HIV / AIDS is not only a risk to the world population, it is potentially devastating to individual organisations. According to the King Report on Corporate Governance, as well as other governance reports world-wide, risk management is primarily the responsibility of the board and senior management. The internal auditor however, has a responsibility to assist management with this task. This paper aims to determine whether internal auditors are aware of the potential threat that HIV / AIDS holds for their organisations. If ignorance is found to be widespread, recommendations are made to the Institute of Internal Auditors to make their members aware. If awareness is found to be adequate, the paper aims to determine whether internal auditing departments in various sectors of the South African business community are complying with this responsibility.