To find out the uncertainties that occur in the XYZ Group, an enterprise risk management analysis is carried out in the XYZ Group. Risk analysis is carried out based on the ISO 31000:2018 framework with ISO 31010:2019 as a guide for implementation and techniques in using the framework. In the risk analysis process, the identified risks are divided into 3 based on relationships including risks related to construction, risks related to procurement, and general company risks. From the analysis that has been done, there are 29 risks identified categorized into 3 types of risk including operating risk, market risk, and other risks. There are 4 sub-types of operating risk including process, human, legal, and external events. While on market risk, there are 1 sub-types identified, namely risk of changes in commodity values. In other risks, there are 2 sub-types, namely financial and reputation risk. From the assessment of the likelihood and consequence level, there are 1 risk including extreme category, 9 including high category, 3 including moderate category, and 16 including low category. For the medium, high, and extreme categories mitigation measures are needed for some risks in order to reduce the likelihood and impact of those risks.