If you have been following this blog series on how to create a Social Media Governance Plan, you know that the key goal is to mitigate risks for your company. Research shows that corporations consider reputation damage as the most crucial risk concern with technology threats in the top ten.

Social media risks fall under both of these risk concerns, so creating a solid plan and ongoing governance process is certainly a "best practice" for every company. It also is critical to ensure the plan ties into the overall corporate risk management program.

In Part 1 of this blog series, we focused on the first two steps to prepare your plan:

• Gather the Corporate Stakeholders of Social Media Governance, and
• Review Corporate Risk Management Priorities

In Part 2, we focused on steps three through six:

• Review the Corporate Goals for Social Media Governance
• Analyze Previous Successes, Failures, and Changes
• Social Media, Employment, and Industry Law and Regulation Review
• Review Corporate Social Media Policy

How Will You Perform Your Corporate Social Media Audit!

If you are reading this series, you probably have a role that requires you to handle social media or digital risk management for your company. Corporate governance is certainly one of the most important parts to your job. If you have ever lived through a crisis event that played on social media, you know why this planning process is so critical. But governance is also about implementing best practices to preserve your brand reputation, as well as manage risk events. This post details aspects of steps seven and eight of the Social Media Governance Plan process.

• Social Network Participation and Risk Review
• Discovery — Social Media Audit Process 

Social Network/Platform Review

As part of your governance program, you should have (at least) an annual review of every Social Network/Platform to determine your corporate strategy for that platform. For your primary platforms (such as Facebook, Twitter, Instagram, etc.) you should conduct a platform review at least twice per year.

Review Social Media Marketing Strategy

Before reviewing each platform, it is important to review the social media marketing strategy from the marketing/PR/Brand division to understand where they are placing their focus for the coming year. Here are some thoughts that might be on their radar:

• Aggressive advocate outreach to bolster community
• Aggressive local strategy to drive consumers to retail
• Addition of social selling on certain platforms
• New contest promotion
• Increased visual content strategy
• Re-branding 

Try to garner any information that clues you in to risks for the company and to know where you need to turn to gather additional network information.

Below, we have listed some key elements that need to be in your social network review.

Review Existing Social Media Platforms already in use

(such as Facebook, LinkedIn, Twitter, etc.)

• Review license agreements and rules and look for new information. Look especially for references to ownership of content (as in who owns your content once posted?), and any references to companies' trademarks (such as use of your logo or trademarks). Are there any risks that need clarification?
• Review platform changes to determine if there is additional risk exposure.  These changes can be simple, such as the addition of Facebook adding fields to the profile description area. If you are a major company, you may have a strong direct relationship with the networks and you can ask your account manager of any upcoming changes that should be considered under your governance plan.
• Review how the platform auto-generates items and make a plan how you will address these during the audit. Most people think of the auto-generated place pages from Google+ or Facebook, but don't do anything with them. What's your plan for these since people do post to them! Don't forget about the auto-generated pages from Wikis and most surprisingly, the additional URLs to your account. For more information about the URLs that Facebook auto-generated this past year (for the same account as your vanity URL), see our blog post What's Another URL Among Friends, Facebook?
• Review the rules that may apply to your marketing strategy, such as the contest rules (if your team plans to run a contest) or the social selling compatible platforms (if you are adding social selling directly on your Facebook page), etc. You should already know the laws around these items, so now you just need to understand the network rules.
• Review the security practices of the network to protect your customers and to protect you (such as two-factor authentication). 
• Review the networks where you reserved your brand name to determine updates, especially if the social marketing strategy requires a higher level of activation for the coming year. For example, if there is a stronger push for a visual content strategy, then understanding the changes at Pinterest, Instagram, Vine, etc. is now important.
• Review industry-specific sites, sometimes referred to as "vertical social networks". 

Review New Social Network/Platforms not currently in use

• Review all new (and new to you) social networks in countries where you do business. If you are expanding into new markets in the next year, consider those countries for this Social Media Governance Plan. Have employees already reserved a site on some of these networks but failed to submit them to the governance group? This is not only true for social networks, but if you are managing all digital governance, this is true of all new gTLDs.
• Create a list of the networks where you need to reserve a page/account to ensure all brands have a reserved page/account (to prevent brand squatting).
• Review industry-specific sites that promote your brand or your employees to the consumer/customer. For example, the Mortgage industry has Houzz, Lender411, Zillow, and Trulia. If industry sites are important to your business, make sure that you reserve your brand page, and understand the rules around these platforms. Most of them are "social" so you definitely want to consider them in your governance strategy.

The list can go on and on....just remember to be specific for what is important to manage the risks for your company. Collect the data in a manner that allows you to create a follow-up and implementation process once you have completed the Social Media Governance Plan.

Social Media Audit Process — Discovery

Many companies conduct social media audits on an annual basis but often miss some key elements of the audit to truly mitigate corporate risks. At Brandle, we believe that the first step to an audit is understanding web presence. Consider each site or page as a corporate asset and the asset elements are everything that is set on that site once you populate the profile (the profile description, avatar, image, apps, profile meta data, referenced website, etc.). This is the first information a customer sees about you, the corporation, or the brand and is where you have control over maintaining brand and regulatory compliance standards.

