The main purpose of this study is to investigate internal control and audit items for personal information protection in general organizations. By adopting a qualitative approach and research strategic of the Gowin's Vee knowledge map, in the first stage - conceptual/theoretical aspect, this study systematically reviewed general principles and concepts of PIP acts in Taiwan, and constructed internal audit process for PIP based on the standard of IIA-IPPF: 2013. Further, in the second stage of methodological aspect, this study conducted the method of content analysis to explore, classify, and aggregate the related literature based on a set of keywords and conditions from journal database for obtaining the relevant audit items. The result of this study has two important outputs: internal audit items and audit process for personal information protection in general organizations. The preliminary results of this study can be used as a reference for developing internal audit mechanism and the knowledge to better understand the research method of qualitative approach.