本研究目的為發展物聯網環境下企業風險管理與內部控制稽核機制。在質性研究法及Gowin's Vee 知識地圖的基礎下，首先透過文獻探討的方式整理物聯網環境風險因子與內部控制稽核項目；各類風險因子與稽核項目，在企業交叉風險及COSO 內部控制整合框架的對應下產生問卷雛型，並透過德爾菲專家問卷的訪談來修正問卷。其次，本研究運用國際內部稽核協會（IIA）所建立的三道防線及能力成熟度整合模型（CMMI）之概念，來進一步發展稽核流程與評估方法。最後，本研究以三家公司來進行個案實證，以驗證所產出的稽核機制被運用在企業內部控制稽核的可行性。本研究成果可貢獻於學術界強化質性研究知識，與實務界在物聯網環境下實施企業風險管理與內部控制稽核之參考。

The aim of this research is to explore the factors influencing enterprise risk management and auditing mechanism of internal control in the internet of things (IoT) environment. Applying a qualitative research approach and following the Gowin’s Vee research strategy, firstly, this study reviewed the relevant literature and used the Delphi expert assessment method to identify risk factors as well as auditing items in the IoT environment. Secondly, according to the nature of eight types of intersecting risks and internal control framework of COSO 2013, this study constructed the three lines of defense in effective risk management and internal control mechanism based on the evaluation criteria of Capability Maturity Model Integration (CMMI). Lastly, this research conducted empirical case study from three enterprises to verify that whether the risk factors and auditing mechanism can be effectively used for internal risk control assessment within the corporation. The audit mechanism established in this study and the empirical process of case study can be referenced by academia for enhancing the knowledge of qualitative research, and also by industries as IT governances in the IoT environment.