This study aims to construct a risk assessment framework for computer-aided internal auditing for the banking industry. Based on literature review, this paper first generalizes and defines the risk criteria. Then, by expert survey, it determines the criteria indicators, and then, employs DEMATEL and ANP to analyze the causal relationships and relative weights among the risk assessment criteria, in order to develop a concrete risk assessment model. This system can be used by banks to assess internal auditing risks.The results indicate that the most important risk criterion involved in lowering computer-aided internal auditing is ”legal compliance.” ”Organizational identification” is the main indicator for examining and observing the risk management abilities of computeraided internal auditing. Lessening internal auditing risks is no longer a simple administrative procedure and post hoc report, but requires computer knowledge and proficiency in order to enhance the prior risk judgments and prevention abilities of an internal control system.This study suggests that banks should concentrate on the job functions of internal auditors, enhance the computer proficiency of internal auditors, and recruit auditors with computer proficiency in order to effectively lower internal auditing risks of banks.