In recent years, due to the popularity of electronic business, enterprises have implemented electronic business backbone - Enterprise Resource Planning(ERP) systems. ERP systems with electronic workflows are bound to replace the traditional manual operation workflows, which resulted in changes in business process reengineering. Therefore, business risk management approach should be adjusted to avoid relevant risks. This study focuses on information technology and information system control architecture— COBIT 5 released by ISACA in 2012 in order to construct a suitable risk management mechanism for ERP systems. On the theoretical side, this study first reviews literature related to ERP systems published in the past decade to collect risk factors from the ERP system environment, and at the same time explores the different risk management standards and norms to development risk management processes for this study. And then construct a prototype mechanism. But the academic literature may not fully reflect the current actually situation. Therefore, through two rounds of the Delphi questionnaires for the content validity test and consistency test to fulfill corrections in this mechanism. As amended, the ERP systems risk management mechanism based on COBIT 5 has 4 dimensions, 49 risk factors and 125 control items for risk factors. Following, on the practical side, use case study method conducting in-depth interview with a case company and verifying the validity of this research mechanism. In this study, the ERP system risk management mechanism is accomplished to entire risk management processes by actions of risk identification, risk evaluation and risk control & response. This study hopes to help enterprises quickly identify potential risk factors and control measures, and provides enterprises a convenient and effective ERP system risk management tool.