This post explores risk assessment as part of Pixalate's ongoing series detailing the MRC guidelines on Sophisticated Invalid Traffic (“SIVT”) within mobile application (in-app) environments.
MRC guidelines: What is a risk assessment?
A risk assessment is simply the process of identifying and evaluating the potential hazards that could negatively impact an organization's ability to conduct business. These assessments are designed to identify inherent business risks and provide measures, processes, and controls to reduce the impact of these risks to business operations.
Why does risk assessment matter?
Unless a given entity fully recognizes the potential adverse impacts of IVT from a business, operations and client perspective then they will be unable to develop comprehensive internal control procedures and IVT detection solutions (as applicable) which address the potential risks to the entity, its operations and its client base. When operating in the digital advertising space, it is paramount that entities take the time to evaluate the risks presented to the service’s operations within the context of IVT (on both a holistic and discrete level) in order to protect the operations of the entity, the integrity of relevant product suites and the impact on client bases.
How are the MRC Guidelines addressing the need for a risk assessment?
The MRC IVT Guidelines established a risk assessment process whereby entities operating in the digital advertising ecosystem evaluate the various risks (e.g. business, operations, client) in the context of invalid traffic (e.g. ad fraud) on a periodic basis. This assessment is specifically designed to take into consideration the sufficiency and effectiveness of relevant internal control objectives and resulting internal controls.
The SIVT mobile in-app interim guidance outlines the expansion of the IVT risk assessment to take into consideration risk factors specified to mobile application environments. These additional considerations, as outlined by the interim guidance, are presented in the executive summary above.
As Pixalate perceives this to be one of the most important procedural-level requirements of the MRC IVT Guidelines, we plan to publish additional context regarding the MRC requirements specific to the execution of a holistic, periodic IVT risk assessment.