This study aims to investigate enterprise risk factors for governing the risk of Internet of Things (IoT) environment. Under the guidance of Gowin’s Vee knowledge map strategy, this study reviewed the related literature and used Delphi expert questionnaire to construct and revise the defined risk factors. Two rounds of expert survey were conducted. A total of 24 experts from the fields of information technology, audit management, and risk management were selected to conduct the questionnaire survey. Eighty-three question items were obtained and categorized into various types of risk factors including environment, process, decision-making, operation, authority, data processing and information, moral, and finance. These factors were categorized according to the consistent opinion of experts. Program SPSS 12.0 was adopted to analyze feedback information from expert questionnaire by conducting statistical analyses and validity testing. All risk factors were integrated and designed carefully, supplemented by verification through statistical value of mean, inter-quartile range, and content validity ratio (CVR). The results of this research can be used as reference in the study of risk factors under IoT governance, and to enhance the development of knowledge on qualitative research. Further, in the new generation of IoT governance practice, the related factors of enterprise risk management can be regarded as key measurement items in internal control and auditing