PT. XYZ is a manufacturing company whose risk management practice is still categorized as an inefficient one which indicates the failure in the operations of the Enterprise Risk Management Department. Recently, there is no previous risk management research carried out on the implementation of risk management itself or which in this research explained as an operational risk at Department of Enterprise Risk Management in PT. XYZ. The aim of this research is to do risk analysis within the operations of the Enterprise Risk Management Department in PT. XYZ. Risk analysis was carried out using the ISO 31000: 2018 framework with qualitative approach which is only limited to the process of risk identification, risk analysis, risk evaluation, and risk treatment option selection. According to the analysis that has been carried out, 17 risks have been identified with 3 different types of operational risks, namely process, system, and people. From the assessment for each risk, the result shows that 9 risks are high risk, 7 are moderate risks, and 1 low risk which means that there is a need for mitigation actions for most operational risks that have been identified to reduce the level of likelihood and consequence of those risks.