capability
to form relationships with potential clients and
colleagues. Many large accounting and auditing
firms already recognize this and are establishing a
presence on social networks where they offer free
workshops and answer questions to demonstrate
their expertise and build trust.
Risk Audit and Control in a Social Media World
10/30/2013
17
Risk Audit and Control in a Social Media World
Synergy and Value
Social networking is already the accepted
form of connecting with others for the
‘Millennial’ generation of young auditors
entering the workforce. As social networks
become increasingly used by them, the stakes
will rise for those who continue to be
reluctant to join.
In other words, if you do not have a presence
on a social network, you will simply lose
ground to those who do.
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
What is Your Response to Social Networking?
Risk Audit and Control in a Social Media World
10/30/2013
18
Risk Audit and Control in a Social Media World
AuditNet® and Social Networking – or if we build it…
AuditNet® has engaged in social networking for almost 20 years.
Founded on the principle of establishing an online communication sharing network for auditors
Started sharing audit programs in 1995 and now have more than 2,000 audit program templates
Created a LinkedIn group that has over 7,500 members http://www.auditnet.org/PAIN.htm
Created a network of more than 125k professional auditors from 221 countries on 5 continents.
Web site average for 6 months since redesign – 131,000 visits with more than 1 million page views.
Use LinkedIn and Twitter for surveys on audit use of technology and best practices
Video based training and Training without Travel™ Webinars for ACL, IDEA, Excel for Auditors, Internal Audit Skills and Detecting and Preventing Fraud using Data Analytics
Risk Audit and Control in a Social Media World
Risk Audit and Control in a Social Media World
Q&A Session: Questions
Risk Audit and Control in a Social Media World
10/30/2013
19
Risk Audit and Control in a Social Media World
For more information …
http://www.auditnet.org
CCH Accounting Research Manager & Audit Resources
http://www.cchgroup.com/arm
Real-World Strategies for Effective Document Management 38
10/30/2013
20
SourceMedia, Inc. is pleased to be able to offer CPE for this web session. It is imperative that you adhere to the following instructions to obtain CPE credit:
1. To receive credit, you must be in attendance for a minimum of 50 minutes. AccountingToday is not responsible for late arrivals or connections issues.
2. There will be required polling questions asked periodically throughout the session, allof which you must answer. Please remember to click “Submit” after choosing your answer.
3. If you have completed the above, please allow up to five business days from date of today’s session, to receive an email from [email protected]. This email will contain instructions on how you can download and print your CPE Certificate.
Please note CPE Certificates will ONLY be sent to those attendees who stayed for at least 50 minutes and answered all required polling questions. Please email any certificate questions to [email protected].
SourceMedia Inc. is registered with the National Association of State Boards of Accountancy (NA SBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be addressed to the National Registry of CPE Sponsors, 150 Fourth Avenue North, Nashville, TN, 37219-2417 or by visiting the web site: www.nasba.org.