The application of risk management aims to minimize the probability and or consequences of unfavorable events as well as increase awareness of risk in strategic and operational decision making in an effort to achieve organizational goals. The Internal Audit Unit (SPI) Politeknik Pelayaran Surabaya is a supervisory unit formed to assist the implementation of Good University Governance by carrying out inspections or audits of all work units in the non-academic field.Risk treatment is required through risk management as the implementation of the management function in risk management at SPI Politeknik Pelayaran Surabaya. The risk management process uses a standard risk management process 31000 which consists of a context setting process, risk identification, risk analysis, risk evaluation, risk management, monitoring and review, and communication and consultation. This study uses a descriptive qualitative method with a case study at Internal Audit Unit (SPI) Politeknik Pelayaran Surabaya which describes and analyzes risk management using interview and documentation techniques in data collection. Data were analyzed using an interactive model, including data collection, data reduction, data presentation, and conclusions or verification. The final result of the risk management analysis of the internal audit unit (SPI) Politeknik Pelayaran Surabaya is a form of handling strategy in the implementation of internal control.