A web presence can be created on any social network within a matter of minutes, by anyone, putting your company at risk. This is why the first order of business is to audit the web presence (asset) for corporate brand standards, security and access, and regulatory compliance. If you are in a regulated business, you are also responsible for the governance of employees sites, so add those to the audit list.

At Brandle, we also call a these accounts "POPs", or online "points-of-presence". Here is a process to consider for your social media audit and processing your POPs. 

Discovery— Social Media Audit to Find your Brand(s)!

People have different definitions for "social media audit". At Brandle, we consider a complete audit to include a Discovery (find what you don't know), Inventory Web Presence Audit (review the profile content and asset information of what you do know), and Content Stream Audit (review the content stream for brand standards, policy adherence, and compliance).

You can choose to conduct the review process on your known inventory first, or choose to conduct a full discovery before auditing each site. We suggest discovery first so you can then attack each phase of an audit on your entire known inventory. Here is what you are looking for during Discovery.

Corporate Web Presence

• Corporate POPs that may have been created without your knowledge.
• Platform-generated place pages. How will you monitor or manage these?
• Platform auto-generated pages from Wikis. How will you monitor or manage these?
• Community-generated sites. How will you monitor or manage these?
• Brand review on new Social Networks to ensure all brands have a reserved page/account (to prevent brand squatting). If your brand is taken, what is your strategy now?

Third-Party Web Presence (such as employees or partners)

• Employee VIPs such as CEO and other executives that have a following.
• Employees that claim a relationship to the brand (especially if in a regulated business).
• Licensed representatives (such as independent agents).
• Advocates claiming a relationship to the brand
• Others (such as partners, retailers, etc).

Infringing Properties (infringing on IP, counterfeiters, phishers, etc).

• Third-party POPs using your brand names, IP, or other identities, but are considered malicious (such as counterfeiters, phishers, haters, etc.).
• Send infringing and counterfeit POPs to legal counsel.

Corporate Branded Web Presence Audit

These are company sites: product sites, program or campaign sites. Remember this audit process is to manage corporate risks. This is not an ROI audit on marketing campaigns or ad spend. Here is a list of what you are auditing:

• Profile description consistency and brand standards, including platform-generated pages.
• Avatar consistency.
• Artwork/Profile Picture image.
• Security and tech vulnerability review via social media.
• Credentials Review and contacts who have access (including agencies).
• Conduct a referenced website review to ensure customers expectations. Everyday we see bad links from a referenced website on a social media account, even from major global enterprises. This is how customers take a deeper dive to understand what your company is all about, and if the link does not work, you deliver a poor brand message to the customer. (It is not uncommon for a webmaster to update a site and alter a microsite URL).
• Last Posting Data and general posting cadence.
• Followers, Likes, metrics.
• Conduct an Intellectual Property (IP) review to ensure trademarks are accurately represented. Know your trademarks, regulatory requirements, and brand standards intimately and prepare for your audit!
• Compliance and Regulatory Review. This is especially true for regulated businesses. Review the guidelines with your legal counsel on your stakeholder team and discuss the actions that will need to take place depending on what you find.
• What apps and tools are attached.

Third-Party Web Presence Audit

These are sites for your employees, partners, communities, etc. You can't control them, but you do need to provide guidance, especially in a regulated business.

• Profile description consistency and brand standards, including platform-generated pages.
• Avatar consistency.
• Artwork/Profile Picture image.
• Conduct a referenced website review to ensure customers expectations.
• Last Posting Data and general posting cadence.
• Followers, Likes, metrics.
• Conduct an Intellectual Property (IP) review to ensure trademarks are accurately represented.
• Compliance and Regulatory Review. For regulated companies, you need to have a complete list of requirements from the governing body and you need to know how the company expects to see the requirements. For example, for a mortgage loan officer, you may require that their NMLS number is in the account name or clearly displayed in the profile artwork. You also need to know where they place the company name and NMLS number, as well as the consumer complaints link.  For some ideas, see our post on Examples Lead the Way.

Content Stream Review

The content stream is also an important part of the audit, especially for regulated businesses, but it is secondary to the audit process of the asset. Think of it this way, if you don't know where the web presence is or if it even exists, how can you know to review the content for compliance? The items you need to review in the content stream includes:

Corporate Web Presence

• Regulatory Compliance
• Approved use of trademarks
• Brand Standards Compliance
• Legal Use

Third-Party Web Presence (such as employees or partners)

• Regulatory Compliance
• Use of approved Library
• Approved use of trademarks
• Brand Standards Compliance
• Legal Use

Our final post will complete the steps to create your corporate Social Media Governance Plan. Then, it will be time to execute on the processes designed to manage corporate social media risks!

• Social Media Governance Process
• Procedures when Risk Event Occurs
• Train Employees on Social Media Governance
• Monitoring Procedures to Ensure Governance
• Review Cycle for Governance Plan

If you'd like to see a social media audit case study, just click the button below.