Presentation for the 2011 TeamMate User Conference on how auditors can use social networking to add value to an internal audit function

1. Auditor’s Guide to Using Social Networking
for Adding Value to Your Audit Function

2. About Jim Kaplan, CIA, CFE
2
• President and Founder of
AuditNet®, the global resource
for auditors
 Auditor, Author, Web Site
Guru, Internet for Auditors
Pioneer
 Recipient of the IIA’s 2007
Bradford Cadmus Memorial
Award.

3. Agenda
• Professional networking ‐ it’s not all digital!
• Social media and social networking
• Responses to social networking
• Social Networking and Professionals
• Best Practices
• Social Media Risks
• Internal Audit’s Role
• Adding Value for Audit

4. Principles of Professional Networking
1. Make networking a part of your written strategic plan
2. Work an event, not just a room
3. Make a professional first impression
4. Create a 10‐15 second verbal business card filled with
benefits networking with you
5. Adapt your verbal business card to a short e‐mail
signature to continue to establish your brand
6. Start conversations with open‐ended questions
7. Master the art of small talk about your industry and
timely topics
8. 10 Minute Work a Room Rule
9. Follow up
10. Give more than you get

5. Rules for Professional Social Networking
Professional networking has been made exponentially
easier with social media… With this free reign comes many
opportunities — namely, the chance to connect with people
in your industry, impress them with your professionalism,
and gather information that can directly help you. It also
comes with the risk of doing it all wrong…
1. Know Your Platforms
2. Customize Everything
3. Ask for Something Specific
4. Take It Offline Whenever Possible
5. Say “Thank You”

6. Professional Networking in the Digital Age
• Online networking sites have become increasingly popular. These resources allow
participants to quickly and easily expand their circle of contacts, share information
and keep abreast of industry trends.
• Executives involved in hiring decisions also are finding these online communities to
be a valuable tool. According to a survey by Accountemps®, nearly two‐thirds (62
percent) of executives interviewed said professional networking sites, such as
LinkedIn, will prove useful in the search for job candidates in the next few years.
And one in three (35 percent) cited social networking sites such as Facebook as a
recruiting resource they plan to tap.

7. Social Media Defined
What is Social Media?
• Web‐ and mobile‐based technologies used to disseminate information and solicit
feedback on a real‐time basis which are used to turn communication into
interactive dialogue among organizations, communities, and individuals
• A group of Internet‐based applications that build on the ideological and
technological information of Web 2.0… allows for the creation and exchange of
user‐generated content
• Social media expedites conversation in contrast to traditional media, which
delivers content but doesn't allow readers/viewers/listeners to participate in the
creation or development of the content.
• Example of social media include internet forums, weblogs, social blogs,
microblogging, wikis, social networks, podcasts

8. Social Networking Defined
What is a social network?
• An online community of people with a common interest who use a Web site or
other technologies to communicate with each other and share information,
resources, etc.: a business‐oriented social network.
• Important clarification – business oriented rather than personal
• Need to understand the primary orientation of the Network to focus on
professional relationships
Network Orientation Business Use
Business High
Mixed Medium
Mixed Limited
Mixed Medium

9. Why is it so popular?
• Community ‐ allows people to join together based on common interests and
values.
• Transparent – when used properly it can project authenticity
• Engaging – communication channel opening dialogues with many individuals
• Borderless – the world is flattening and we are no longer restricted to connecting
with only those who are close
• Creative – fosters innovation and expression
The Pew Research Center found that’s the “major reason” given by six of every 10 users
of Facebook, Twitter or LinkedIn. And half of the people surveyed said the ability to
reconnect with old friends played a “significant role” in using social networking.

10. Professionals and Social Networking
• 10 Reasons for auditors to use social networking tools
1. Network with other auditors for advice on issues
2. Get answers to audit technology questions and issues
3. Benchmark best practices
4. Share (reports, programs, issues)
5. Share methodologies
6. Foster one to one and one to many communications/discussions1
7. Research audit and technology issues using advanced search skills1
8. Establish a dialogue with your professional network1
9. Establish knowledge feeds1
10. Gain knowledge for risk, control and audit of social media
Auditors need to be plugged into social networks to stay current with professional
issues and the latest tools and technologies!
Jim Kaplan
1 core competency for digital literacy

11. What is Your Response to Social Networking?

12. Social Media Options
• LinkedIn
• Facebook
• Twitter
• YouTube
• Blogs
• Discussion Forums
• According to survey by CEO.com ‐ Social media will become one of the two most
important forms of engagement with employees and customers, second only to
face to face interactions.

