Internal auditing professional standards require the function to monitor and evaluate the effectiveness of the organization's Risk management processes. Risk management relates to how an organization sets objectives, then identifies, analyzes, and responds to those risks that could potentially impact its ability to realize its objectives.
Some of the key risk assessment activities in organizations include: marketing planning, strategic planning, incentive payout determination, credit authorization, and capital planning, each of which can be audited in one or more projects.