creating business value through governance & auditing of social
TRANSCRIPT
COBIT® Conference
30 April – 01 May, 2016 | Marriott Hotel|New Orleans, Louisiana
Creating Business Value through the Governance & Auditing of Social Media Using COBIT® 5
Tichaona Zororo
CIA, CISA, CISM, CRISC, CRMA, CGEIT, COBIT 5 Certified Assessor
B.Sc. Honors Information Systems, PGD Computer Auditing
Accredited COBIT 5 Trainer
Some Social Media Trends
05
1.09 Billion Daily Active Users as of Q1 2016 Official Results
110 387 271 Cristiano Ronaldo
followers as of 28 March
2016
1.51Billion Monthly
Active Users
1.65 Billion Monthly
Active Users as of
Q1Official Results
96 928 586 Coca Cola followers as of 28 March
2016
Incorporated in 2004. 12
years of existence
06
9000 photos shared per
second
Hit by whaling
(CEO scam email) attack
– 26-02-16
Launched September
2011
8 Billion Video Views
per day
28% of USA teens consider snapchat to be
the most important
social network
54% users use it Daily
07
Q1 2016 revenue
lower than Q42015 but higher than
2015 Q1
More than 200 million Periscope
broadcasts
310 Million Monthly
Active Users as of Q1 2016
Katy Perry followed
more than president
Obama with
Periscope -13 Months in
existence
Periscope -110 years watched everyday
08
40% of USA is on LinkedIn
09
Social Media Failures
11
12
Unofficial active Facebook page, now known as Boycott BP
691 539 followers on Facebook as of 12 March 2016
100 likes, shares and comments for every post on average
First existing post was 07 May 2010. Exactly 16 days after the spill
13
Former CEO Tony Hayward is not on social media
Search shows a fake twitter account with 3 tweets, 61 followers and following 60. First tweet was on 01 June and last tweet was on 30 July 2010
14
v Tony Hayward went haywire and “got his life back” attends yacht race on 19 June 2010 during the spill that cost 11 lives
15
Official Facebook first post was on 23 March 2012A traversing of the page shows no post of the oil spill206 879 followers as of 14 March 2016
16
17
18
19
No social Media platforms.CEO, Henry Laas is not on Social Media.The stock dropped 7.3% to R11.15 at the close on the JSE — the most since February 2011 — extending its decline for the year to 48%.The bridgecollapse hash tag had an average of 17 unique tweets and 22 630 per hour.
20
No official twitter account
2 Separate twitter accounts.
Although the mayor was active, spending most of his time at the scene, he was inactive on social media.
Mayor’s twitter account was last used in 2011
21
22
FNB CEO, Jacques Celliers tweeted in
response: “Apologies for the @Rbjacobs wobble .. experts are investigating
quickly.”
Social Media Successes
24
25
26
27
28
29
30
05
05
President Yoweri
Museveni of Uganda
46 000 followers in April 2014; 212 062 as of 28 March 2016
The Business Benefits of Social Media
34
Business Benefits of Social Media
Better management of reputation
Fostering engagement and building
intimacy relationships
with stakeholders
Creating more intimate
and sticky relationships with clients
A source of independent
intelligence and strategic insights
– customer generated data
[Predictive Analytics]
Public Relations
activities to counter -negative posts that
go viral
Independent recruitment,
Cheaper way of marketing
and advertising
Social Media Governance Using COBIT® 5
36
Identity Enterprise Social Media Stakeholders
Stakeholders / StockholdersThe BoardThe Audit & Risk Committee/sCEOAuditCIOCROCSOCOOBusiness process ownersChief Marketing OfficerHead IT operationsChief CommunicationsClientsRegulators
37
Identity Enterprise Social Media Stakeholders Drivers
Technology - Mobility, Wearable devices, Twitter, Facebook, Snapchat, Periscope, Instagram,…Rules and regulations – Social Media and Privacy lawsSocial Media Trends - use numbers, new features
38
Identity Enterprise Social Media Stakeholder Needs
Compliance with terms and conditions Rules and regulations – Social Media and Privacy lawsReturn on Investment – (Benefits Reliasation)PublicityMarketingServiceRecruitingPress releasesQueriesInformationCreating intimacy relationships with stakeholders
39
Define and Establish Enterprise Social Media Goals
VisionPoliciesStrategyProceduresProcessesStructures
40
COBIT®5
Principles
1Meeting
Stakeholder Needs
2Covering
the Enterprise
End-to-End
3Applying a
single integrated Framework
4Enabling a
Holistic Approach
Together, these five principles
enable the enterprise to
build an effective
governance and
management framework that optimizes Social
Media use for the benefit of stakeholders.
41
What are the social media business drivers?
Where are we now on Social?
Assess current social media capabilities
Where do we want our social media to be?
Define target social media capabilities, platforms to be used, processes, structures, roles and responsibilities based on key business drivers?
