Auditing Social Media: A Governance and Risk Guide 


By Peter R. Scott, J. Mike Jacka
Reviewed by Mahmoud D. Ghuneim, CISA

Bookstore  Order Book

In today’s highly competitive business world, social media is not a choice; it is a must. The authors of Auditing Social Media: A Governance and Risk Guide blend their extensive expertise in business strategies, social media, marketing, communications and internal auditing. Their experience is apparent in the book’s 7 chapters and 5 appendices, targeted at helping businesses navigate the maze of risk and governance surrounding social media.

Using unique, friendly, interesting and simple language, the book’s first few chapters provide an overview of social media, explaining its value-delivering strategy and how it could go wrong while being effectively and efficiently monitored and measured through listening and learning best practices. The authors, leading experts on social media compliance, explore the risk and compliance issues every business must consider when using social media, explaining why it works, the legal issues involved, how to develop a social media policy and strategy, and how to track it through strong metrics. The book discusses the elements of an effective social media policy for both internal stakeholders and external stakeholders, exposing social media risk by stressing that the greatest risk related to social media is what organizations do not know. Some see the governance role as being the responsibility of the boards of governors and related oversight committees, but the authors of this book look at governance in a broader perspective, viewing governance as who is watching the store.

Packed with useful web links and popular social media usage and monitoring tools, Auditing Social Media concludes in the form of a complete, comprehensive social media audit program. The book is intended for chief executive officers (CEOs) looking out for their enterprises’ business involvement with social media, but the book is appropriate for all senior security professionals, IT auditors, consultants and students. As the book’s core material tends to be more descriptive and illustrative rather than technical, it does not require the reader to possess an advanced level of IT knowledge or expertise. The book does not provide specific case studies on the subject of social media auditing, but it does contain several explanatory examples throughout the book.

Auditing Social Media: A Governance and Risk Guide is available from the ISACA Bookstore. For information, visit the ISACA Bookstore online or email

Mahmoud D. Ghuneim, CISA, served as a professional communications engineer with governments in the Arabian Gulf and Jordan for more than 30 years including practices with computer and fixed communications networking security. He was the science editor with several Arab daily papers and magazines and a consultant for major computer bookstores in Jordan for more than 20 years. Ghuneim served twice as a member of the ISACA Publications Subcommittee.