There are two broad types of audits
based on the method of conducting an audit:
Internal risk audit: An internal risk audit is done by an
organisation’s internal team, which is not a part of the project. Usually, it
can be a separate team from the audit department or people from the peer team
or other projects. There is a tendency that internal audits are not taken
seriously; however, the project manager must look at a risk audit as an
opportunity to find the gaps and close them before they turn into serious
threats and affect the project deliverables.
External risk audit: An external risk
audit is done by a third-party agency, government or private agency that looks
at the processes and procedures and rates the conformance and issue
recommendations. External risk audits are critical in stakeholder management
because the stakeholders get to hear an independent opinion of the project
management.