Abstract Since the Security First Network Bank in the United States of America established the first internet bank in the world in October 1995, the globe banking industry which have struggled for stagnation have set up their own internet business sector one by one. Indeed, the Internet has created many kinds of new business opportunities for the banking industry via the ultimate convenience for customers to adopt any bank offerings. However on the other side, there are many kinds of new business risks emerging once banks stepping in the Internet. The only conviction comes to that the Internet is rather an open environment and a kind of public communication web to which anyone could access and his or her identifications do not need to be authenticated. Thus, the risk management and security controls are the major concerns in the Internet banking business. After a preview study was made by the researcher, the COBIT（Control Objectives for Information and Related Technology）internal control framework is found to be more suitable to adopt to deal with the Internet bank’s risk management and security controls. The major purpose of this study is trying to figure out the scientific profiles when any Internet banking would follow the COBIT to manage their risk management and security controls. This study is exploratory in nature. The theoretical framework was built up after reviewing all Internet baking related papers and COBIT related as well. The Internet banking current situations and the COBIT practice also has been examined, and then the research conceptual framework has been finalized. There are four dimensions: the managerial section; the technology section; the internal control section and the performance section in the conceptual framework. The empirical study is a kind of survey researches via a questionnaire. The factor analysis, ANOVA and multi dimension regression are adopted as the statistics methods. The follows are the major findings: 1. The managerial section includes the security requirements, the risk management practice and the risk evaluation. The technology section includes the security control and responsive plans. The internal control section includes the security and credit requirements, and the quality level requirement. 2. The P values of the four regression models which are make up by the managerial section; the technology section; the internal control section as the independent variables and the performance section as the dependent variable come to significant levels. It means it failed to reject the managerial section; the technology section; the internal control section and the performance section are irrelevant. In another words, the variables of the managerial section, the technology section and the internal control section are important in the Internet banking’s risk management and security controls Taiwan Internet banking are a little bit laggard comparing with the worldwide stride. The research conclusions would be a worthwhile to them as the internal control reference when they want to take a foot into the Internet business.