Most insurers understand the importance of having consistent processes in place to identify, measure, manage and report on common business risks. This extends to social media risk management too – the processes are built on the governance structures I discussed in my last post.
Social media risk management processes may look somewhat different because of the always-on nature of social networking platforms. Let’s look at these processes in action.
Identifying social media risks and opportunities: Social media risks need to be accurately identified across categories—for example, reputation, intellectual property, fraud prevention and business disruption.
To identify risks properly requires knowing what the insurer’s risk tolerance levels are for different activities. Part of risk identification is actually identifying business opportunities. For example, given your organization’s known social media risk strengths and weaknesses, what could be done in the way of new products, services, product development partnerships and so forth?
Assessing and reporting on risk: Across the functional areas impacted by social media risk, insurers must be constantly identifying, assessing and managing risk. Those accountable for the business function should then report up to a social media risk manager who consolidates the information, escalates any issues and audits the processes being used by the various functions.
Monitoring risks continuously: Senior management needs to be provided, as frequently as necessary, with the appropriate information to manage social media risks effectively. One of the benefits of social media monitoring is early identification of problems that can lead to increased business risk. If there are thousands of tweets about a particular issue, for example, managers will know that they have a problem and will be able to take action to address it.
Mitigating and/or transferring risks: A key goal of effective risk management is to decrease the likelihood that risks will occur. Another is to improve the capabilities and capacities of the organization—its people, processes, technologies and structures.
However, it can also mean transferring some or all of the risk elsewhere. This could be achieved by insuring against it, to provide compensation in the event of brand damage or protection against directors’ liability.
On the other hand, insurers may decide that an entire process is too risky for them and that their internal skills are not up to the challenge. This could lead to a decision to outsource the performance of a particular function.
The subject of my next post will be the systems, tools and technologies insurers can use to streamline social media risk management in their organizations.
Download the full report: A Comprehensive Approach to Managing Social Media Risk and Compliance