First of all you should understand that if this organization is planning to be certified against ISO 27001, the lack of the statement of applicability is a major non conformity that can prevent the certification audit to proceed until an approved statement is available. So, if this internal audit you mentioned is related to an ISMS implementation aiming for certification, you should solve this question as soon as possible to ensure this issue will not compromise the certification audit. For more information about the Statement of Applicability, please read this article: The importance of Statement of Applicability for ISO 27001 https://advisera.com/27001academy/knowledgebase/the-importance-of-statement-of-applicability-for-iso-27001/
Regarding internal audits, an organization can decide to proceed with the audit even with the lack of the statement. In practical terms, the lack of the statement of applicability only will make your audit work harder. You should look for the approved risk assessment report and risk treatment plan to identify which risks are to be treated a nd how the organization proposes to treat them. These information will not be sufficient to cover the requirements of the statement of applicability (this lack of documentation will be your first non conformity), but you at least will have some information to audit the controls the organization has decided to implement. In the case you do not have either the approved risk assessment report nor the risk treatment plan then you cannot proceed with the audit, because you will not have enough information to know which controls to audit.