The Division of Applications and Software is a part of the Academic Support Unit (UPA) for Information and Communication Technology at Universitas Jember (UNEJ) or UPA TIK UNEJ. Based on interviews, UPA TIK UNEJ has not yet implemented risk management, leading to recurring issues in their IT services. Risk management is crucial for preventing and mitigating negative impacts that can harm the organization. Additionally, it is a requirement for internal quality management system audits, according to UNEJ Rector's Decision Number 20588/UN25/LL/2018. This study aims to identify, analyze, and assess potential risks in the Division of Applications and Software at UPA TIK UNEJ and to apply Bow Tie Analysis (BTA) to identify preventive and mitigative actions for the highest-rated risks. The approach used is ISO 31000:2018, which provides a comprehensive framework for risk management. For in-depth risk analysis, the BTA method, combining event tree analysis (ETA) and fault tree analysis (FTA), is utilized. The research begins with context establishment through interviews, followed by risk identification, analysis, assessment, and mitigation. The results show 21 risks identified in the process of developing information systems or applications. The top three priority risks are coded R02, R04, and R19. The second priority includes 17 risks, and the third priority includes 1 risk.