This study starts from exploring the mobile payment risks. Further, developing a risk management and auditing mechanism for organization under mobile payment environment. To ensure that organization’s risk controls are well-designed and effective implementation. Gowin’s Vee model is adopted in the research strategy. Through literature review and the Delphi expert questionnaire, this study constructs and revises a number of risk factors and audit items under the mobile payment environment. Total are 86 risk factors and 158 audit items. Then classifications of risk factors rely upon the cross-risk of enterprise from the Research Central of Economics. Further identify these items corresponding to risk categories. This study can be illustrated that the internal controls have the opportunity resolve the type of mobile payment risks, finally builds a manual of mobile payment risk management and audit. By the checklist in manual, plus CMMI model, organizations can execute self-assessment risk whether have related internal controls to effective management. Afterwards, these mechanisms inspect through a practical case to verify. In the interview, the inspection is understood not only the internal controls and audit approach in response to mobile payment, but also reveals feasibility of the mechanisms on the practical usage by the G digital enterprise of technology.