Internal Audit
1. Senior management and board considerations of what happened
Managers play one of the most important roles in a company, and in this case, it is no
different. It is the manager’s job to set an example and they set the tone from the top, down.
Facebook CEO acknowledged that they failed in their global responsibility to protect their
customers. Before the scandal, Facebook failed to inform its users on how to protect their
personal information from access by third parties who took their information without their
consent. After the data breach, Facebook promised to inform users who had their data shared
with Cambridge Analytica to make them aware of those whose privacy got compromised. On
the other hand, Cambridge Analytica suspended its chief executive following the scandal.
The senior management from both companies had to take action to prevent their reputation
from further damage. Facebook distanced itself from the scandal and stated that it did not
collide with Cambridge Analytica to steal user data without their consent or knowledge.
However, Facebook did acknowledge that it failed in its role to protect user information from
unauthorized access. Facebook management acknowledged their role in user data harvesting
and the CEO testified and apologized in front of the Congress. However, Facebook did not
sell user data to Cambridge Analytica, but instead Cambridge Analytica exploited the
vulnerability in the Facebook apps to collect data without user knowledge or consent.
Following the fraud, Cambridge Analytica downfall started which resulted in the collapse of
the company and it was later defunct on May 1, 2018. It is hard to tell whether there was any
conspiracy between Facebook and Cambridge Analytica to share user information for money.
However, Cambridge Analytica did accept that it accessed more than 30 million user profiles
without their consent.
2. Corporate Governance considerations
The main purpose of governance is to enhance shareholder’s wealth through the
achievement of a firm's objectives. However, apart from that, corporate governance also helps
to protect stakeholder values and interests by improving performance and holding the
organization accountable. There are many key principles in corporate governance principles,
these included but not limited to: Leadership – Corporate governance oversees key strategies
and leads a culture to help the business perform at its best. Fairness – Stakeholders at all
levels should be treated equitably and reasonably. Transparency – the organization should not
need to keep secrets and outsiders should be able to observe the organization’s transactions
and processes. Stakeholder engagement – ensuring that significant stakeholders are engaging
with the business to position the business for the best possible outcome. Accountability –
owning and embracing strategies, as well as the tasks needed to achieve the organization’s
long-term goals.
First, we look at Facebook whose objective is “We believed that people being able to
share the information they wanted and having access to the information they wanted is just a
better world.” The key thing to focus on in their objective for us to discuss is the part of
people sharing the information they wanted. Then we need to look at Cambridge Analytics
which was to “change audience behavior”. For this case, the corporate governance
considerations of Facebook that should be focusing on are the fact that Facebook is unable to
protect their customers' privacy and allows their user’s personal data to be collected by a
third-party company. Analyzing the 5 components of governance, there are three main
components that these companies failed in were fairness, transparency, and accountability.
The reason they failed in fairness was because first Facebook did not ensure protection for its
users and Cambridge Analytics also took that information without consent. Who later sold the
collected data without consent from the Facebook users. As with most social media,
Facebook business depends on the customers trusting the company to look after their data,
yet Facebook violated that trust, showing the ineffectiveness of its governance and its board.
They also then failed in transparency. For both companies they failed to notify customers that
they were taking that information and even more they failed to notify them about what that
information was being used for. Then lastly, accountability. While some may say that they
did take accountability, it wasn’t until after the fact that they assumed responsibility.
Accountability starts before a wrong action and starts the second a decision is made as a
business that prides themselves in what they do. When a company such as Facebook makes
their objective for people to share the information they want and that information is taken
without their consent, it creates a problem in the third objective. In conclusion, the
consequences of this lack of appropriate governance are many things and this caused
oversight and reduced shareholder value. There is also the job reductions and reputational
damage, along with reduced morale amongst employees and anger amongst users and
lawmakers. Overall, making what these companies did a big concern in all aspects.
3. Governance actions
The 2013 Facebook scandal, also known as the Cambridge Analytica affair, brought to light a
significant event for the social media company. It has shown that Facebook did not do their
best to protect the user's privacy data and this is the main reason that put their user's privacy
in danger. Facebook's management team and board of directors established many governance
steps to address the data privacy issues that led to the data leak. They began by conducting an
internal investigation to assess the scope of the incident and any other possible data privacy
problems. The business recruited forensic AU data experts to look at how the data was
gathered and handled, as well as to determine any potential harm to user privacy. Many of the
senior Facebook management team including their chief information security office, the vice
president of global public policy and their chief legal officer have decided to leave the firm
after this scandal happened. Their resignation has represented a major change in Facebook's
leadership, and this also serves as a promise to their users to avoid similar incidents in the
future. Facebook's response to this data privacy scandal includes generating new rules and
procedures. Such as limiting the amount of data that the third-party apps can access from
users, have higher data privacy standards, and introducing the transparency tools that allow
users to monitor which apps are now accessing their data. Then, the corporation realizes the
need for increased openness to reestablish public trust and has taken many efforts to improve
operational transparency. Hiring a chief privacy officer to manage data protection efforts,
introducing a data abuse reward program to motivate data users to report breaches, and
developing a public-facing website with information on the company's data privacy rules and
procedures are all part of the plan. Facebook's management team and board of directors
backed the new privacy standards and recognized the need for greater accountability and
openness. The firm is dedicated to working more closely with authorities and lawmakers to
guarantee compliance with applicable data privacy laws and regulations. As we can see,
Facebook's management team and board's governance efforts in reaction to the Cambridge
Analytica crisis reflect a commitment to supporting the company's principles of
responsibility, accountability, and openness. Although recovering the confidence of our users
and stakeholders is a continuing task, it is critical to establishing a more secure and
trustworthy Facebook.