Many companies have developed the
interest to appeal to the markets or their constituency through social media.
However, very few have an understanding or capacity of implementing Social
Media Governance in order to effectively interact with their customers and to
maintain such relationships. For
this reason, not many companies or institutions are proactive in ensuring that
they are protected against social media vulnerabilities and also how they would
deal with social media crises should they occur.
There are only a few
organisations or associations that have taken it upon themselves to robustly
drive social media governance with a view to protect and ready companies to
deal with social media risks exposures. One of them is the Information
Systems Audit and Control Association (ISACA) which is body that
predominantly deals with IT governance, information security, Risk and controls.
ISACA has defined the requirements necessary for organisations to adhere to, in order for them to substantially reduce social media risk. These requirements are defined in the document called Social Media Audit/Assurance Program which was published in 2011. This document gives practitioners a comprehensive guidance and view on what is expected for a well-managed Social Media
ISACA has defined the requirements necessary for organisations to adhere to, in order for them to substantially reduce social media risk. These requirements are defined in the document called Social Media Audit/Assurance Program which was published in 2011. This document gives practitioners a comprehensive guidance and view on what is expected for a well-managed Social Media
Environment. For example, the
document talks about how COBIT process can be used to manage some aspects of
social media i.e. “DS7- Educate and train user” strengthens that users or
employees should receive training on what is expected from them when
interacting on social media. Additionally the document goes on to tabulate the
key concerns and expected controls which can be tested or employed to mitigate
the social media risks.
It is in this light that IT
auditors who are part of ISACA have taken it upon themselves to enforce or
drive Social Media Governance to assist their clients or organisations to
reduce their social media risk exposure. Though the audits they conduct they
provide assurance on the adequacy and effectiveness of existing social media
controls. In a case where there are any audit findings, management is then
charged with the responsibility to action and address the issues. This approach
has positively changed many organisations particularly those that get audited,
to change their mind-set on how they deal with social media risks.
No comments:
Post a Comment