Continuously monitor social media for risk and control issues and opportunities
This week, I met with a software company that specializes in monitoring social media. Their customers are interested in spotting ‘chat’ and discussions about their organization, its products and services, and the extended enterprise (e.g., vendors and channel partners). The company’s products identify and analyze all of this and report the results (generally on an exception basis) so that management can take action.
For example, this technology can be used to identify and report:
- Negative sentiment about the company, its brand, or its products and services
- Employee morale issues
- Inappropriate comments about the company, such as leakage of financial/operating information, by employees, management, or the board
- Potential leakage of intellectual property, plans for new products, strategies, or plans
- Workforce management issues (think of Apple’s problems at FoxConn) at a major supplier or service provider
- Chatter about the company’s credit position
- Comments about new products from competitors
- Discussions of potential new regulations or enforcement actions in locations where the company operates but has little on-the-ground insight (human intelligence)
- Indications of changes in the economy – good or bad
- Potential problems at competitors that might be an opportunity for the company
- and so on
I have been talking (in my various presentations) about the value of monitoring social media as part of a continuous program of risk management and of controls assurance. Clearly, that technology is developing fast and every organization should be giving strong consideration to its deployment.
My belief is that many companies use it to monitor comments about the company, brand, products and services. Some use it to monitor platforms like Twitter for complaints and then respond promptly to satisfy customers. By the way, this has surprisingly excellent results when used effectively: those complaining are so pleased with a prompt response that their attitude turns around and they become advocates. The companies that are silent to Twitter complaints only amplify the voice of the disaffected.
I think the potential for monitoring risks and identifying opportunities is excellent. But, a disciplined process and platform is critical for the efficient and effective use of the tools.
You don’t want to have scattered and uncoordinated, even overlapping, use. You don’t want to have a process where issues are identified in 5 minutes but only acted on in 5 days because they don’t reach the right desk in a useful fashion.
I prefer a top-down approach:
- Identify the risk areas that can benefit from social media (or general web) monitoring. These will generally be to identify changes in the level of risk indicators (and especially leading risk indicators).
- Define the tools that will be used to monitor the risk areas, and how the results will be routed and acted on. Include in the process the ability to monitor delays in taking action as well as the updating of risk levels by linking or integrating the tool with the ERM solution.
- Implement the tools.
- Monitor and adjust for continuous improvement.
Now there is a disciplined process for defining the need, implementing the tools in a way that will update risk levels as needed, and routing the results so they can be acted on.
What do you think? Are you using this technology effectively? If not, why not and when will you do so?
Who should drive the use of the tools? Should it be left to Marketing, or should risk management, IT security, and internal audit be part of the owner group?