The article justifies the need for a specific model of VoIP security auditing that evaluates the incidence of security problems and addresses the challenges in terms of protecting IT resources. The current VoIP security problems are determined based on the analysis of auditing frameworks, and a model based on COBIT 4.1 is proposed to address these problems. As an innovation, the model includes the security culture plan and social engineering from the approach of the user as an IT service customer. In this work, we present the validation of the surveys using Cronbach’s alpha and the results of the statistical average of the surveys applied to experts in social engineering and security auditing in VoIP. The proposed VoIP security auditing model, called VoIPSAM, considers four domains – plan and organise, acquire and implement, delivery and support. and monitor and evaluate – which consider specific security policies for its application.