Date posted: April 29, 2015

What is social media?
The meteoric rise of social media, particularly in the last five years, has brought with it new commercial and marketing opportunities for business regardless of their size or ownership structure. Many businesses are coming to terms with seeing social media as a ‘must have’ rather than a ‘should have’ and seeing the real and measurable benefits of using social media to elevate their audience and customer base.

In addition, social media can improve operational efficiency across a number of areas of the business such as improving marketing spend, customer relationship management and even support inventory and supply chain management.

Companies across industries are allocating significant resources and budget to the management of their social media channels. In some instances, this includes around the clock social media monitoring. It is not uncommon for a consumer retail business to have a team of up to 60 people in their social media practice, working in concert with each other and monitoring a variety of social media channels 24 hours a day. The cost benefit of dealing with customer complaints and queries on social media rather than historical call centres can be substantial – but only when done effectively. Responding to customer service requests via social media channels often goes a long way towards restoring customers’ faith in a brand. Businesses who do not properly manage the social media aspect of their customer service operations often have a lot to lose.

But for all its advantages, social media inherently carries risk, and is subject to increasing governance and market compliance obligations. Not only that, these factors are real for businesses regardless of whether they use social media or not. So even if you choose to take the extreme position and ban all access to social media; you still cannot ignore it. Nor should you.

Operating in the digital economy
Business now operates in an environment where news travels at lightning speed, the latest information is at our fingertips, and every person has the power to make their voice heard. This spider web of collaboration and information exchange in social media is used to make and break news about an organisation. Even the best practices in governance, risk and compliance has left both regulators and corporations struggling to keep pace in managing their approach to risk. Hanging on to outdated or uninformed thinking will only amplify this risk.

A 2013 survey by KPMG International, Expectations of Risk Management Outpacing Capabilities – It’s Time For Action, of more than 1,000 C-level executives across multiple industries, revealed a real concern about the risks associated with social media, and the organisation’s ability to respond. More than a year later, this finding continues to be echoed time and again in our conversations with Australian clients across all sectors.

So while some conservative businesses choose to shun social media, the smarter businesses are the ones where their senior management and are tuning in to the power of social media and then pro-actively thinking about how it can be leveraged.

Social media risk and managing it

To successfully manage social media risks, businesses should first seek to understand and establish if there is a distinction between social media marketing and social media risk management. Part of this process includes deciding at which point an issue on social media becomes a risk. Social media should be seen as a contemporary risk, an extension of traditional risk issues that businesses have been dealing with for decades.

Social media risks can be internal, external or a mixture of both. Social media activity can accelerate risk but also arise from unintended or unplanned events such as product recall, supply chain risk, reputational damage or operational issues.

The management of social media risk does not stop at a review of social media controlled by the organisation, but must also include external, publicly available information and commentary relating to the organisation and its operations across social media.

A business should have in place proper processes to identify emerging or current social media risks facing the organisation, including a governance framework, including a formal review of current external facing social media assets operated by the organisation. Next, the business needs to ensure that the appropriate policies and procedures are put in place in order to appropriately manage ongoing social media risk.

Management needs to understand the various impacts that social media can have on the organisation, not just from a brand and reputation perspective, but from one that encompasses broader risk categories.

The business should also consider creating a ‘social media committee’ that contains various areas of the business, including risk, marketing and human resources – to consider the various risk controls and concerns from social media. Social media risk management should also be considered as part of the overall risk management plan.


Social media has moved beyond a marketing tool or a gossip channel among friends, to a powerful and necessary component of governance, risk and compliance, and reputation management.

The modern consumer and employee possesses more computing power in their smartphone than in the original computer the size of a room 20 years ago. This increase in mobile computing power has given access to nearly limitless information and the ability to upload, share and publish in just about any location. The opportunities of this development are substantial, as are the risks. Identifying and then managing social media risk is a necessity, and one that can deliver real value to an organisation when done successfully.

– Insight provided by KPMG Private Enterprise