Due to the increasing demand of applying information technology today, enterprises must change the existing business model since the traditional artificial works can’t meet their basic needs. In this case, the implementation of Enterprise Resource Planning (ERP) has become companies’ key importance of enhancing competitive advantage, and we can also find that more and more operating procedures need to be integrated with information systems, which is an evidence to prove that Information Technology (IT) has become an important tool for companies to achieve strategy goals. Based on the above dimensions, we find that companies’ existing internal control activities are affected by the changes of their operating procedures and information systems. In the past, auditors verified the rationality of financial statements by evaluating trading documents. But we find that as companies use information technology systems frequently, auditors find it difficult to examine trading documents artificially because those documents have changed into digital other than paper works. In this case, we suggest that auditors can work with Computer-assisted audit techniques (CAATs) to handle with the above changes. The numbers of computer fraud crimes are increasing during these years. We find some people commit those crimes by tampering system data and program. Tampering system data is by changing data during or before the input process. On the other hand, Tampering system program is by running the programs that are already tampered before. The above ways are hard to be found, so the change management system for risk management is indispensable to protect information systems of firms. In this research, we use COBIT5 to do the corporate information system change management and assure the system safety management that is widely used in the IT management. By developing and using Continuous Audit system, we can improve companies’ internal audit efficiency, quality, and decrease the operational risk of IT. What’s more, we can improve companies’ information security environment and further improve the IT governance ability by this research.