McKinsey on demystifying social media for executives

McKinsey believe there are two interrelated reasons why social media remains an enigma wrapped in a riddle for many executives, particularly non-marketers.

“The first is its seemingly nebulous nature. It’s no secret that consumers increasingly go online to discuss products and brands, seek advice, and offer guidance. Yet it’s often difficult to see where and how to influence these conversations, which take place across an ever-growing variety of platforms, among diverse and dispersed communities, and may occur either with lightning speed or over the course of months.

“Second, there’s no single measure of social media’s financial impact, and many companies find that it’s difficult to justify devoting significant resources—financial or human—to an activity whose precise effect remains unclear.”

Read more on the the McKinsey Quarterly site

Building a content risk matrix

The risks around publishing in traditional print mode can be mapped very clearly to the fundamentals of accuracy and appropriateness, as well as our legal obligations not to defame. We developed the rules for this over hundreds of years.

This framework underpins our credibility as individuals (authors) and as businesses (publishers). Traditionally publishers may have threatened to print and be damned, but what they actually did was sail very close to the wind, confident in how far they could go and not end up in the courts; or end up there and win.

But traditional content has been joined by young and capricious alternatives to print, TV and radio, that cavort in a virtual word where they can be pointed to and promoted by billions of autonomous micro publishers via Twitter, Facebook, Pinterest, YouTube, to name but a few.

Your roadside billboard can be photographed by smartphone and shared with an entirely new audience. When it works, this is called going viral, when it doesn’t it’s called a PR nightmare.

This new and rapidly evolving landscape offers multiple channels and multiple delivery mechanisms. It makes herding cats look distinctly easy.

Of course, the solution is simple. You just stay rooted in old school and non-digital content (that now seems relatively easy to control, by comparison). You turn your back on the social mediasphere and encourage your clients to do the same. Alternatively, you rule the new channels with a rod of iron. “Nobody’s allowed to Tweet for this company unless they have a Masters in Neural Linguistic Programming!” “Only the Chief Executive gets to Like Comments on our Facebook page!”

Or… you take a few risks

We all have to take risks. Or, to to court a double negative, you can’t not take risks. The secret is to herd the risks – not the cats.

Risk scoring is based on two parameters – likelihood and impact. An event may be likely to happen but the impact could be relatively small: a broken link on a deep page that’s rarely visited. An event may be unlikely but the impact would be catastrophic: a drunk, disgruntled employee loads a bogus interview with the CEO on to the coporate website, in which the CEO calls the Prime Minister some very unpleasant names and threatens to run away with the pension fund.

Scoring key content risks and applying internal controls to mitigate them is a useful part of digital governance. The key is to start with the basics and build. Multiple tabbed spreadsheets infused with macros covering every last content element you generate are worse than useless if nobody’s going to monitor the output.

Start with the biggies

In previous posts I’ve dealt some some of the key legislation and regulation we have to deal with these days. Mitigating the risk of falling foul of the law is a good place to start.

  • For example, what is the likelihood of your next campaign on Spotify running foul of the Advertising Standards Authority*?
  • What would be the impact if you had to pull the ad – lack of exposure, cost of ditching / modifying the ad, already paid for ad slots that you can not longer fill?

*I’m thinking of a real life case where the ads had to be pulled from a number of social media sites. The adjudication was triggered by just 15 complaints.

Don’t restrict yourself to legislative and regulatory issues. Think about customer risks. The one broken link on the deep web page mentioned earlier may not mean the end of your organisation, but if your organisational culture means there is a real likelihood of sloppy url input and poor page maintenance  – you’ve got a significant impact and a significant risk to customer engagement and satisfaction. (Not to mention a culture where the website has deep pages which are rarely visited.)

1. You need to start by identifying top level content risks. I think this a good reason for a facilitated workshop and not just involving content creators but also IT and other corporate perspectives.

(Key technical risks, such as capastrophic failure of IT systems may already be part of a corporate risk register within your organisation.)