What needs to be done to get to our defined social media target state?
How do we get there?
Did we get there?
How do we keep the momentum going?
42
Initiate programme
Define problems and opportunities
Define road map
Plan programme
Execute
Realise benefits
Review effectiveness
43
Establish desire to change
Form implementation team
Communicate outcome
Identify role players
Operate and use
Embedded new approaches
Sustain
44
Recognise need to act
Assess current state
Define target state
Build improvements
Implement improvements
Operate & Measure
Monitor & Evaluate
45
Evaluate Social Media
Give Social Media Direction
Monitor Social Media
Enterprise Stakeholders
Stakeholders Needs
Enterprise Vision, Mission, Strategic & Performance Goals
Social Media Policy
Social Media, Strategy, Goals, Processes
Social Media Strategy
Auditing Social Media
Adding Business – Value and Improving Operations
47
Some Auditing Principles
Aligns with the strategies, objectives, and risks of the organizationDemonstrates quality and continuous improvement Communicates effectivelyProvides risk-based assuranceIs insightful, proactive, and future-focusedPromotes organizational improvement.
48
Understand the business:
v Strategyv Objectivesv Structuresv Regulatory frameworkv Business processes & productsv Identify key processes
Understand the Social Media landscape
v Terms and conditionsv Statisticsv Pros and consv Keep abreast with metrics & featuresv New platforms/media
Perform Risk Assessment
v Identify risk that have large impact on key business objectives
v Tie the risk to specific business objectives
Plan the audit
v Formulate testing stepsv Report arising issues in specific
business termsv Communicate insights and
foresights v Track resolution
49
50
Obtaining a Holistic View - Understanding the Audit Entity to raise IT Audit Issues that affect crown jewels, achievement of
key business strategies and objectives, add-value, improve operations and grab the attention of senior business
executives and the audit committee
4 Enabler Dimensions
4 Enabler Performance
Management
Principles,Processes
Framework
Information
Services,Infrastructure
&Applications
People,Skills &
Competencies
Processes
CultureEthics
&Behaviou
OrganisationalStructures
The 7 Enablers
51
20 Social Media Auditing Test Procedures
52
1. Is there a social media strategy in place, supported by appropriate policies, processes, guidelinesand structures?
2. Is the social strategy aligned with the overall enterprise strategic and performance objectives?
3. Is there monitoring, evaluating and reporting on social media activities?
4. Are insights from monitoring, evaluation and reporting used to update the social media strategy? E.g., Predictive Analysis
5. Are all appropriate stakeholders involved in social media strategy development?
6. Does review of board meetings show that social media is a constant board agenda item?
7. Are social media responsibilities, accountabilities and objectives clearly defined, communicated and accepted?
8. What are the risks associated with social media? Are they mitigated? Do the benefits outweigh the costs?
53
9. Compliance with existing and new legal issues associated with the use of social media?
10. How are customer privacy issues being addressed?11. Is awareness training communicated to employees and
is it being performed? If so how frequently?12. Are there adequate skills available to provide
governance and management of social media?13. Is there identity and logical access governance and
management of Social Media?14. Who are the administrators of the organisation’s page?15. Who reviews the content before it is posted?16. Who authorises the content?17. Who posts the content? 18. Has a risk assessment been conducted to map the risks
to the enterprise presented arising from the use and or none use of social media?
19. The time it takes to request to social media querries20. Number of social media querries that are not responded
to.
54
Social Media Audit Report
55
Identify social media risk that have large impact on key business objectivesTie the social risk to specific business objectivesCommunicate in specific business terms. Avoid generic observations with no business valueIdentify possible non compliance issues and impact on the businessProvide insights and foresights beyond listing findingsCommunicate with diagrams where feasible
56
Social Media
Social Media Red Lights
58
59
Richard Edmund’s selfie shared amongst friends led to the discovery of 2 bedrooms converted
into mini-cannabis factories, complete
with growing lights and fans and his ultimate
arrest
Do not drink or smoke and then post, share or tweet
60
61
Belgian 17 Year World Cup Hero
Axelle Despiegelaere
62
From World Cup Hero to Zero
French cosmetics giantL'Oréal has cut its ties with aBelgian football fan it hadscouted as a hair model inthe stands in Brazil afterpictures of her on a biggame hunting trip sparkedoutrage online.
63
64
65
Do not become a self appointed social media speaker of your organisationOnce posted or tweeted you cannot erase it completelyDo not drink, smoke and tweet or postAvoid naked or after sex selfies – you never know where they will re-surfaceBe cautious of what you post and like on social media. It may cost you your current or prospective job
Questions
@TichoanaZororo
Tichaona Zororo
+27 (0) 73 298 9606
+27 (0) 11 234 2597
tichaona.zororo
EGIT | Enterprise Governance of IT (Pty) Ltd
tichoanazororo
Tichaona Zororo
Thank You