After the Enron and WorldCom scandals broke, the U.S. Congress passed Sarbanes-Oxley Act of 2002 at the end of July in 2002. The passing of Sarbanes-Oxley Act prompted the creation of ERM Integrated Framework, which requires companies to establish risks-oriented internal control systems. This research establishes its research structure based on the research strategies proposed by Gowin's Vee. On the theoretic aspect, this research confirms the measurements and items of risk assessment required for general control, in order to ensure that the list is compliant with Sarbanes-Oxley Act. This approach also assures and enhances the content validity of measurements and assessment items, and the consistency with practices. Before the empirical study, this research develops an expert questionnaire by referring to the method and validation process proposed by Lawshe (1975). The results showed that the respondents are highly willing to use the risk assessment model constructed in this research and that the model fulfils the auditing requirements for Sarbanes-Oxley Act and the requirements for risk assessments of general control.