Risk factors of enterprise internal control under the internet of things governance: A qualitative research approach

This study aims to (1) define the critical risk factors that influence the governance of enterprise internal control in an IoT environment, and (2) classify the risk factors and study their importance in such an environment. The study uses Gowin's Vee knowledge map as a research strategy to mitigate the limitations of qualitative research through a set of strict research procedures. In addition, the Delphi method is used to test and provide feedback to justify and revise the critical risk factors. Finally, 83 items were obtained and categorized into eight different types of critical risk factors. For emphasizing how the risk factors of enterprise internal control involve diverse stakeholders, the critical risk factors are further classified based on the three-layer DCM architecture for mapping with various perceptions. The results of this research can be used as a reference in managing risk factors under the IoT environment. In the new generation of IoT governance practice, the related factors can also be regarded as the essential measurement items for enterprises in conducing effective internal control and auditing.