Since its humble beginnings in 1986 as the Tabulating Machine Company, IBM has been an innovator. So it should come as no surprise that the company that invented much of the technology that spurred a social media revolution would be among the first to truly understand the associated risks.
IBM's social media journey can be traced as far back as 1999 when it launched developerWorks, an open source community portal that has become the industry's largest technical resource. Later, in 2005, "IBMers" began using a collaborative "wiki" page to provide advice to IBM bloggers (and protect itself) as the company sought to embrace the blogosphere. Today, internal IBM "Jam Sessions" have become legendary for unlocking the idea-generating power of "crowdsourcing" (outsourcing tasks traditionally performed by an employee to a large group of people). Currently, IBM has 60,000 users on its internal social networking platform (called Beehive), a million daily page views on its internal WikiCentral, some 200,000 employees on LinkedIn and more than 52,000 employees on Facebook.
Perhaps it was only natural that IBM would be a pioneer in managing social media risks. The first thing that Jon Iwata, IBM's senior vice president for communications and marketing, recognized was that employee use of social media exposed the company to a reputation risk that should be considered an enterprise-level threat. Working with the CIO's office and a group of experts, they recognized that social media's use may enhance or degrade customer satisfaction, relationship building, recruiting, retention, brand building and competitiveness. This process resulted in consensus among the senior vice presidents to include it on the enterprise-level risk map, reflecting their conviction that social media is critical for business success and a risk worth taking to drive commercial gain.
To move the process forward, IBM then commissioned a cross-company task force to break down the risk into "actionable" sub-risks, develop upside and downside scenarios for what it calls "peripheral vision," and perform root-cause analysis. That process has already yielded results: new employee education and training, changes in governance and the development and implementation of new technology.
Based on what it has learned, the company has developed methods and councils for comparing social media strategies, metrics and business value. It has also established a formal, enterprise-level governance team and created new policies on issues such as how to manage confidential information and where to host IBM-branded blogs.
Education and training are other priorities. The "IBM Business Conduct Guidelines" were amended to include appropriate uses of social media. A video was developed for IBM's new social media users, and the company is developing a formal education curriculum that will help employees balance all of social media's risks with its business value.
"We discovered that the risks of not encouraging employees to engage in social media and the risks of not providing them with the tools and education they need greatly outweigh the risks [of trained participation]," says Iwata. "Our assessment has provided even more evidence that encouraging employees to engage in social media is critical to our future success as a business."
And that is the key takeaway from IBM's story: a comprehensive risk management approach recognizes both the risks and benefits of social media-managing the former without stifling the latter. IBM insiders say that other companies that view risk management through the audit function tend to focus on hazards. IBM's intent, on the other hand, is to manage social media risks with the same goal in mind that it has when it manages all other risks: generating business value.
IBM's Delicate Social Media Balancing Act
|