This study aims to (1) define the critical risk factors that influence the governance of enterprise internal control in an IoT environment, and (2) classify the risk factors and study their importance in such an environment. The study uses Gowin’s Vee knowledge map as a research strategy to mitigate the limitations of qualitative research through a set of strict research procedures. In addition, the Delphi method is used to test and provide feedback to justify and revise the critical risk factors. Finally, 83 items were obtained and categorized into eight different types of critical risk factors. For emphasizing how the risk factors of enterprise internal control involve diverse stakeholders, the critical risk factors are further classified based on the three-layer DCM architecture for mapping with various perceptions. The results of this research can be used as a reference in managing risk factors under the IoT environment. In the new generation of IoT governance practice, the related factors can also be regarded as the essential measurement items for enterprises in conducting effective internal control and auditing.

这项研究旨在（1）定义影响物联网环境中企业内部控制治理的关键风险因素，以及（2）分类这些风险因素并研究其在这种环境中的重要性。该研究使用Gowin的Vee知识图谱作为研究策略，通过一套严格的研究程序来减轻定性研究的局限性。此外，Delphi方法用于测试和提供反馈，以证明和修改关键风险因素。最后，获得了83个项目，并将其分为八种不同类型的关键危险因素。为了强调企业内部控制的风险因素如何涉及不同的利益相关者，基于三层DCM架构对关键风险因素进行了进一步分类，以映射各种不同的看法。这项研究的结果可作为管理物联网环境下风险因素的参考。在新一代物联网治理实践中，相关因素也可以被视为企业进行有效内部控制和审计的重要衡量指标。