Risk Management Tips for Social Media

A company cannot ignore social media’s role in a risk management strategy. Many employees have a mobile device that enables them to post to a social media channel quickly and easily from anywhere at any time.  Since social media posts are commonly made before or after company hours, and not necessarily on company property, is it even possible for a company to regulate risk exposure?  Executives and board members frequently ask how they can protect against social media’s potential risks such as reputation damage, compliance violations, confidential information leaks and other risks that are specific to their business.

The answer to these questions is becoming the responsibility of a company’s internal auditors, who can help ensure that social media risks are identified and managed successfully. Here are 4 guidelines used by internal auditors to get you started in identifying and managing your social media risk exposure. 

  1. Determine potential risks. An internal auditor can assist your company in determining social media risks specific to your business and help plan for a response should an issue arise.
  2. Create a social media policy and detail the consequences of failure to comply with the policy. This can include who is and who is not allowed to represent the company in social media channels. 
  3. After you have identified the employees who are allowed to represent the company in social media, provide regular training—and keep it up-to-date-- which includes details of potential risks and how to avoid them.
  4. Continually monitor what people are saying about your company in social media, and have a plan in place for dealing with an adverse situation if it arises.

A company with a strong social media policy, regular examination of potential risks, updated training for employees and steady monitoring of social media sites will have a better chance of combatting social media risks as they arise.  


Jerry Ravi is a Partner and Practice Leader specializing in Process, Risk, and Technology Solutions (PRTS). His focus is Enterprise Risk Management ERM and internal audit and compliance. He assists in designing enterprise risk management programs ERM which include deploying risk-based internal audit plans to enhance governance processes and monitor on-going compliance.

Contact Jerry

* Required