This research proposes a deductive-nomological model studying whether the mitigation of IT-related risks and regulatory compliance can be achieved through information technology general controls (ITGC). A quantitative survey was conducted with enterprises in China. Research findings suggest that effective ITGC help organizations meet regulatory requirements. Sound regulatory compliance helps promote a stronger IT control environment. Yet many Chinese enterprises with ITGC and complying with regulations show weak intention to the mitigation of IT-related risks. Without a risk-based internal control system, compliance itself does not contribute to the goal of risk mitigation. Chinese enterprises need to enhance their IT control ability and to learn to be more risk-oriented in order to cope with ever increasing IT-related risks.