Weekly Google Groups governance audit, delivered to Slack

Every Monday at 8am, run a governance audit of all our Google Groups and deliver the results as a Google Doc plus a short Slack post.

Step 1, enumerate every group. Use the google-groups List Groups operation to pull every group in our Google Workspace customer.

Step 2, inspect each group. For every group returned, call google-groups Get Group to fetch its label, display name, description, and creation date, and call google-groups List Memberships to fetch its full member roster with roles. Track which members are owners, which are managers, and which are regular members.

Step 3, flag governance issues. Bucket each group into one or more of these categories: groups with external members (any member whose email is not on our primary company domain), groups with zero owners, groups with exactly one owner, groups with no members at all, and groups missing the cloudidentity.googleapis.com/groups.discussion_forum label. A group can appear in multiple buckets.

Step 4, pick the top three risks. Apply judgment to rank the highest-priority issues across all buckets. Weight things like the size of an external-member group, whether an owner-less group has many active members, and whether a group's name suggests sensitive scope (security, finance, exec, all-hands).

Step 5, write the report into a new Google Doc. Use google-docs Create Document to make a new doc titled something like 'Google Groups Governance Audit — <date>'. Then use google-docs Batch Update Document to fill it in. The doc should have: a one-paragraph executive summary at the top, the top three risks called out as a short prioritized list, then one section per issue category with a table of affected groups (columns: group name, email, owner count, member count, creation date, notes). Keep the formatting clean and readable.

Step 6, post the summary to Slack. Use slackbot Send a Message to post to the #it-governance channel. The message should include a link to the Google Doc and the three top risks called out inline so the team sees the highlights without opening the doc. Keep it short, four or five lines.

Make the company domain configurable (default to whatever the authenticated Google account's domain is). The audit is read-only — do not modify any groups or memberships.

Additional information

What does this prompt do?

Pulls a complete list of your organization's Google Groups every Monday morning and inspects each one for governance risks.
Flags the issues IT and security teams actually care about: groups with external members, groups with zero or only one owner, empty groups with no members, and groups missing the standard discussion forum label.
Writes the full audit into a new Google Doc with one section per issue category and a table of affected groups, so you have a shareable artifact you can review and assign work from.
Posts a short Slack summary to your IT governance channel with a link to the doc and the top three risks called out inline, so the team gets both a glanceable view and a place to dig in.

What do I need to use this?

A Google Workspace admin account that can read your organization's groups and memberships.
A Google account that can create and edit Google Docs.
A Slack workspace and a channel where the weekly report should land (most teams use a dedicated IT or security channel).

How can I customize it?

Change the day or time the audit runs to match your team's review cadence.
Swap in a different Slack channel, post to multiple channels, or send the link as a direct message instead.
Adjust which governance issues get flagged or add your own criteria, like required naming conventions or a custom owner threshold.

Frequently asked questions

What counts as an external member?

Any group member whose email address is on a domain that isn't your organization's primary domain. Vendors, partners, and personal accounts all get surfaced so your team can decide whether they belong.

Why is a group with one owner flagged as risky?

If that owner leaves or loses access, the group becomes orphaned and nobody can manage it. Most IT teams want at least two owners on every group so there's a fallback.

Will this make any changes to my Google Groups?

No. The audit is read-only. It surfaces problems and writes them to a Google Doc and Slack. Remediation is left to your team, so you stay fully in control.

Can it run more often than weekly?

Yes. The schedule is fully adjustable. Most teams pick Monday morning because it matches their weekly security review, but daily, monthly, or any other cadence works.

Does this work with Cloud Identity Groups?

Yes. It reads the same group data your Workspace admin console shows, including Cloud Identity Groups created outside of the classic Google Groups interface.