SlideShare une entreprise Scribd logo

Menggagas Program Audit Media Sosial

Goutama Bachtiar
Goutama Bachtiar

Sebagaimana diterbitkan di kolom Telematika DetikINET 3 Januari 2013.

Technologie
1  sur  3
Télécharger pour lire hors ligne
Kolom Telematika Menggagas Program Audit Media Sosial Penulis: Goutama Bachtiar - detikinet Kamis, 03/01/2013 11:27 WIB Jakarta - Berawal dari memberikan konsultasi dan training Audit Teknologi Informasi (TI) selama tiga tahun terakhir dan percakapan dengan seorang rekan, Janet Fouts 'Social Media Coach', muncul keinginan untuk mengangkat tulisan bertema audit dalam ranah media sosial. Bergerak ke tatanan berikutnya, sesudah menggunakan media ini sekian lama, mengawasi dan melakukan analisis, layer berikutnya adalah melaksanakan program audit. Urgensi, apa saja yang perlu diperiksa, waktu dan metodenya menjadi fokus tulisan kali ini. Sejatinya, ranah media sosial sudah diakomodasi oleh ISACA (Information Systems Audits and Control Association) menjadi salah satu elemen untuk diaudit oleh Auditor Sistem Informasi (SI) maupun TI sejak dua tahun silam. Asosiasi ini menaungi 95,000 Auditor SI dan Assurance professional di 160 negara di seluruh dunia. Selain berbagai manfaat yang ditawarkan, kita, terutama kalangan information risk professional sadar bahwa ada resiko terkait atas penggunaannya. Terkuaknya rahasia dapur perusahaan, penyalahgunaan akun, berkurangnya kredibilitas bahkan buruknya reputasi institusi tertentu merupakan beberapa contoh di antaranya. Ancaman dan Resiko Penggunaan Media Sosial Bagi Perusahaan (Gambar: ISACA). 1 | http://inet.detik.com/read/2013/01/03/112703/2132079/398/4/menggagas-program-audit-mediasosial
Jika korporasi ingin memberdayakan media sosial sebagai bagian dari strategi bisnisnya, pendekatan strategis dan lintas fungsional terhadap resiko, dampak, mitigasi, tata kelola dan parameter kontrol, menjadi sebuah keharusan. 'Social Media Audit/Assurance Program' bertujuan memberikan hasil assessment tentang efektivitas kontrol atas kebijakan maupun proses media sosial di suatu perusahaan kepada pihak manajemen. Fungsi tata kelola, kebijakan, prosedur, pelatihan, maupun awareness terkait media ini menjadi fokus aktivitas audit. Singkatnya, strategi dan tata kelola (termasuk kebijakan, kerangka dan monitoring), sumber daya manusia, proses, dan teknologi menjadi empat faktor terpenting. Assurance program dapat dikelompokkan di domain 'Plan and Organize' pada framework COBIT dimana audit berfokus pada efektivitas operasional beserta cara mengawasinya serta efektivitas strategi dalam organisasi. Dari sekian banyak pendekatan dan framework program audit, mari kita melihat benang merah dari aktivitas, timeframe dan metodenya. Langkah pertama: menganalisa kinerja organisasi dan kapasitasnya. Dalam tahapan ini, kita mencoba mengidentifikasi praktek komunikasi media sosial yang nantinya dijalankan perusahaan dan tergabung dalam empat domain besar: strategi, implementasi, integrasi dan support. Dalam setiap domain, ada beberapa kriteria atau standar tertentu yang kita tentukan bersama dan harus dipenuhi. Tentunya, kriteria ini perlu disepakati dan disetujui antar pihak terkait. Pada awal