2. If it’s a while since you’ve done a content audit, do one in the run up to the workshop. Ideally, audit all your content, not just digital. Apart from anything else, you may want to form a view about how content is originated in your organisation (eg do you still follow a digital-content-is-extracted-from print model?).

3. Having identified and agreed your top level content risks you need to give them a score (accept you will want to come back and adjust these has you get better at the process).

Risk scoring

Based on my experience of how other risks are scored in the corporate environments, consider an Impact range from insignificant (1) to very serious (5) and a Likelihood range from very low (1) to very high (5). The combined ranges on a 5 x 5 matrix produce scores ranging from 1 to 25.

If you go for a bigger scoring ranges it becomes much harder to judge the scores and monitor the changes as you work on the risk. Trust me and the trusty bell curve on this one.

Just putting a score to stuff can be very insightful. Divide your risk scores into sections something like this:

  • 6 or less (low risk)
    Keep an eye on it. Review it occasionally.
  • 8 to 12 (medium risk)
    Do some deeper work to establish why it’s happening and what can be done to reduce it. Additional skills or training perhaps? Set realistic timescales for the actions and review directly afterwards and then regularly until it falls back into 6 or less (residual risk) and stays there.
  • 14 to 20 (high risk)
    This may need investigating at a department or team level. It may require training, ongoing monitoring and maybe some hard controls, for example, reducing the number of people with publisher rights in the CMS, tightening up on approval processes (and engagement with them). Don’t turn you back on these risks as they can go up as well as down. With some risks you may not get them down below 8 -12 but if that’s the case you need to think about effective ongoing monitoring.
  • 20 or above (highest risk)
    Put together a team probably across content and technical disciplines to drill down, find the problems and deal – as a matter of urgency. This may require a combination of hard controls and ongoing monitoring, as well as training. You may need some anonymous ‘no blame’ feedback.

As you decide on a remedial / mitigating actions, assign a named individuals to oversea them and attach a timescales and reporting frameworks.

Okay, I think that’s going to keep you going for now.

Governance – where to draw the line?

Back in the days of the wild, wild, west, gun fighters and bank robbers ran amok. Gentle folk were afraid for the lives and street brawls were commonplace. Okay, it was exciting, but reputable companies – I mean folks – stayed in the big cities and left the frontier towns to the lawless.

Aw shucks, it’s another metaphor.

The good thing about all those gunslingers and rot gut whiskey drinkers was they opened up opportunities. It was their all round recklessness that pushed the boundaries. But before these new opportunities could be truly capitalised on, somebody had to impose order.

Enter the sheriff…

The sheriff slung the drunks in jail and ran the gunslingers out of town. Sheriffs were also pretty handy with guns themselves. Not a few gunslingers were hired by towns to police their streets and gun down the ‘bad guys’. In fact, apart from the presence of the sheriff’s 5-pointed star, very little differentiated the law man from the lawless.

So, when you’re policing the streets, where do you draw the line? Okay, we’re ditching the metaphor now.

In terms of rolling out the concept of digital governance to wider audiences, I’ve chosen legislation and regulation as my entry point*. This is because, in lawful societies, the risk of legal penalty is a sufficient deterrent (particularly if you’re a big company with a lot to lose). It’s also something that attracts the attention of the board room, which, sorry, content per se does not

*I started to group together some of the more pertanent rules and regs in my previous post

But when you seriously consider what could impact on the correct governance and risk mitigation of digital content, you begin widening your scope – quite considerably.

For example, culture secretary, Jeremy Hunt, plans to publish a Green Paper setting out the scope of a new communications act by the end of this year. If you think this is just about hacking and tabloids, think again – and read the below…

Hunt gave a few clues as to areas on which he may focus, but appeared to indicate that one may be regulation of programming content on the internet.

Under the current EU Audiovisual Media Services Directive, “TV like” services, such as the BBC iPlayer, are subject to regulation. However, the level of regulation is less than that imposed upon traditional TV channels.

