Abstract: According to the four phases of the commercial bank's risk management: identifying, measuring, controlling and inspecting, this paper studies the main points, the specific methods and the problem that should be noticed for the internal audit for the commercial bank's risk management information system. The results show that the internal audit should understand the risk management process and control risk management techniques in order to comprehensively review and evaluate the various components of risk management system, and become an independent, objective and impartial risk restraining and evaluation mechanism.