Their is a lot of confusion amount the professionals in clearly understanding the role of internal audit and risk management. In this video I try to make that distinction clearly.

Generally speaking, risk management act as a facilitator as a support department to other organizational department in helping them to identify and report key risks and manage those risk within risk appetite. It falls under the second line of defense with partial independence.

The internal audit is the third line of defense, which means if a risk pass through its unlikely that the organization controls system would be able to treat that risk and eventually it will expose the organization to the risk exposure. The internal audit is responsible for overall risk management, control and corporate governance and to overseas are these elements contributing and playing their part in other overall achievement of organizational objectives. To know more refer to the video for better understanding.