Abstract The utilization of information technology plays a crucial role in the operations of organizations or companies, including the Communication and Informatics Agency of East Java Province. The utilization of information technology is governed by Presidential Regulation No. 95 of 2018 on the Electronic-Based Government System (SPBE). The purpose of conducting risk management evaluation is to reduce the impact of risks within the organization and to determine the level of SPBE risk management capability. This research uses the Control Objectives for Information and Related Technologies (COBIT) 5 framework. The current assessment results for EDM03 Ensure Risk Optimization (as is) have reached Level 2 – Managed Process with a score of 74.9%, and APO12 Manage Risk (as is) has reached Level 1 – Performed Process with a final score of 79.39% with the category of L (Largely Achieved). Based on this assessment, the gap for EDM03 is one level, and the gap for APO12 is two levels