implementasi, praktek yang berlaku umum, bahwa standar tidaklah terlalu tinggi. Namun di tahun selanjutnya, parameter bisa disesuaikan dengan kebijakan perusahaan. Mengidentifikasi tingkat kematangan (maturity level) perusahaan menggunakan media sosial merupakan tahapan selanjutnya. Agar hasil assessment lebih terukur, maka kita bisa mengidentifikasi tahapan-tahapan apa saja di dalam maturity level untuk selanjutnya mengelompokkan apa yang dilakukan saat ini -- terkait dengan komunikasi di media sosial -- sudah berada di tahapan yang mana. Angka terendah (satu) untuk 'unorganized' – tidak terkoordinasi, tidak adanya SDM; dua, 'planned' -- terencana dengan baik, wewenang dan tanggung jawab jelas; tiga, 'institutionalized' -- terkoordinasi sangat rapih, memiliki best practice; empat, 'evaluated', kinerja terukur, aktivitas diawasi ketat; lima, 'optimized', perbaikan berkelanjutan, 2 | http://inet.detik.com/read/2013/01/03/112703/2132079/398/4/menggagas-program-audit-mediasosial
berkesinambungan. Membuat profil 'kinerja dan kapasitas'. Dikenal sebagai Matriks Audit Media Sosial, profil ini menggabungkan output langkah pertama (standar/kriteria) dengan tingkat kematangan di langkah kedua. Sebagaimana praktek audit pada umumnya, perusahaan tinggal memilih antara auditor internal atau eksternal. Then how will they cope? Obyektivitas, kredibilitas, waktu, ketersediaan merupakan manfaat penggunaan jasa auditor eksternal, selain informasi dan pengalaman atas praktek serupa di industri sejenis maupun berbeda yang dapat mereka share kepada kita. So, what next? Mensosialisasikan audit matriks kepada pihak, baik berkepentingan maupun terkait, dalam perusahaan, termasuk didalamnya jadwal audit dan metode audit yang akan digunakan. Berbicara mengenai metode, selain wawancara, kuesioner, observasi, partisipasi, dan Focus Group Discussion, communication analysis (efektivitas dan efisiensi komunikasi) dan pattern analysis (pola komunikasi di dalam perusahaan atau dengan pihak luar) acapkali digunakan. Tidak ada metode terbaik. Pemilihannya disesuaikan dengan waktu, biaya serta hasil yang ingin diperoleh. Berdasarkan matriks audit tersebut, kita bisa menyusun action plan. Prioritas utama adalah area mana saja perlu dipertahankan, diperbaiki, maupun ditingkatkan. Langkah berikutnya, menyusun skala prioritas dari ketiga area di atas dan sesudahnya menjabarkan aktivitas apa yang perlu dilakukan untuk mencapainya di setiap area beserta penanggung jawab dan tenggat waktu seluruh aktivitas yang akan dilaksanakan. Agar berkesinambungan, hasil audit harus dikomunikasikan kepada penanggung jawab media sosial, divisi pemasaran perusahaan serta manajemen (jika dirasa perlu). Tidak hanya itu, action plan juga harus dimonitor dan dilaporkan secara berkala, item mana saja yang sudah dieksekusi, mana yang belum (disesuaikan dengan jadwal yang disusun). Jika terjadi keterlambatan implementasi, maka perlu akselerasi dan sebagainya. Dilakukannya audit setahun sekali merupakan langkah ideal, karena apabila terlalu intens tentunya akan 'membebani' auditee. Selamat mencoba! 3 | http://inet.detik.com/read/2013/01/03/112703/2132079/398/4/menggagas-program-audit-mediasosial