13. Social Media Best Practices
1. Designate a social media champion in your department to monitor and leverage
networking capabilities
2. Integrate social media into audit projects and planning.
3. Respond within minutes or hours (not days) to any comments on social media
about customer service. You need to track your organization or department name
to do this
4. Tell a continual story through social media – there should be a trend and voice to
your efforts.
5. Measure and Analyze everything. If you can’t measure it you can’t manage it.
6. Stay educated and connected to social media – the wave is here and you don’t
want to get left behind when it hits your organization.

14. The Best Social Media Apps for Auditors
• The most powerful and comprehensive Audit Tool for Google
Apps ‐ Scan, control and secure all Sites, Docs, Groups, Calendars
and Users giving you more security over the data that you own.
If you have not installed this tool ‐ you don't know what you're
missing.
• This easy to use report program can scan all sites, documents,
email groups and calendars at your domain and show you
exactly who has access to your information. For domain admins
it is an essential Audit tool allowing you to show management
and auditors exactly who has access to what.

15. Guidance and Publications

16. Social Media Risks
Social media and cloud computing are top concerns – Internal audit executives and
professionals recognize they must have superior knowledge and understanding of
these areas and their inherent risks, and how their organizations are leveraging as well
as controlling them, in order to perform their jobs at a high level and add value to the
organizations they serve.
Protiviti 2012 Internal Audit Capabilities and Needs Survey
March 20, 2012
Social Media and Cloud Computing Top Internal Auditors' Technology Hot List,
According to New Protiviti Research
The Biggest Social Media Risk: Not Paying
Attention to Social Media according to major
corporate executives

17. Social Media Risks
Prioritized concerns from a survey conducted by
Grant Thornton and FERF
1. Disclosure of proprietary information
2. Negative comments about the company
3. Exposure of personally identifiable information
4. Fraud
5. Out of date information
As the use of social media continues to grow,
so too does the risk of fraud involving social
media
Social Media and its associated risk – Grant Thornton and FERF

18. Social Media Risks and Controls
• Risks
– Employees or non‐employees creating a social media page representing your company
without management/IT consent or approval
– Trade secrets or other business secrets being inadvertently or even deliberately shared
– Dissatisfied customers or disgruntled employees voicing their opinions freely
– Viruses, spyware and network vulnerabilities occurring due to the interactivity and open
nature of social media architecture
• Controls
– The extent to which social media will be officially sanctioned by the organization
– Who is allowed to use the social media sites
– How users gain approval to use the social media sites
– Standards/policy of social media use inside and outside of the workplace
– Brand monitoring and legal involvement
– How to report false pages

19. Internal Audit’s Role
• Understand how social media is being used within the organization
• Review social media policies
• Conduct a social media risk assessment
• Ensure that controls are in place to address social media risks
• Records retention issue
• Audit Reports
– Social Media Review by Multnomah County August 2011
– GAO SOCIAL MEDIA ‐ Federal Agencies Need Policies and Procedures for Managing and
Protecting Information They Access and Disseminate
http://www.gao.gov/new.items/d11605.pdf
Social media is now embedded in our personal and business culture and auditors need to
know the what the risks and controls are, how to audit this new communication tool and
also how to adapt it for use within the audit environment.
Jim Kaplan, AuditNet®

20. Social Media Audit Objectives and Scope
• Objective—The objective of the social media audit/assurance review is to provide
management with an independent assessment relating to the effectiveness of
controls over the enterprise’s social media policies and processes.
• Scope—The review will focus on governance, policies, procedures, training and
awareness functions related to social media. Specifically, it will address:
– Strategy and governance—policies and frameworks
– People—training and awareness
– Processes
– Technology
• The selection of the social media projects and initiatives will be based on the risks
introduced to the enterprise by these systems.

21. Social Media Audit Program Sample Steps
– Social Media Audit Program — Should be a comprehensively written program to detect,
implement, and monitor compliance with the laws and regulations that impact the
various components of social media. It should provide written procedures to ensure
compliance.
– Identification of inappropriateness with social media channels and non‐compliance with
the Social Media Policy — The company should clearly identify what is acceptable and
what is not acceptable, based on a risk assessment and the outlined rules and
specifications of the Social Media Audit Program.
– Prior examination/audit findings — If weaknesses were previously cited in the
company’s social media examination or audit that may impact the company’s social
media program, has management taken appropriate steps to institute corrective
actions?
– Training program(s) — Training should be tailored to address all employees. Incident
response — A formal review should be made of all alleged and/or actual incidents and
how the company handled the incident.
– Internal audit and annual reports — Management should regularly report on its
responsiveness to cited weaknesses in the social media program.

