Risk management aims to minimize the probability and or consequences of unfavorable events and increase risk awareness in strategic and operational decision-making to achieve organizational goals. The Internal Audit Unit (SPI) Politeknik Pelayaran Surabaya is a supervisory unit formed to assist the implementation of Good University Governance by conducting inspections or audits of all work units in the non-academic field.  Risk treatment is required through risk management to implement the management function in risk management at SPI Politeknik Pelayaran Surabaya. The risk management process uses a standard risk management process 31000, consisting of a context setting process, risk identification, risk analysis, risk evaluation, risk management, monitoring and review, and communication and consultation. This study uses a descriptive qualitative method with a case study at the Internal Audit Unit (SPI) Politeknik Pelayaran Surabaya, which describes and analyzes risk management using interview and documentation techniques in data collection. Data were analyzed using an interactive model, including data collection, reduction, presentation, and conclusions or verification. The final result of the risk management analysis of the internal audit unit (SPI) Politeknik Pelayaran Surabaya is a form of handling strategy in implementing internal control.

Ahmad and Rosmiati.2019. Risk Management Analysis in Realizing Good Governance in West Bandung Regency Government. Police. 10 th Industrial Research Workshop and National Seminar

BPKP Regulation Number 6 of 2018 concerning Guidelines for Risk-Based Internal Control.

Griffiths, Phil. (2005). Risk Based Auditing. Burlington, Gower Publishing Company

Government Regulation of the Republic of Indonesia. Number 60 of 2008. About. Government Internal Control System.

Government Regulation of the Republic of Indonesia.No. 23 of 2005. Concerning the Financial Management

Hanafi, M. 2006. Risk Management, Yogyakarta: Unit. Publisher and Printing College of Management. YKPN.

ISO 31000. 2009. Risk Management - Principles and Guidelines. ISO 31000. 2018. Risk management – Guidelines.

ISO 31000. 2018. Risk management – Guidelines

Meilania, T. 2014. Implementation of ISO 31000 in Risk Management in Rural Banks (Case Study of Rural Banks X). Journal of Business Administration, Vol. 10, No. 1, ISSN: 0216–1249.

Mukhlis and Supriyadi. 2018. Design of a Risk Management System at a Legal Entity State University (PTN BH) Case Study at Gadjah Mada University. Journal of Applied Accounting and Taxation, Vol. 3, No. 2, e-ISSN: 2548-9925.

Minister of Finance Regulation of the Republic of Indonesia Number 171/PMK.01/2016 concerning the Implementation of Risk Management in the Ministry of Finance.

Minister of Finance Regulation of the Republic Indonesia Number. 200/PMK.05/2017 concerning. Internal Control System in Public Service Agency.

Minister of Transportation Decree of the Republic of Indonesia Number KM 144 of 2019 concerning Internal Audit Units at Public Service Bodies

Nadya Wiandhini (2019) Analysis of Risk Management at the University of Lampung Internal Control Unit (SPI) Using the ISO 31000 Method. University of Lampung Bandar Lampung

Rilyani, AN Firdaus, Y. and Jatmiko, DD 2015. Information Technology Risk Analysis Based on Risk Management Using ISO 31000 (Case Study: i-Gracias Telkom University). Journal of e-Proceeding of Engineering, Vol. 2 No.2, ISSN: 2355-9365.

Susilo, LJ and Kaho, VR 2010. ISO 31000-Based Risk Management for the Non-Banking Industry. Jakarta: PPM Publisher.

Susilo, LJ and Kaho, VR 2018. ISO 31000:2018-Based Risk Management – A Guide for Risk Leaders and Risk Practitioners. Jakarta: Publisher PT Grasindo.

The Institute of Risk Management (IRM) and The Association of Insurance and Risk Managers (AIRMIC). (2002). Risk Management Standards.

Yuli Ari. 2020. Implementation Of Risk Management In The Public Sector. Paris Review Edition 2020/no. 12ISSN 2088-2890