Recommandé

Harnessing Information Systems Audit towards Good Corporate Governance
Harnessing Information Systems Audit towards Good Corporate GovernanceHarnessing Information Systems Audit towards Good Corporate Governance
Harnessing Information Systems Audit towards Good Corporate GovernanceGoutama Bachtiar
 
How to conduct a social media assessment
How to conduct a social media assessmentHow to conduct a social media assessment
How to conduct a social media assessmentAndrea Baker
 
Crypto Currency, Bitcoin and Blockchain
Crypto Currency, Bitcoin and BlockchainCrypto Currency, Bitcoin and Blockchain
Crypto Currency, Bitcoin and BlockchainGoutama Bachtiar
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Goutama Bachtiar
 
Blockchain Essentials - Harnessing the Technology for Banking Industry
Blockchain Essentials - Harnessing the Technology for Banking IndustryBlockchain Essentials - Harnessing the Technology for Banking Industry
Blockchain Essentials - Harnessing the Technology for Banking IndustryGoutama Bachtiar
 
Delving into Fintech
Delving into FintechDelving into Fintech
Delving into FintechGoutama Bachtiar
 
Leveraging Agile Project Management with Scrum
Leveraging Agile Project Management with ScrumLeveraging Agile Project Management with Scrum
Leveraging Agile Project Management with ScrumGoutama Bachtiar
 
Library of Information Technology Icons
Library of Information Technology IconsLibrary of Information Technology Icons
Library of Information Technology IconsGoutama Bachtiar
 

Recommandé

Harnessing Information Systems Audit towards Good Corporate Governance
Harnessing Information Systems Audit towards Good Corporate GovernanceHarnessing Information Systems Audit towards Good Corporate Governance
Harnessing Information Systems Audit towards Good Corporate GovernanceGoutama Bachtiar
 
How to conduct a social media assessment
How to conduct a social media assessmentHow to conduct a social media assessment
How to conduct a social media assessmentAndrea Baker
 
Crypto Currency, Bitcoin and Blockchain
Crypto Currency, Bitcoin and BlockchainCrypto Currency, Bitcoin and Blockchain
Crypto Currency, Bitcoin and BlockchainGoutama Bachtiar
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Goutama Bachtiar
 
Blockchain Essentials - Harnessing the Technology for Banking Industry
Blockchain Essentials - Harnessing the Technology for Banking IndustryBlockchain Essentials - Harnessing the Technology for Banking Industry
Blockchain Essentials - Harnessing the Technology for Banking IndustryGoutama Bachtiar
 
Delving into Fintech
Delving into FintechDelving into Fintech
Delving into FintechGoutama Bachtiar
 
Leveraging Agile Project Management with Scrum
Leveraging Agile Project Management with ScrumLeveraging Agile Project Management with Scrum
Leveraging Agile Project Management with ScrumGoutama Bachtiar
 
Library of Information Technology Icons
Library of Information Technology IconsLibrary of Information Technology Icons
Library of Information Technology IconsGoutama Bachtiar
 
PMBOK 6th vs 5th Edition
PMBOK 6th vs 5th EditionPMBOK 6th vs 5th Edition
PMBOK 6th vs 5th EditionGoutama Bachtiar
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereGoutama Bachtiar
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyGoutama Bachtiar
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudGoutama Bachtiar
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationGoutama Bachtiar
 
Managing IT Risks in Internet Banking
Managing IT Risks in Internet BankingManaging IT Risks in Internet Banking
Managing IT Risks in Internet BankingGoutama Bachtiar
 
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryElectronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryGoutama Bachtiar
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
The State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and ChallengesThe State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and ChallengesGoutama Bachtiar
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Goutama Bachtiar
 
Implementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft VisioImplementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft VisioGoutama Bachtiar
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsGoutama Bachtiar
 
Valuing Information Management and IT Architecture
Valuing Information Management and IT ArchitectureValuing Information Management and IT Architecture
Valuing Information Management and IT ArchitectureGoutama Bachtiar
 
Riding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information TechnologyRiding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information TechnologyGoutama Bachtiar
 
The Current and Future State of Internet of Things: Unveiling the Opportunities
The Current and Future State of Internet of Things: Unveiling the OpportunitiesThe Current and Future State of Internet of Things: Unveiling the Opportunities
The Current and Future State of Internet of Things: Unveiling the OpportunitiesGoutama Bachtiar
 