“Whether we are watching a broadcast live or through catchup TV services, via a TV or a computer, it is the content that matters, rather than the delivery mechanism,” said Hunt. “So should it be the case that the method of delivery has a significant impact on the method of regulation? Or should we be looking at a more platform-neutral approach?”


There’s data protection and eprivacy and the implications of the European Data Protection Framework (EDPF) Review (don’t ask me, I’m new here) and the Digital Economies Act; some might say the latter was rushed legislation aimed at pirate downloaders and which now seems to be languishing somewhere in Brussels. PRS for Music, which brings together the two royalty collection societies MCPS and PRS, is also looking at the whole area internet piracy and controlling copyright online.


  • The EUs general concerns and overall remit around data protection and how personal data is used.
  • The ongoing digital implications for copyright and its infringement including ideas floated by the Hargreaves Review.
  • The impact of changes to internet protocols.

Then there’s the whole area of cyber security , the Government’s plans for a cyber security strategy, the implications of the Home Affairs Committee inquiry following last year’s riots, a warning from head of GCHQ’s about a ‘disturbing’ level of cyber attacks, as well as high-profile security breaches involving big names such as PlayStation and Google.

It’s not that organisations and governments are not increasingly on their toes when it comes to critical issues such as hacking and data protection. As early as its 2008-2009 report, the UK’s Intelligence and Security Committee raised concerns about the potential threat posed by cuber crime, not only to the UK government,  but also ‘critical national infrastructure and commercial companies’.

We therefore welcome the fact that this threat has been recognised and that cyber security is now listed as a Tier One national security risk. The new funding that has been made available, as part of the SDSR (Strategic Defence and Security Review), to fund cyber security work is a significant step forward.

Source: 2010–2011 Annual Report, Intelligence and Security Committee

All fine and dandy. But its the next bit of their latest report which attracts my interest…

Whilst the priority and funding are to be welcomed, structural issues continue to cause us concern. We have noted 18 units with particular responsibilities in this field across the three Agencies, two law enforcement bodies and five government departments. Between them they cover policy, management, intelligence operations, protective advice, detection and analysis, with some focused on crime, some on hostile activity from overseas, some on Counter-Terrorism and others covering all three. This risks duplication and confusion and cannot be cost-effective. We therefore recommend that work be done to rationalise the existing structures.

Source: 2010–2011 Annual Report, Intelligence and Security Committee

Some 18 different agencies all getting their head around cyber security. Cooks? Broth? Anybody?

I think there is a real danger that as the digital wild west becomes the tamed west that we could end up in a situation where the streets are populated by too many sherif’s, firing off their six guns for offences no more horrendous than jaywalking. I’ve read the phrase ‘governing the internet’ more than once and frankly it worries me. Didn’t Canute try something similar?

But it’s not all bad news…

After the gun  and the guns for hire, and the early day sheriffs who relied on their quick draw, there came judiciary and laws than formalised the processes for identifying bad from good and exacting appropriate penalties. That’s where I think we now need to go with digital governance.

Those of us involved in content, its creation and implementation are ideally placed to step into and exert our  influence in this area. I used the word ‘influence’ rather than, say, ‘control’, after careful thought. Think traffic police rather than Big Brother. It’s all about enabling the flow of communication while mitigating the risk of pile ups.

We already act as the linchpin for a whole range of disciplines. The image below was created by Richard Ingram and is one of many of his stunning visualisations that go towards explaining our turnkey positioning.

• We already have, and continuing to improve, a range of tools and methodologies that allow us to guide clients in project choice, rationale, implications and implementation.

• This is alongside the deploying of the actual content itself across an increasing array of channels and delivery mechanisms.

• To this array of tools and services we ‘simply’ need to  add governance tools and methodologies, such as a suitable content risk matrix that will allow us to identify the more important issues that clients need to address – and mitigate.

I’m going to show you what that content risk matrix might look like in my next blog.