What do professional tennis and conducting an internal audit utilizing enterprise risk management (ERM) have in common? As Ed Caesar articulated in his Town & Country article, “Love All,” “there’s an infinitesimal margin between success and failure.” If you think about it, in professional tennis, top players study their opponent, plan their strategy, and execute their shots. Likewise, an internal audit will incorporate all aspects of an organization’s departments, operations, and risk. The goal in the assessment is to find the points of vulnerability or inherent risk. Not all risk is bad, however. For example, drop shots are risky when an opponent is at the back of the baseline, hits the return shot then positions him/herself in the middle to thwart either a close or a long shot. Likewise, evaluating a revenue cycle, for example, can uncover areas of vulnerability, which can then be mitigated through vehicles like insurance policies, leaving only a residual risk, akin to having the vantage of being at the middle of the court. The purpose of this article is to appreciate how to utilize facets of ERM to conduct an internal audit, appreciate what departments need to be analysed, and provide strategic questions for auditors to implement.