Auditing the Process Approach and Risk-Based Thinking

There still seem to be considerable discrepancies when it comes to auditing a management system using the process approach. And now, with the new requirement of risk-based thinking it has become even more confusing. How do you assess if an organization or a manager consider risk without a specific requirement for risk analysis? Risk-based thinking seems new, but it’s not. But how do you audit it?