This document provides guidance for directors, chief audit executives, and internal audit staff on implementing risk-based internal auditing (RBIA). It discusses why understanding risks is important for directors and their responsibilities in ensuring an effective risk management framework is in place. RBIA is described as the methodology used by internal audit to provide an independent opinion on whether the organization's risks are being managed to acceptable levels. The document outlines some of the advantages of RBIA, such as improving the effectiveness of internal audit and expanding the scope of audits, but also notes potential challenges with resources and specialist knowledge.