This study aimed to identify the role of the auditor’s judgment in dealing with the risks of the IT environment, so I studied the process of IT risk planning , and study how the auditor to reduce the risk of information technology. The study on designing a questionnaire covering the variables and hypotheses of the study , the questionnaire consists of 14 paragraphs, were used methods of statistics such as averages and standard deviations, and percentages and frequencies , and the study sample consisted of auditors (52) (external Auditors )for commercial banks in Jordan , most results are: Auditor determine the output of the likelihood of recurrence of the threat event (incidence of threat), and is expressed in a year ,Auditor Identify risks that cause weakness and imbalance core activities of the company, and monetary loss resulting from it , and Auditor prepare Prioritize risks according to their importance. Study recommendations are: its important to care that the members of the team in charge of identifying risks with a statement of clarification and details in favor of it, based on the knowledge that they own about those risks. And Auditor evaluate on an ongoing basis and on a periodic basis, and this determines the important information should be focused information security on them.