Tag Archives: risk policy

Social media risk exposure owned by no one and everyone

A ‘survey’ reported in CFO Journal yesterday asked people what they believed their greatest risks were related to social media and which part of their organisation manages social media policy and regulatory compliance.

The risks were the usual suspects of disgruntled employees, information leaks, and customer dissatisfaction.

The surprising thing for me was the distribution of policy (and presumably risk) ‘owners’ across the organisations of those surveyed: Don’t know 29.7%, Social media 19.3%, Legal 17.4%, HR 12.3%, Risk Management 10.8%, No one 10.5%.

Who owns the policies and who owns social media risk in your organisation?

WIth such a broad range of owners, it’s unlikely that any kind of standards or experience based practices are mature here and it suggests to me what a long way we have to go before social media management is part of the fabric of a modern organisation. Most importantly, it also suggests just how exposed organisations are and will likely be for some time to threats arising through the vector of social media.

My initial reaction when I saw the article link tweeted by @Manigent was to moan about another claim that social media policies were a form of risk management or mitigation. A policy should reflect the culture and the norms – a policy does not in itself change behaviour. WIthout the education, monitoring and sense of value in the intent of the policy, it will be ignored. It seems to me that if a risk related policy was important enough, you’d have a consistent role across organisations that was responsible for that risk.

One answer in the ‘greatest risk related to social media’ survey question was “Our culture doesn’t get it” – now, if more people understood that, it could lead to real risk management and genuine mitigation.