22. Adding Value for Audit
• So how can auditors use social networking to add value to the audit function?
1. Networking with other auditors for advice on issues
2. Getting answers to technology questions
3. Fostering communication through discussions and
4. Benchmarking
5. Sharing (reports, programs, issues)
6. Sharing methodologies
7. Receiving knowledge feeds on training, conferences and other CPE opportunities

23. Leveraging Social Media for Internal Audit
Network Contribute
Educate
Share Connect
Explore
Build
Research
The
missing
Link is You

24. Stay Connected
Auditing is an information‐
intensive, complex profession.
Many issues require auditors
to keep up to date on rules
and regulations, and auditing
procedures can be difficult to
master. Joining a social
network facilitates your ability
to stay on top of news and
trends, to ask questions and
receive answers and to share
knowledge with peers.

25. Share Knowledge
Many specializations of
auditing require very high
levels of knowledge.
Joining a network allows
you to find other
specialists in your field
who can help you learn
more. Or if you are an
expert at what you do,
joining a network gives
you a platform to become
more recognized for your
own expertise.

26. Solve Problems
Tracking down the answer to an
auditing question can take hours
or even days using standard
methods of online and offline
research. Joining a network hooks
you up to a wide range of
colleagues, one of whom is likely
to have the answer you need or
who can lead you to the right
person (within a few degrees of
separation), saving you time and
money.

27. Facilitate Networking
Finding the time to do
traditional networking
(meetings, lunches, phone
calls) can be difficult and
requires everyone to be
available at the same time.
In contrast, your online
social network can be
accessed at any time.
Matching schedules
becomes moot, as
connecting with people and
getting information can be
done asynchronously.

28. Leverage the Internet
Companies and individuals in
today’s world increasingly seek
out leads, customers, referrals
and partners on a national and
even global basis. Business
ventures can be conducted
“virtually” through online
connections. Joining a social
network opens the doors to this
new global world, offering
opportunities to find new
business, new partners, or to
collaborate with others on
projects.

29. Build Relationships
The old methods of persuasion
marketing and hard‐sell
advertising are shifting. People
today prefer to build relationships
with the companies they do
business with. Joining a social
network gives you the capability
to form relationships with
potential clients and colleagues.
Many large accounting and
auditing firms already recognize
this and are establishing a
presence on social networks
where they offer free workshops
and answer questions to
demonstrate their expertise and
build trust.

30. Synergy and Value
Social networking is already the
accepted form of connecting with
others for the ‘Millennial’ generation of
young auditors entering the workforce.
As social networks become increasingly
used by them, the stakes will rise for
those who continue to be reluctant to
join. In other words, if you do not have
a presence on a social network, you will
simply lose ground to those who do.

31. AuditNet® and Social Networking
• AuditNet® has engaged in social networking for almost
20 years.
• Founded on the principle of establishing an online
communication sharing network for auditors
• Created a LinkedIn group in 2007 that has over 7,000
members http://www.auditnet.org/PAIN.htm
• AuditNet® Blog http://auditnet.blogspot.com/
• Use LinkedIn and Twitter for surveys on audit use of
technology and best practices
• Video based training and Training without Travel™
Webinars for ACL, IDEA, Excel for Auditors, Internal
Audit Skills and Detecting and Preventing Fraud using
Data Analytics ‐ discounted for all TeamMate users

32. Sample Social Media Policies and More
• Office of the Massachusetts State Auditor Social Media Policy
– http://www.mass.gov/auditor/office‐of‐the‐state‐auditor‐social‐media‐policy.html
• Sample Social Networking Policy
– http://www.tsif.com/DL/SNP.pdf
• Social Media Policy Database
– http://socialmediagovernance.com/policies.php
• Social Networking Guide ‐
http://www.oregon.gov/DAS/ETS/EGOV/BOARD/docs/social_networking_guide_v2.pdf
• Best Practices Study of Social Media Records Policies
Business Etiquette – The New Rules in a Digital Age
www.roberthalf.us/businessetiquetteguide.pdf

33. Contact Information: Jim Kaplan
info@auditnet.org