Do Organizations Use A Formalized Risk Management Process To Address Social Media Risk?

Keywords

COSO; Risk management; Social media; Social media policy

Abstract

Social media use within the workplace is widespread; however, little is known about how organizations actually manage social media risk. We use the Committee of Sponsoring Organization's Enterprise Risk Management – Integrated Framework (COSO, 2004) to develop a social media risk management model (SM-RMM) that includes four components: (i) social media use, (ii) perceived risk of use, (iii) policy implementation, and (iv) training and technical controls. We utilize the model to examine whether the manner in which organizations address social media risk is consistent with a formalized risk management process. Survey data from 98 risk management, audit, and finance professionals shows that the extent of organizations’ social media use increases the perceived risk of social media use. In addition, the effect of the extent of use on the implementation of social media policies is greater for organizations with higher levels of perceived risk of use. Finally, organizations with more extensive social media policies have more extensive training and technical controls. The study's findings indicate that organizations are adopting social media policies and controls in a reactive fashion, as opposed to using a formalized risk management process. This may unduly expose organizations to social media risks. Our model provides a framework for future research on social media risk management.

Publication Date

3-1-2018

Publication Title

International Journal of Accounting Information Systems

Volume

28

Number of Pages

31-44

Document Type

Article

Personal Identifier

scopus

DOI Link

https://doi.org/10.1016/j.accinf.2017.12.004

Socpus ID

85042224909 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85042224909

This document is currently not available here.

Share

COinS