Absence of Social Media Policy Found to Expose Companies to Avoidable Risks

Risk and business consulting firm Protiviti’s annual internal audit survey, entitled 2013 Internal Audit Capabilities and Needs Survey Report , has reported that internal audit professionals are racing to adapt to the changing business environment spurred on by the rise of social media by prioritizing tools in social media, fraud risk, and data analysis for improvement in 2013.

Research findings revealed that43 percent of internal audit respondents reported that their organizations had no social media policy, and those that did still failed to address critical core issues. Nearly one-third of organizations who have a social media policy do not extend the policy to social media applications and information security.

Additionally, 51 percent of organizations separate social media risks from their risk assessment process while 45 percent have no plans to do so during their 2013 audits. Of those that do address social media risk, the vast majority (84 percent) were rated as “not effective” or “moderately effective” by their internal auditors in social media risk assessment capability.

“The survey findings are surprising in that they show how many businesses are either inadequately prepared or altogether inactive in putting effective processes and policies in place around social media,” said Brian Christensen , executive vice president, global internal audit, at Protiviti. “From a risk management perspective, this poses significant potential problems for businesses that can range from reputational risk to IT infrastructure risk as a result of unchecked exposures to customer, vendor and company information.”