Crafting and Delivering Effective Business Pitch to Investors
Crafting and Delivering Effective Business Pitch to InvestorsCrafting and Delivering Effective Business Pitch to Investors
Crafting and Delivering Effective Business Pitch to InvestorsGoutama Bachtiar
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysGoutama Bachtiar
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
 
Developing and Managing Educational Institution Policies
Developing and Managing Educational Institution PoliciesDeveloping and Managing Educational Institution Policies
Developing and Managing Educational Institution PoliciesGoutama Bachtiar
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 

Contenu connexe

Plus de Goutama Bachtiar

Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereGoutama Bachtiar
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyGoutama Bachtiar
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudGoutama Bachtiar
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationGoutama Bachtiar
 
Managing IT Risks in Internet Banking
Managing IT Risks in Internet BankingManaging IT Risks in Internet Banking
Managing IT Risks in Internet BankingGoutama Bachtiar
 
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryElectronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryGoutama Bachtiar
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsGoutama Bachtiar
 
The State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and ChallengesThe State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and ChallengesGoutama Bachtiar
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Goutama Bachtiar
 
Implementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft VisioImplementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft VisioGoutama Bachtiar
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsGoutama Bachtiar
 
Valuing Information Management and IT Architecture
Valuing Information Management and IT ArchitectureValuing Information Management and IT Architecture
Valuing Information Management and IT ArchitectureGoutama Bachtiar
 
Riding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information TechnologyRiding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information TechnologyGoutama Bachtiar
 
The Current and Future State of Internet of Things: Unveiling the Opportunities
The Current and Future State of Internet of Things: Unveiling the OpportunitiesThe Current and Future State of Internet of Things: Unveiling the Opportunities
The Current and Future State of Internet of Things: Unveiling the OpportunitiesGoutama Bachtiar
 
Crafting and Delivering Effective Business Pitch to Investors
Crafting and Delivering Effective Business Pitch to InvestorsCrafting and Delivering Effective Business Pitch to Investors
Crafting and Delivering Effective Business Pitch to InvestorsGoutama Bachtiar
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysGoutama Bachtiar
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormGoutama Bachtiar
 
Developing and Managing Educational Institution Policies
Developing and Managing Educational Institution PoliciesDeveloping and Managing Educational Institution Policies
Developing and Managing Educational Institution PoliciesGoutama Bachtiar
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 

Plus de Goutama Bachtiar (20)

PMBOK 6th vs 5th Edition
PMBOK 6th vs 5th EditionPMBOK 6th vs 5th Edition
PMBOK 6th vs 5th Edition
 
Dealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking SphereDealing with Fraud in E-Banking Sphere
Dealing with Fraud in E-Banking Sphere
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New Economy
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and Fraud
 
Utilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and InvestigationUtilizing Internet for Fraud Examination and Investigation
Utilizing Internet for Fraud Examination and Investigation
 
Managing IT Risks in Internet Banking
Managing IT Risks in Internet BankingManaging IT Risks in Internet Banking
Managing IT Risks in Internet Banking
 
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment IndustryElectronic Payment Fundamentals: When Tech Embracing Payment Industry
Electronic Payment Fundamentals: When Tech Embracing Payment Industry
 
State of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and SolutionsState of Cyber Crime in Banking Sector Today: Threats and Solutions
State of Cyber Crime in Banking Sector Today: Threats and Solutions
 
The State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and ChallengesThe State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and Challenges
 
Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)Developing and Managing Business Continuity Plan (BCP)
Developing and Managing Business Continuity Plan (BCP)
 
Implementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft VisioImplementing BPMN 2.0 with Microsoft Visio
Implementing BPMN 2.0 with Microsoft Visio
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor Relationships
 
Valuing Information Management and IT Architecture
Valuing Information Management and IT ArchitectureValuing Information Management and IT Architecture
Valuing Information Management and IT Architecture
 
Riding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information TechnologyRiding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information Technology
 
The Current and Future State of Internet of Things: Unveiling the Opportunities
The Current and Future State of Internet of Things: Unveiling the OpportunitiesThe Current and Future State of Internet of Things: Unveiling the Opportunities
The Current and Future State of Internet of Things: Unveiling the Opportunities
 
