This document discusses how to control reputation risk from social media through assurance mapping. It explains that assurance maps can help organizations understand where their social media risks and assurance coverage reside to identify any gaps. The biggest risk from social media is damage to an organization's brand reputation. Assurance mapping involves identifying key social media risks, the roles responsible for providing assurance over those risks, and graphical representations to illustrate assurance coverage. It aims to help organizations answer questions about their social media assurance and identify opportunities to improve efficiency. The key is collaborating across departments to provide comprehensive assurance over social media risks.
1. How To Control Reputation Risk
Helping you gain assurance
Contact:
walter.adamson@kinshipdigital.com
m: +61 403 345 632 @adamson
www.kinshipdigital.com
2. The fax machine has left the room
You may yearn for the simpler days:
• PR & Comms “controlled” the message
• Brand & reputation risk manageable
But those days have gone
2
3. Assurance maps expose the risks
• Precise nature of organisational social media risk rapidly changing
• This creates confusion and obstacles
UNLESS a solid risk assessment process is deployed
Assurance Maps provide an executive overview in a nutshell
3
4. Biggest risk brand reputation
Brand risk and reputation damage were
rated by Chief Audit Executives as the
highest of those arising from social
media.
4
5. Assurance Mapping
How are we exposed?
Assurance maps help the Chief Auditor and Audit Committee
answer the question ‘have we missed anything
important?’.
In fact, it is difficult to answer that question without some
kind of assurance mapping process.
5
6. What is an Assurance Map?
• An assurance map involves mapping
assurance coverage against one, or Compliance
Assurance
several, key risks in an organization
• Its key focus is the clarification of
where risk and assurance roles and
accountabilities reside Internal
Audit
Assurance AM Quality
Assurance
• It helps to ensure there is a clear,
comprehensive risk and assurance
picture with no duplicated effort or
gaps External
Assurance
6
7. Start with risks to be mapped – Step A
This is a critical phase
Neglecting this is often a key point of failure of Assurance Mapping:
• What social media risks you are seeking to map?
• Are they clearly understood and defined?
• Agree a sensible scope
• Define important terms such as “key risk”
• Clarify the benefits that are being sought
• Determine what level of assurance is going to be provided – either
“reasonable assurance” or “full assurance”, for example
The answers help clarify the purpose of the assurance map, the effort
required, the information to be gathered and the engagement needed
with stakeholders.
7
8. Assessment requires coordination
Management
Process
IT
Owners
Risk
Social Media
Management
Governance
functions
Compliance
Internal Audit
functions
8
10. Graphical representations for discussion - 1
%'s relate to the total number of processes
25% 52% 23%
Assurance
High 20%
tolerance
Medium ? 50%
Assurance Level
Low ? 20%
None ? 10%
Low Medium High
Risk Level
Actions:
Immediate - assurance levels in all red boxes to be raised
? Consider - do assurance levels in orange boxes need to be raised
Resourcing - why is there high assurance over some low risk processes
11. Graphical representations for discussion - 2
The point of the presentation is not technical accuracy but to have the
discussion.
12. Managing expectations
• Do not expect Assurance Maps for all social media risks to be
prepared in one go in a short timescale, since the typical results from
such an exercise tend to be relatively superficial (even flawed in some
instances) and also deliver limited benefits.
• Our advice to is to scope for one or two areas key areas first e.g.
Reputation Risk, and then to extend these based on what emerges,
and where the greatest benefit / value is likely to be found.
12
13. We help you answer 5 key questions
Do you have all the social media assurance you need to meet your control
responsibilities and to ensure the organisation meets its statutory duties?
Do you have social media assurance across all key areas, not just monitoring
risks and statutory obligations?
Are you over-relying on internal and external audit for such assurances, are
there other sources of assurance you should be hearing from?
What degree of rigour underpins the assurances being received in terms of the
breadth and depth of risk assurance coverage?
What is the total cost of social media assurance? Are you taking steps to
improve the efficiency of assurance, for example removing any duplication?
13
14. The key to effective social media governance is to identify
which departments provide assurance on risks to the
business and then get them to collaborate.
14
16. Company Overview
KINSHIP digital is a social consultancy that
specialises in understanding, developing and
protecting its clients’ reputation, brands,
businesses and people in Social Media.
www.kinshipdigital.com
16