In relative terms, digital media is still a new concept and the pace of innovation has resulted in capabilities being made available at a rate that is faster than organisations have traditionally been able to adapt to. Organisations and the individuals within them may not be afforded the luxury of time to adapt as new technologies bring immediate transformation. Understanding the impact of digital media in the overall control environment is a prerequisite for internal audit in the 21st century.
Who are the stakeholders?
The board is most likely to take a strategic approach seeking assurance as to the digital capability of the organisation. However, other functions also have a keen interest in this subject.
Marketing colleagues specifically think of advertising in respect of digital media. They would expect a digital media audit to provide assurance over their processes and the effectiveness of techniques being used to measure campaign success.
Technology colleagues would generally be concerned with media storage and access including security, data owner accountability, software support, rather than the data itself.
Legal/governance colleagues are generally concerned with the protection of corporate interests such as litigation, copyright and other intellectual property issues.
Why should this be an audit consideration?
From central government, local council, retail, manufacturing, healthcare, utilities and financial services, it is difficult to imagine that digital media does not form a part of the data set. The extent to which it is material however will vary from organisation to organisation. Chief audit executives (CAEs) need to think ahead as to the planned or potential digital journey for the business and the associated risks.
The organisational benefits of collaboration tools for communication (eg Microsoft Teams, WhatsApp, and Messenger) and efficiency (eg virtual meetings such as Zoom) also enable employees to inappropriately share data.…