Social Media’s Effects on the Accountability Professions for National Association of State...
-
Upload
winfred-malone -
Category
Documents
-
view
216 -
download
2
Transcript of Social Media’s Effects on the Accountability Professions for National Association of State...
Social Media’s Effects on the Accountability Professions
forNational Association of State Auditors, Comptrollers and Treasurers
Chase Whitaker, CPA, CIAApril 13, 2011
Session Objectives
• Introduce / review social media tools• Discuss social media applications for business and
accountability functions• Discuss the state of social media policies and their
implications for organizations• Provide resources to advance the conversation about
social media
Types
• Blogs• Microblogging (aka Twitter) • Social networking
• LinkedIn• Facebook• Videos (YouTube, Vimeo)
• Other user-generated content• Wikipedia• Answers• Photos (Photobucket, Flickr, Fotki)
Stats/Visits
• 150 million blogs: http://blogpulse.com/• 84% of social network sites have more women than men• 140 million tweets on Twitter per day • 500 – 600 million users on Facebook.• 50% of Facebook users log-in every day• 2 billion videos YouTube serves in one day• 12.2 billion videos viewed per month on YouTube in the US
(11/2009)• 82% of embedded videos on blogs are YouTube videos
Auditors Dig Numbers, Right?
• 40% of organizations blocked social media sites in 2010• 80% believe social media can enhance customer
relationships and build brand reputation• 60% believe such tools can enhance recruiting• 53% of employees say their social media pages are none of
their employers’ business• 60% of employers believe they have right to know how
employees portray themselves on-line
Source: www.russellherder.com/socialmediaresearch and www.deloitte.com 2009 & 2010 “Ethics & Workplace Survey”
Is the organization linked in?
• Survey: Organizations in the dark about tech-savvy employees
• Effects on recruiting, retention & efficiency?• 50% of devices used by employees co-mingle personal
and business data• About 33% of organizations plan to fund employee
purchases of devices
www.cioinsight.com/c/a/IT-Management/iWorkers-CIOs-Are-In-The-Dark-About-TechSavvy-Employees-676020
normanmarks.wordpress.com
www.govtechblogs.com/securing_govspace
9
• LinkedIn is used by 80% of companies as primary source of recruiting new job candidates.
• LinkedIn Discussions • Examples:
• SALT State and Local Tax Auditors (30 members)• Washington State Local Government Auditors Association
(9 members)
LinkedIn Groups
Tweeters with accountability themes
• Compliance Week (@complianceweek)• Francine McKenna (@retheauditors)• SAP/Business Objects Norman Marks (@normanmarks)• ACL’s Peter Millar (@PBMillar)• Joe Oringel (@VisualRiskIQ)• Jim Kaplan (@auditnet)• David Hoelzer (@it_audit)• IT Audit Security (@ITauditSecurity)
Really? They’re on Twitter?
Industry Groups• Natl Assn of Insurance Commissioners (@NAIC_news)• Association of Certified Fraud Examiners (@ TheACFE)• Institute of Internal Auditors (@TheIIA)• ISACA and many chapters
Media• Forbes (@forbes)• Wall Street Journal (@wsj)• CFO Magazine (@cfopub)
Authors / Leadership / Creative Thought• Phil Baumann (@philbaumann)• John Maxwell (@johncmaxwell)
• Recruiting• Research / knowledge sharing• Building community / loyalty• How NOT to use Facebook
• Personal? Private? • Or is it Public?
Challenges & Risks
• Sensitive/private information leakage• Reputational damages• Litigation (e.g. discrimination, harassment)• Compliance / disclosure (e.g. SEC, HIPAA)• System uptime/consistency• Impact on organization’s IT bandwidth• Employee productivity
http://www.phillyburbs.com/news/local/courier_times_news/article_bb07f422-8bd1-5aba-94e2-70f635e2cf74.html
Information Security Risks
• Viruses, trojans, spyware, malware, and other not-so-good-ware
• Cross-site scripting (XSS for the IT peeps)• URL shorteners – what’s on the other end of that
weird link?
September 21, 2010
HTTP vs. HTTPS – Be careful!
Uptime / Bandwidth – Expectations?
Does YOUR rep have a price tag?
• Twitter exchange:• Original: Cisco just offered me a job! Now I have to
weigh the utility of a fatty paycheck against the daily commute to San Jose and hating the work.
• Response: @theconnor Who is the hiring manager. I'm sure they would love to know that you will hate the work. We here at Cisco are versed in the web.
• @theconnor soon became labeled by others on the web as “CiscoFatty”
Does your organization’s rep have a price tag?
Huh?
• White House reporter Helen Thomas• BP and the Gulf Oil Spill• CNN Mideast Affairs editor Octavia Nasr• School teachers?• Professional athletes
• NFL’s Chad Ochocinco• NASCAR’s Denny Hamlin• NHL’s Dan Ellis
http://blogs.techrepublic.com.com/career/?p=2191&tag=nl.e101
Regulatory Guidance
Healthcare:• HIPAA – risks of private data leakage• Health Information Technology for Economic and
Clinical Health (HITECH) Act
Financial Services:• Financial Industry Regulatory Authority (FINRA)
26
Regulatory Guidance
• FINRA Regulatory Notice 10-06
• Firms must retain social media communications
• And you thought archiving e-mail was hard??
http://www.finra.org/web/groups/industry/@ip/@reg/@notice/documents/notices/p120779.pdf
Legal Ramifications?
