As enterprises venture more deeply into the use of social media, they are beginning to see the need for having comprehensive policies and controls over their use by enterprise personnel. Such control systems are viewed as an essential part of the overall control system within the enterprise.
ISACA has released an Audit/Assurance Program for social media. It is intended as a tool that auditors can use in providing assurance relating to the effectiveness of controls over the enterprise’s social media policies and processes.Such a review, the Guide says, will focus on "governance, policies, procedures, training and awareness functions related to social media. Specifically, it will address:
- Strategy and governance—policies and frameworks
- People—training and awareness
- Processes
- Technology"
The program is constructed such that criteria would be based on COSO, as it is the most common framework in use. Auditors could also extend the program to cover the newer ERM Model. The program is intended to be a starting point for an auditor to develop appropriate programs in the circumstances. A comparison between these two frameworks is included. The guide also includes a maturity model evaluation and is aligned with the COBIT framework.
As the use by enterprises of social media grows, there will be an increased need to take the steps to ensure that the risks of such media are properly mitigated through the use of good control systems. This ISACA Guide is therefore very timely and will be very useful. To obtain it, click this link.