learning to manage brand reputation risk - assurance mapping
TRANSCRIPT
How To Control Reputation RiskHelping you gain assurance
Contact:
m: +61 403 345 632 @adamson
www.kinshipdigital.com
The fax machine has left the room
You may yearn for the simpler days:
• PR & Comms “controlled” the message
• Brand & reputation risk manageable
But those days have gone
2
Assurance maps expose the risks
• Precise nature of organisational social media risk rapidly changing
• This creates confusion and obstacles
UNLESS a solid risk assessment process is deployed
Assurance Maps provide an executive overview in a nutshell
3
Biggest risk brand reputation
Brand risk and reputation damage were
rated by Chief Audit Executives as the
highest of those arising from social
media.
4
Assurance Mapping
How are we exposed?
Assurance maps help the Chief Auditor and Audit Committee
answer the question ‘have we missed anything
important?’.
In fact, it is difficult to answer that question without some
kind of assurance mapping process.
5
What is an Assurance Map?
AM
Compliance Assurance
Quality Assurance
External Assurance
Internal Audit
Assurance
6
• An assurance map involves mapping
assurance coverage against one, or
several, key risks in an organization
• Its key focus is the clarification of
where risk and assurance roles and
accountabilities reside
• It helps to ensure there is a clear,
comprehensive risk and assurance
picture with no duplicated effort or
gaps
Start with risks to be mapped – Step AThis is a critical phase
Neglecting this is often a key point of failure of Assurance Mapping:
• What social media risks you are seeking to map?
• Are they clearly understood and defined?
• Agree a sensible scope
• Define important terms such as “key risk”
• Clarify the benefits that are being sought
• Determine what level of assurance is going to be provided – either
“reasonable assurance” or “full assurance”, for example
The answers help clarify the purpose of the assurance map, the effort
required, the information to be gathered and the engagement needed
with stakeholders.
7
Assessment requires coordination
8
Management
Process Owners
Social Media Governance
Internal AuditCompliance
functions
Risk Management
functions
IT
Assurance providers
• Compliance Functions
• Risk Management
• Controls Self-Assessment
Management Assurance
• Internal AuditBoard
• External Auditors
• Government Regulators and Agencies
• Trade AssociationsExternal
9
Graphical representations for discussion - 1%'s relate to the total number of processes
25% 52% 23%
High 20%Assurance tolerance
Assurance Level
Medium 50%
Low 20%
None 10%
Low Medium High
Risk LevelActions:
Immediate - assurance levels in all red boxes to be raised
Consider - do assurance levels in orange boxes need to be raised
Resourcing - why is there high assurance over some low risk processes
?
?
?
?
Graphical representations for discussion - 2
The point of the presentation is not technical accuracy but to have the
discussion.
Managing expectations
• Do not expect Assurance Maps for all social media risks to be
prepared in one go in a short timescale, since the typical results from
such an exercise tend to be relatively superficial (even flawed in some
instances) and also deliver limited benefits.
• Our advice to is to scope for one or two areas key areas first e.g.
Reputation Risk, and then to extend these based on what emerges,
and where the greatest benefit / value is likely to be found.
12
We help you answer 5 key questions
Do you have all the social media assurance you need to meet your control
responsibilities and to ensure the organisation meets its statutory duties?
Do you have social media assurance across all key areas, not just monitoring
risks and statutory obligations?
Are you over-relying on internal and external audit for such assurances, are
there other sources of assurance you should be hearing from?
What degree of rigour underpins the assurances being received in terms of the
breadth and depth of risk assurance coverage?
What is the total cost of social media assurance? Are you taking steps to
improve the efficiency of assurance, for example removing any duplication?
13
The key to effective social media governance is to identify
which departments provide assurance on risks to the
business and then get them to collaborate.
14