• LinkedIn recommendations• Whose is it? • Individual vs. organization
• Facebook friends• Employees friending competitors• Employees friending former employees
LinkedIn Discussions
• Scenario: • “Help. I’m a staff IT auditor at XYZ in New York, and I’ve
been assigned to do an information security audit of Acme Technology, one of our third-party vendors.”
• Fill in the blank with the nightmare of your choice• Does your organization have a policy on posting
questions or answers to groups?
“Traditionally, IT security professionals are known as the people who say “no” to new projects and innovative ways of doing business. … For instance, I can remember asking attendees at an ISACA conference in 1991 how many had a policy against connecting their business to the Internet because it was too dangerous and nearly every hand went up.
Those companies that waited too long to figure out how to leverage the Internet ended up playing catch-up, while those who figured out how to do it quickly were more likely to prosper.”
Interview with Rob Clyde, CISMISACA JOURNAL VOLUME 2, 2010
Coming Full Circle
Social Media Policy Trends
• OLD – block social media networking tools altogether• 7/2009 - 40% of organizations blocked access to social
media sites
• NEW - written organizational policy defining what employees can do when using social computing and new media tools• 80% of organizations believe social media can enhance
relationships with customers
www.complianceweek.com/blog/aguilar/2010/08/31/poll-companies-still-struggling-to-address-social-media-risks/
HCA IT Executive Organization Chart – April 2011
Senior Adm inistrative Assistant AVPHum an Resources
CFO CSO
Vice PresidentFie ld O perations
Vice President & Chief ArchitectEnterprise Architecture
Vice PresidentProduct Developm ent
Shared Services & Enterprise Systems
Vice PresidentProduct Developm ent
Clinical Systems
Vice PresidentService M anagem ent & Delivery
O utpatient Services, Solution Leader
V irtual Desktop Infrastructure (VDI) Shared Services, Solution Leader
Social M edia, Solution LeaderO pen
CO O DirectorCom m unication & Design Services
Vice PresidentIT Partner Solutions
S en ior V ice P resid entan d C IO
Social Media, Solution Leader
Open
Is Your Accountability Function linked in?
• Does the organization have a strategy for use of social media?
• Review social media policy if it exists• Who is monitoring organization’s name on social
media sites? • Who is coordinating any responses by the
organization?• Is there one/few dedicated social media managers?
Is Accountability Function linked in?
• Can your accountability function help with text mining queries?
• Can your accountability function attract greater number of qualified career applicants?
• Can your accountability function help shape/influence social media policy?
Social Media Policy
• Help with development of policy if it doesn’t exist• Information Technology department• Legal• Human Resources• Ethics/Compliance • Central/Corporate vs. Business-level policies
A good social media policy
• Adhere to the Code of Business Conduct and other applicable policies
• You are responsible for your actions• Be a “scout” for compliments and criticism• Let the subject matter experts respond to negative posts• Be conscious when mixing your business and personal
lives
A simpler policy: Do the right thing. Be nice.
Source: The Coca-Cola Company
Follow, Friend or Connect Me!
Chase Whitaker
twitter.com/43chase
linkedin.com/in/chasewhitaker43
Old fashioned but classic way: (615) 344-5973
Reference materials and links
41
http://www.cio.gov/Documents/Guidelines_for_Secure_Use_Social_Media_v01-0.pdf
www.isaca.org/Knowledge-Center/Research/Pages/Featured-Deliverables.aspx#socialmedia
FREE White Paper!
Organizations encouraged to address risks in these areas:
• Viruses/malware• Brand hijacking• Lack of control over content• Unrealistic customer
expectations of “Internet-speed” service
• Non-compliance with record management regulations
Wanna go techie?
• Volume 1, 2011• Article: Chain
Exploitation – Social Networks Malware
Available from IIA bookstore
Social Media Policy Examples
• Collection of policies from various organizations:• www.compliancebuilding.com/about/ publications/social-m
edia-policies/• http://socialmediagovernance.com/policies.php
• Colleges & Universities Vanderbilt University• www.vanderbilt.edu/publicaffairs/webcomm/vu-resources/s
ocial-media-handbook/
• Financial Services: Wells Fargo• http://blog.wellsfargo.com/community-guidelines.html
Social Media Policy Examples
• Mayo Clinic• http://sharing.mayoclinic.org/guidelines/for-mayo-clinic-em
ployees/
• Cleveland Clinic• http://my.clevelandclinic.org/social_media_policy.aspx
• Danbury Hospital• http://www.danburyhospital.org/About-Us/Policies/Legal/Bl
ogging-Policy.aspx
Social Media Policy Examples
• Healthcare: MD Anderson• www2.mdanderson.org/cancerwise/policies-and-guideline
s.html
• Retail: Nordstrom• http://about.nordstrom.com/help/our-policies/social-media-
guidelines.asp
• Retail: Best Buy• www.bby.com/2010/01/20/best-buy-social-media-guideline
s/
Social Media Policy Examples
• Local Government: City of Seattle• www.seattle.gov/pan/SocialMediaPolicy.htm
• Federal Government: CIO.gov• www.cio.gov/Documents/Guidelines_for_Secure_Use_Soc
ial_Media_v01-0.pdf
• Non-Profit: Walker Art Center• http://newmedia.walkerart.org/nmiwiki/pmwiki.php/Main/W
alkerBlogGuidelines