Information Technology Governance in UIN Jakarta is the responsibility of the Pusat Teknologi Informasi dan Pangkalan Data (Pustipanda). Some troubles have occurred in the data center Pustipanda, among others the loss of courses and its values that have been inputted in the application of Academic Information System (AIS), loss of data that has been inputted on the application Beban Kinerja Dosen (BKD), damage data content on the portal in the environment UIN Jakarta. Risk analysis is needed to identify and anticipate and minimize risks which may occur. In this research, the risk analysis is using the COBIT 4.1 framework that is in the PO9 process (Manage and Assess IT Risk) as input towards PO9 is the domain of PO1, PO10, DS2, DS4, DS5, ME1, and ME4. Questionnaires which were distributed to respondents were developed from input variables. Respondents were chosen by purposive sampling method. The results of the questionnaire were recapitulated and calculated the value and degree of capability. The result of this research is the level of domain capability in data center Pustipanda is at level 2 (managed) with value 1.91. A fairly low value is obtained on DS4, DS5 and ME1 domains, which are 1.67, 1.88 and 0.67. Arosen risks from the majority of data center risk assessment were the absence of documented policies and procedure and lack of training for risk management measures at Pustipanda data center.