Internal Audit Can Improve Social Media Risk Management in Financial Institutions
Internal audit in social media risk management for financial institutions
In the wake of the competitive financial service industry, the financial institutions are increasingly adopting technological advancements to engage, acquire, attract, and retain customers. The recent developments in the information technology sector are the social media platform, which is growing at a fascinating pace. Institutions, businesses and other organizations continue to invest in exploiting these services. The financial institutions use the social media platforms just as the other business entities use them. This is from the positive impacts the social media platform brings to the success of the institution engaging the media. However, as the other platforms of doing business constitute risks to the institution, the financial institutions are not any safe in the social media platform (Marta, 2006, p. 292). Thus, as the financial institutions continue expanding their presence in the social media, the consequently increase the array of operational, compliance, reputational and strategic risks.
Defining social media risk
Social media are a form of communication online, which entails remarkably high levels of interaction among the consumers (MOAC, 2011, p. 17). The process of interacting involves means such as exchanging of texts, pictures, audio and video messages. The guidance of the social media provides a broad interpretation of the online activities classified as a form of social media. It also provides an array of platforms considered social media, which constitute the websites. The examples of such websites include virtual reality games, social networking platforms, customer review websites and professional networking websites. The consumers of social media, including the financial institutions rely on the platform increasingly as a means of interaction. Therefore, the internal auditors of such financial institutions, incorporating social media in their working procedures, should pay attention to the risks related to the use of social media.
There range of risks for the internal auditors to look out for includes the following occurrences. Strategic risks include those caused by the absence of standards that provide the directions for the financial institution in engaging social media (Esola, 2010, p. 21). It also features aspects where the institution does not monitor social media usage activities that could result in unclear inconsistent and inaccurate messaging towards the customers; as well as, missed opportunities to promote the institutions services and products. Second category of risks in social media to the institutions is legal and compliance risks. The legal aspects of compliance risks entail issues regarding the consumer disclosures, privacy and advertising procedures, within the social media. Depository institutions that promote their products through social media should comply with the Truth in Savings Act, in the subject of advertising. Failure to meet such regulations results in monetary penalties, consumer litigation and losses. Therefore, the audits should focus on such areas. The other risk is operational risk, which entails cases where the institution interacts with customers via multiple social media platforms (Trottier, 2012, p. 324). The engagements in social media increase the risk of misaligning activities, inconsistencies in direction and ultimate failure of the processes and technologies supporting the institution activities. Furthermore, poor interdepartmental coordination and communication may affect the institution due to the involvement of multiple stakeholders in the operational activities of the institution. Inadequate security of informational and details of the institutions operations, in addition to poor user access, controls, exposes the financial institution to hackers and other people with malicious intentions. These are the operational risks involved in running operations incorporating social media in financial institutions. Lastly is the issue of reputational risks to the financial institution. The social media outlets encompass frequent and broad exchanges with consumers and customers (Yasin & Nelson, 2012, p. 187). Therefore, a poorly handled complaint from the consumer is visible to many people, which consequently affects the reputation of the institution. Failure to manage the interactions online may contribute significantly to damaging the reputation and brand of the financial institution. Additionally, poor communication can impact the future of the institution, for instance, a recent bank had to withdraw its plans of raising the fees for services after the message leaked over the social media, resulting in negative consumer criticisms. Therefore, much as social media promotes the performance of the institution, the risks involved can have far-reaching consequences. The internal audit has the duty to identify these risks and mitigate them accordingly.
Internal audit identifying mitigating social media risk
In auditing the social media for the institution, the following are procedures that the audit may use to identify the risks and mitigate them. The audit should evaluate the means in which the institution assigns accountability for the social media activities (Scott & Jacka, 2011, p. 67). They should also review the policies related to social media, for consistency to the objectives of the social media. The audit evaluates the process of assessing and documenting the social media risks (Ogola, 2012, p. 120). Secondly, the audit also focuses on the alignment of the social media activities to the institution's strategy. The audit should look for evidence of institution documenting the strategies it will employ in the social media. In relation to compliance with regulations, the auditors evaluate the legal requirements of the institution and their applicability in the social media. It also assesses the completeness of the inventory laws of the institution that are applicable in social media activities, and see the compliance involved in using the social media technologies. In identifying the operational risks, the audit focuses on the processes and actions taken to monitor and restrict social media usage within the institution. Additionally, review the involvement of technological tools and software solutions in managing the engagements of the institution over the social media. Lastly, in identifying the reputational risks, the auditors evaluate the level of conflict handling from the management via the social media (Thankachan & George, 2012, p. 18). They identify the involvement of the management in differentiating complaints and incident scenarios, and handling the legal and compliance issues in the institution. Therefore, through these procedures, the audit meets the significant role that it plays in identifying the social media risks in financial institutions.
Research type: the procedure of research to undertake in auditing to identify the risks involved in social media is qualitative. This is because it will give the big picture of the situation and offer concrete information of the subject. It will also help identify possible actions to mitigate the risks.
Research paradigm: qualitative research is applicable better in social inquiry. Therefore, the philosophical approach to take is interpretive, in which the researcher or auditor will analyze and interpret the evidence of the risks of social media involved in the financial institutions. It also serves qualitative research best of all paradigms.
Research approach: the research approach to apply is inductive. This is because it is open ended and more explorative than others do, a factor essential in social research; thus leads to better deductions and generation of an emerging theory from the data.
Research nature: internal audit entails a lot of literature review; thus, the nature of the research is exploratory. This is because exploratory research bases on secondary data, literature review and few primary data collection (Saunders, Lewis & Thornhill, 2009, p. 56). Thus, the nature of the research in auditing social media risks is exploratory.
Research strategy: since the research nature is exploratory, the strategy to apply is largely archival research and case study approach. This is because they will present best scenarios for analyzing the hypothesis and data, and arriving at the desired finding.
Hypothesis: the research hypothesis is that social media poses a significant threat to financial institutions operations.
Research methods and Research techniques: in collecting the data, the reproach will employ the use of interviews, administering questionnaires and literature review. These three methods will ensure coverage of all sources of data, with privacy and security of sources assured. To analyze the data, the techniques will be multivariate, encompassing various variables for analysis.
Sampling: the sampling criteria will entail probability-based sampling. This is because it presents room for evaluating the era, as well as it gives evidence of the target group in the study. In this case, the target group is the financial institutions; thus, it is the applicable procedure of selecting samples.
Time frame: the research design is longitudinal, which entails observation of the subject of study, without influencing their environment (Mark, Philip & Adrian, 2012 p 87). It takes place over a period, thus helps study the subject better and come with conclusive findings; thus, it is the best approach. The period for the audit study is between six and twelve months.
Ethical / accessibility issue: the ethical aspects of the study will entail the compliance of the subjects to the expected code of conduct. Issues of accessibility may arise from disclosure of literature for review by interested parties. Nonetheless, the auditing process will run.
Limitations / further research: the research may have limitations in identifying the quantitative…