There are several types of internal audits your organization can conduct. Your choice will largely depend on the specific goals and objectives you hope to meet.

• Operational audit. This audit evaluates the performance of a particular function or department to assess its efficiency and effectiveness. The primary sources of evidence will include the active policies and achievements related to organizational objectives. Operational audits may evaluate controls and efficiency, and they consist of organizational structure, processes and procedures, data accuracy, management and security of assets, staffing, and productivity.
• Compliance audit. This audit evaluates an organization’s adherence to established laws, standards, regulations, policies, or procedures. Typically, a compliance audit is conducted because of a policy or statutory requirement. The objective of a compliance audit is to ensure adequate control over an essential internal process.
• Financial audit. This audit is an independent evaluation of financial data’s fairness, accuracy, and reliability across a fixed period (usually a fiscal quarter or fiscal year). The objective of a financial audit is to assure that the financial activity of the department, unit, or whole enterprise is completely and accurately reflected in the appropriate financial reports.
• Follow-up audit. These audits are usually conducted approximately six months after an internal or external audit report has been issued; they are intended to evaluate whether corrective action has been taken on previous audit issues. A follow-up audit revisits the past auditor’s recommendations, management’s actions to implement those recommendations, and whether those recommendations actually work. Follow-up audits also assess whether the situation has changed enough to warrant different activities.
• Investigative audit. This audit only occurs due to a report of unusual or suspicious activity. It focuses on specific aspects of the work of a department or individual. Investigative audits are conducted to determine the extent of a loss, assess weaknesses in controls, and make recommendations for corrective actions.
• Information technology (IT) audit. IT audits evaluate the controls related to your organization’s information processing systems. IT audits make recommendations to management regarding the adequacy of internal controls and security inherent in your organization’s information systems and the effectiveness of the associated risk management. These audits aim to assure that IT systems safeguard assets, maintain data integrity, and operate efficiently to achieve business objectives.
• Management audit. Also called performance audits, these audits provide independent and objective insight into the efficiency of business processes. Because internal auditing is an activity that is independent of management, internal auditors can (ideally) review a business process, organization, or strategy without worrying about backlash from the administration. A standard management audit reviews the organizational structure, examining how administrative work is divided throughout your organization and whether opportunities exist for increased efficiency.
• Integrated audit. This audit combines two types of audit into one project: an IT audit and an operational audit, or a financial audit and an IT audit focused on internal controls over financial reporting.