Google the phrase "social media audit" and you're going to see pages upon pages of search results about how to review your social marketing efforts to determine their effectiveness, usually once per quarter.
Google the word "audit" next, and you'll find information on how companies are examined to determine the validity of financial records, or review their business processes, or determine their compliance with laws and regulations.
Reviewing the effectiveness of your social content is something you should be doing on a weekly basis at a minimum, if not more frequently. With more than 313M monthly active users on Twitter alone, the amount of content being shared and consumed on the platform is certainly not insignificant. This medium moves far too quickly to not review your performance data at the same pace.
Social strategists should approach an "audit" the same way that any company approaches a financial or compliance audit: with a careful eye towards reviewing the processes and procedures that are in place for social media account access.
Here are the top 3 items that you should include in a social media audit:
Who can access your social media accounts. People leave companies. Brands change agency partners. It happens. But the last thing you want is for someone to still have access to your social accounts once they've left their organization, especially if they left on negative terms. Within Oracle Social Cloud’s Workflow & Automation, set your Default Timeout Value, or the time duration in hours for which SRM users can be logged into their accounts. Periodically check the last time your users logged in; if the timestamp is 30 days or older, that may be a good indicator that the user may have left the company or their responsibilities have changed. If it's been longer than 90 days, deactivate the user's credentials. (They'll come find you if they can't log in, I promise!)
What those users can access. If you have individuals that only utilize social listening dashboards, for example, grant Listen Editor access only so that they do not have the ability to publish content. Does an agency only handle your paid content and not organic? Grant them Media Manager access, so that they can only create unpublished, or "dark", posts and not live page posts. Have a community manager that only responds to mentions and messages? The Moderator role allows them to respond and engage, but not publish content. The intent here isn't malicious; certainly you trust the individuals that you are giving access to. However, accidents can happen and an employee messing around could lead to a slip-up that goes viral. (#gettingslizzerd, anyone?)
Account passwords. Always recommend that your users create a secure, randomly generated password. Within Oracle Social Cloud’s Workflow & Automation, set your Password Expiration Value to 90 days, so that your users are forced to update their password once per quarter. The Google Docs phishing incident is a good reminder that even those who are technologically savvy can be fooled sometimes.
It's always better to be safe than sorry when it comes to social media!