Crafting and Delivering Effective Business Pitch to Investors
Crafting and Delivering Effective Business Pitch to InvestorsCrafting and Delivering Effective Business Pitch to Investors
Crafting and Delivering Effective Business Pitch to Investors
 
Reinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security NowadaysReinforcement of Information Privacy and Security Nowadays
Reinforcement of Information Privacy and Security Nowadays
 
Enterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment FormEnterprise Information Technology Risk Assessment Form
Enterprise Information Technology Risk Assessment Form
 
Developing and Managing Educational Institution Policies
Developing and Managing Educational Institution PoliciesDeveloping and Managing Educational Institution Policies
Developing and Managing Educational Institution Policies
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 

Menggagas Program Audit Media Sosial

  • 1. Kolom Telematika Menggagas Program Audit Media Sosial Penulis: Goutama Bachtiar - detikinet Kamis, 03/01/2013 11:27 WIB Jakarta - Berawal dari memberikan konsultasi dan training Audit Teknologi Informasi (TI) selama tiga tahun terakhir dan percakapan dengan seorang rekan, Janet Fouts 'Social Media Coach', muncul keinginan untuk mengangkat tulisan bertema audit dalam ranah media sosial. Bergerak ke tatanan berikutnya, sesudah menggunakan media ini sekian lama, mengawasi dan melakukan analisis, layer berikutnya adalah melaksanakan program audit. Urgensi, apa saja yang perlu diperiksa, waktu dan metodenya menjadi fokus tulisan kali ini. Sejatinya, ranah media sosial sudah diakomodasi oleh ISACA (Information Systems Audits and Control Association) menjadi salah satu elemen untuk diaudit oleh Auditor Sistem Informasi (SI) maupun TI sejak dua tahun silam. Asosiasi ini menaungi 95,000 Auditor SI dan Assurance professional di 160 negara di seluruh dunia. Selain berbagai manfaat yang ditawarkan, kita, terutama kalangan information risk professional sadar bahwa ada resiko terkait atas penggunaannya. Terkuaknya rahasia dapur perusahaan, penyalahgunaan akun, berkurangnya kredibilitas bahkan buruknya reputasi institusi tertentu merupakan beberapa contoh di antaranya. Ancaman dan Resiko Penggunaan Media Sosial Bagi Perusahaan (Gambar: ISACA). 1 | http://inet.detik.com/read/2013/01/03/112703/2132079/398/4/menggagas-program-audit-mediasosial
  • 2. Jika korporasi ingin memberdayakan media sosial sebagai bagian dari strategi bisnisnya, pendekatan strategis dan lintas fungsional terhadap resiko, dampak, mitigasi, tata kelola dan parameter kontrol, menjadi sebuah keharusan. 'Social Media Audit/Assurance Program' bertujuan memberikan hasil assessment tentang efektivitas kontrol atas kebijakan maupun proses media sosial di suatu perusahaan kepada pihak manajemen. Fungsi tata kelola, kebijakan, prosedur, pelatihan, maupun awareness terkait media ini menjadi fokus aktivitas audit. Singkatnya, strategi dan tata kelola (termasuk kebijakan, kerangka dan monitoring), sumber daya manusia, proses, dan teknologi menjadi empat faktor terpenting. Assurance program dapat dikelompokkan di domain 'Plan and Organize' pada framework COBIT dimana audit berfokus pada efektivitas operasional beserta cara mengawasinya serta efektivitas strategi dalam organisasi. Dari sekian banyak pendekatan dan framework program audit, mari kita melihat benang merah dari aktivitas, timeframe dan metodenya. Langkah pertama: menganalisa kinerja organisasi dan kapasitasnya. Dalam tahapan ini, kita mencoba mengidentifikasi