A privacy audit is no longer simply a bunch of questions for the privacy officer and direct reports. Like a company’s privacy program, the audit reaches into many different parts of the organization to ensure the organization’s goals and promises of privacy and confidentiality are supported by its practices. This article explains the purpose of privacy audits, planning and logistics, and the common steps, distilling insights offered at a recent Privacy+Security Forum program. See our four-part series on a roadmap for building an efficient global privacy program: “Organizational Structure” (May 4, 2022); “Scope and Prioritization” (May 11, 2022); “Buy-In, Scalability and Outside Resources” (May 18, 2022); and “Maintenance” (Jun. 1, 2022).