Social Media Risk Is a Concern for Internal Auditors

A top priority for chief audit executives (CAEs) and internal auditors this year is preventing risks – such as hits to the bottom line and a loss of productivity – that could result from social media use within their organizations, according to a survey released last week by global consulting firm Protiviti.

Of the more than 600 internal audit professionals polled for Protiviti’s 2014 Internal Audit Capabilities and Needs Survey Report, respondents believe the top five social media risks that pose the biggest threat to their businesses are:

  1. Financial loss (7.3 on a 10-point scale, with 10 representing the highest risk level and 1 indicating the lowest)
  2. Interrupted business continuity (6.9)
  3. Loss of intellectual property (6.6)
  4. Loss of employee productivity (6.1)
  5. Viruses and malware (5.6)

But even though CAEs have minimizing these risks on their radar screens this year, not even half of those surveyed (47 percent) are including social media risk in their current year audit plans. According to the report, only 25 percent have social media risk included in their plans this year, up from 20 percent last year, while 31 percent noted they will include social media risk in next year’s audit plan, down from 35 percent in 2013.

What factors inhibit internal audit’s involvement in assessing social media risk? According to the survey, the top five factors include:

  1. Perceived risk (29 percent)
  2. Inadequately trained staff (27 percent)
  3. Lack of management support (23 percent)
  4. Data availability (16 percent)
  5. Lack of IT support (15 percent)

For organizations that do have social media policies, significant concerns remain as many still fail to address critical issues. For example, in cases where respondents said a social media policy is in place, nearly 30 percent fail to address disclosure of employee information, and only 66 percent address information security, according to the survey.

“It’s clear based on the survey results that companies are not doing enough to address social media risks and safeguards and, in turn, are facing undue exposure to significant risks to their business,” Brian Christensen, executive vice president of global internal audit for Protiviti, said in a written statement. “These results should persuade the board, executive management, and CAEs to take a more active and vigilant approach to managing social media risks.”

For the survey, internal audit professionals were also asked to assess their competency in 49 areas of technical knowledge and then indicate whether they believe their knowledge is adequate or needs improvement. Based on the findings, the top five areas for technical knowledge improvement are:

  1. Mobile applications
  2. NIST (National Institute of Standards and Technology) Cybersecurity Framework
  3. Social media applications
  4. Cloud computing
  5. Data analysis technologies

Respondents also evaluated 35 areas of audit process knowledge in terms of where they need to improve. According to the survey, the top five improvement priorities are:

  1. Computer-assisted audit tools
  2. Data analysis tools for data manipulation
  3. Data analysis tools for statistical analysis
  4. Auditing IT using new technologies
  5. Data analysis tools for sampling

About the survey:
Protiviti’s 2014 Internal Audit Capabilities and Needs Survey Report was fielded between September and October 2013. A majority of the survey participants work in publicly traded and privately held companies and represent virtually all industry sectors. A small percentage of respondents work for government and not-for-profit organizations.

You may like these other stories...

Anti Burger Kings: Seven US companies shrinking tax the old-fashioned wayBurger King’s decision to combine with Canadian donut shop Tim Hortons is renewing controversy over the lengths some US companies will go to...
Read more from Larry Perry here and in the Today's World of Audits archive.Since the AICPA's Financial Reporting Framework for Small- to Medium-sized Entities (FRF for SMEs) and some other financial reporting...
The US Securities and Exchange Commission (SEC) has chosen a former partner and vice chairman with Deloitte LLP as its new chief accountant.James Schnurr, who specialized in financial and SEC reporting for public companies...

Already a member? log in here.

Upcoming CPE Webinars

Sep 9
In this session we'll discuss the types of technologies and their uses in a small accounting firm office.
Sep 10
Transfer your knowledge and experience to prepare your team for the challenges and opportunities of an accounting career.
Sep 11
This webcast will include discussions of commonly-applicable Clarified Auditing Standards for audits of non-public, non-governmental entities.
Sep 26
In this jam-packed presentation Excel expert David Ringstrom, CPA will give you a crash-course in creating spreadsheet-based dashboards. A dashboard condenses large amounts of data into a compact space, yet enables the end user to easily drill down into details when warranted.