Do organizations use a formalized risk management process to address social media risk?

Citation data:

International Journal of Accounting Information Systems, ISSN: 1467-0895, Vol: 28, Page: 31-44

Publication Year:
2018
Captures 34
Readers 34
Social Media 4
Tweets 4
DOI:
10.1016/j.accinf.2017.12.004
Author(s):
Kristina C. Demek; Robyn L. Raschke; Diane J. Janvrin; William N. Dilla
Publisher(s):
Elsevier BV
Tags:
Business, Management and Accounting; Economics, Econometrics and Finance; Decision Sciences
Most Recent Tweet View All Tweets
article description
Social media use within the workplace is widespread; however, little is known about how organizations actually manage social media risk. We use the Committee of Sponsoring Organization's Enterprise Risk Management – Integrated Framework (COSO, 2004) to develop a social media risk management model (SM-RMM) that includes four components: (i) social media use, (ii) perceived risk of use, (iii) policy implementation, and (iv) training and technical controls. We utilize the model to examine whether the manner in which organizations address social media risk is consistent with a formalized risk management process. Survey data from 98 risk management, audit, and finance professionals shows that the extent of organizations' social media use increases the perceived risk of social media use. In addition, the effect of the extent of use on the implementation of social media policies is greater for organizations with higher levels of perceived risk of use. Finally, organizations with more extensive social media policies have more extensive training and technical controls. The study's findings indicate that organizations are adopting social media policies and controls in a reactive fashion, as opposed to using a formalized risk management process. This may unduly expose organizations to social media risks. Our model provides a framework for future research on social media risk management.