praktek komunikasi media sosial yang nantinya dijalankan perusahaan dan tergabung dalam empat domain besar: strategi, implementasi, integrasi dan support. Dalam setiap domain, ada beberapa kriteria atau standar tertentu yang kita tentukan bersama dan harus dipenuhi. Tentunya, kriteria ini perlu disepakati dan disetujui antar pihak terkait. Pada awal implementasi, praktek yang berlaku umum, bahwa standar tidaklah terlalu tinggi. Namun di tahun selanjutnya, parameter bisa disesuaikan dengan kebijakan perusahaan. Mengidentifikasi tingkat kematangan (maturity level) perusahaan menggunakan media sosial merupakan tahapan selanjutnya. Agar hasil assessment lebih terukur, maka kita bisa mengidentifikasi tahapan-tahapan apa saja di dalam maturity level untuk selanjutnya mengelompokkan apa yang dilakukan saat ini -- terkait dengan komunikasi di media sosial -- sudah berada di tahapan yang mana. Angka terendah (satu) untuk 'unorganized' – tidak terkoordinasi, tidak adanya SDM; dua, 'planned' -- terencana dengan baik, wewenang dan tanggung jawab jelas; tiga, 'institutionalized' -- terkoordinasi sangat rapih, memiliki best practice; empat, 'evaluated', kinerja terukur, aktivitas diawasi ketat; lima, 'optimized', perbaikan berkelanjutan, 2 | http://inet.detik.com/read/2013/01/03/112703/2132079/398/4/menggagas-program-audit-mediasosial
  • 3. berkesinambungan. Membuat profil 'kinerja dan kapasitas'. Dikenal sebagai Matriks Audit Media Sosial, profil ini menggabungkan output langkah pertama (standar/kriteria) dengan tingkat kematangan di langkah kedua. Sebagaimana praktek audit pada umumnya, perusahaan tinggal memilih antara auditor internal atau eksternal. Then how will they cope? Obyektivitas, kredibilitas, waktu, ketersediaan merupakan manfaat penggunaan jasa auditor eksternal, selain informasi dan pengalaman atas praktek serupa di industri sejenis maupun berbeda yang dapat mereka share kepada kita. So, what next? Mensosialisasikan audit matriks kepada pihak, baik berkepentingan maupun terkait, dalam perusahaan, termasuk didalamnya jadwal audit dan metode audit yang akan digunakan. Berbicara mengenai metode, selain wawancara, kuesioner, observasi, partisipasi, dan Focus Group Discussion, communication analysis (efektivitas dan efisiensi komunikasi) dan pattern analysis (pola komunikasi di dalam perusahaan atau dengan pihak luar) acapkali digunakan. Tidak ada metode terbaik. Pemilihannya disesuaikan dengan waktu, biaya serta hasil yang ingin diperoleh. Berdasarkan matriks audit tersebut, kita bisa menyusun action plan. Prioritas utama adalah area mana saja perlu dipertahankan, diperbaiki, maupun ditingkatkan. Langkah berikutnya, menyusun skala prioritas dari ketiga area di atas dan sesudahnya menjabarkan aktivitas apa yang perlu dilakukan untuk mencapainya di setiap area beserta penanggung jawab dan tenggat waktu seluruh aktivitas yang akan dilaksanakan. Agar berkesinambungan, hasil audit harus dikomunikasikan kepada penanggung jawab media sosial, divisi pemasaran perusahaan serta manajemen (jika dirasa perlu). Tidak hanya itu, action plan juga harus dimonitor dan dilaporkan secara berkala, item mana saja yang sudah dieksekusi, mana yang belum (disesuaikan dengan jadwal yang disusun). Jika terjadi keterlambatan implementasi, maka perlu akselerasi dan sebagainya. Dilakukannya audit setahun sekali merupakan langkah ideal, karena apabila terlalu intens tentunya akan 'membebani' auditee. Selamat mencoba! 3 | http://inet.detik.com/read/2013/01/03/112703/2132079/398/4/menggagas-program-audit-mediasosial