||The thesis deals with internal processes taking place in financial institutions, especially with emphasis on processes related to internal control and risk management. The aim of the thesis is to investigate the structure and the role of the internal audit processes in financial institutions; to analyse weaknesses and possible threats in relation to risk management, and to come up with relevant recommendations for increasing the effectiveness of internal audit processes. The partial objective is to analyse a legal framework governing internal audit and risk management in the financial institution. The theoretical part of the thesis defines the meaning of internal control and audit in financial institutions, legal framework regulating the work of internal auditors, risk managers and controllers in financial institutions, and standards that must be respected and implemented by the financial institution during the provision of financial services. The practical part is a case study of VersaBank, a Canadaian financial institution. The main question is to find out what processes in the risk management department in the financial institution are the main ones, what are the secondary ones and how these processes are managed in a financial institution. The goal is to track and reveal the current construction of the company’s risk management procedures, and their effectiveness against the existing risks and threats.