IT Risk Management has long been adopted and implemented in CEC. This is inseparable from the high need for reliable and trusted information technology services at CEC as a government institution that has primary task for eradicating corruption. With a good IT risk management is expected to reduce the impact if the IT risk occurs and impacted to overall business process in CEC. However, up to 15 years after the implementation of IT risk management has never been measured how the level of IT maturity risk management. In this research, Author will use the IT Risk Framework with the risk governance domain approach as a standard IT risk management framework to evaluate the implementation of IT risk management in CEC. The process of evaluating the level of IT maturity is based on the maturity model that has been defined in the IT risk framework.