Local authority communication teams have faced many challenges in times of austerity and are under constant pressure to cut costs whilst at the same time improving services.
Social media has been at the forefront of change for many local authorities however, it has inherent risks and this risk is now beginning to ping on the auditor’s radar.
The key questions being asked are:
- Is social media on the risk register?
- How is employee access to social media controlled?
- Are there any social media policies in place?
- Is the organisation monitoring both inbound and outbound activity on social media?
North Lanarkshire Council is one authority that has moved social media risk up the agenda through the use of a social media risk management system. As with most public authorities North Lanarkshire Council has a well-developed internal audit programme.
However, the most recent audit undertaken within the council’s communication team was the first that had included its social media usage.
According to head of communications, Stephen Penman, the team has no control over what the internal audit team decides to include in the audit programme over the course of a year.
‘They have not audited the use of social media previously and the audit manager thought it was time to have a look at what we did and how we did it. One of the auditing team interviewed me and some of my team to ensure we were using it in an appropriate manner and that we had necessary policies, guidelines, checks and balances and security in place to mitigate any risk.’
The auditor was aware that there have been some very high profile cases where organisations have not monitored or controlled their social media engagement, for example, the NHS chief executive who boasted on Twitter about his new boat, while NHS workers were facing cuts and pay freezes.
In another case a member of Leeds City Council’s ruling Labour group caused uproar when he posted a Tweet accusing the Lib Dems of not even being competent enough to commit suicide.
Fortunately North Lanarkshire had already put in place a solid social media strategy, risk mitigation policies and guidelines that went someway to satisfy the concerns of the auditor. This was helped by the team’s decision to use the CrowdControlHQ social media management platform, which, among many other features, monitors the social web and moderates all incoming and outgoing activity and protects passwords.
Penman admits that they could have achieved even better results had social media appeared on the council’s risk register.
‘There is a debate going on at council level with some communications people asking ‘why would we want to control our social media accounts in that way?’ My own view is that you should, although I am happy to listen to contrary arguments. I think that any council that is using social media in a big way will find that it will come under the audit function and auditors will certainly look at them in time because it is clearly a risk.’
Social media will be firmly on the auditor’s checklist in future and as social media engagement for councils continues to grow, it is sure to become a standard part of the process. Local authorities need to ensure they are addressing these issues none of which will go away and the risks will only increase as the use of social media grows.
James Leavesley is CEO of CrowdControlHQ