Sanjaya Krishna, KPMG LLP Advisory Principal, Contract Compliance and US Digital Services Leader
John Hair, KPMG LLP Advisory Director, Risk and Compliance
Social media programs are designed to promote and support engagement with client communities and proper governance can help deliver a positive return for this marketing investment. Social Media use is increasingly essential in today’s business environment, but using social media comes with risk. An inappropriate comment or video posted in social media, even if “by mistake”, can go viral and have a negative impact on a company’s reputation and brand even if the post was unauthorized.
One area of challenge in this space is the management of the PR or marketing agency relationships that companies frequently employ for the development and ongoing management of their social media presence. It is fairly common for the day-to-day management of social media channels like corporate Facebook pages and Twitter feeds to be placed in the hands of the same agency tasked with company marketing and public relations activities.
It is critical that organizations utilizing third parties to manage their social media presence understand and proactively address the unique risks this presents. Organizations should, for example, carefully examine the terms and conditions in place to manage these agencies with a careful eye on areas of risk presented in this rapidly evolving business enabler. The intent is not to restrict creativity, but to better manage this key relationship, the resources utilized and overall protection of the company’s brand.
In our reviews of organizations’ social media programs, we often find key elements of governance are missing from the agency relationship. When these agencies are given day-to-day management of social media channels like corporate Facebook pages and Twitter feeds (i.e. the “corporate voice” in social media), application of an outsourced model structure is advised to ensure appropriate controls are defined and in place and risk management protocol is followed in consideration of the company’s unique risk management framework.
For instance, when an outside agency is engaged to support social media programs, they are most likely going to have administrative access to the social media applications to facilitate day-to-day responsibility for sending messages. If appropriate logical access controls are not put in place, companies can be exposed to the risk of inappropriate use of their “corporate voice” by unauthorized parties. Therefore, agency contracts should define the process for granting, reviewing and revoking access to the company’s social media applications.
This is one example of the complexity that comes with engaging in social media. It is also a clear example of why appropriate social media governance mechanisms need to be part and parcel of a social media strategy.