Risk management for ERP postimplementation is required to achieve ERP success. In this paper, risk management for ERP postimplementation is designed using COBIT 5 for Risk on APO12 processes. The design of a risk management framework begins with assessment of ERP postimplementation success adopting two approaches, namely the framework of ERP post-implementation success and Critical Success Factor of ERP post-implementation as an input to the risk identification adopted from COBIT 5 for Risk. The study was conducted at the company that has been entered the ERP post-implementation stage. The results of research on the case study company are ERP post-implementation success assessment by only 55.6% and there is a fairly high percentage of unsuccessful at 44.4% which indicates a risk that must be managed. Risks that need to be managed as many as 26 ERP post- implementation risks that are grouped into nine categories of risk. With the option of risk response is one risk are transfered, 21 are mitigated and four are accepted.