Risk Management is a core component of all governance frameworks, and many IT governance frameworks have evolved specifically to manage risk. ISO31000 and BS31100 are two codes of practice for enterprise level risk management.
Project management methodologies, for instance - from PRINCE2 through to PMBoK - all exist to help organisations reduce the risk in Information Technology Projects, while Business Continuty Plans are essentially designed to ensure that organisations can survive unexpected disruptions to their operations.
Enterprise Risk Management (ERM)
Enterprise Risk Management is the catch-all name given to the core discipline of identifying and assessing risks to the enterprise, and selecting and implementing controls in order to reduce identified risks to an acceptable level.
Business Continuity Risk
Achievement of strategic business objectives depends on the continuity of business operations; natural disasters can be extremely disruptive and, for that reason, business continuity planning is a key aspect of risk management.
Information Security Risk
There is an international standard for information security risk management - ISO/IEC 27005. It is not as clear, nor as useful, as the British risk management standard, BS7799-3. Information Security Risk Management for ISO27001 certification is specifically asset-based and is best tackled using risk assessment software such as vsRisk.
Supply Chain Risk
ISO28000 is the best practice standard for managing risk in the supply chain. IT Outsourcing is a specific area of significant risk for many organisations, a key component of which is the creation and management of Service Level Agreements (SLAs)
The audit of IT controls is a fundamental to any IT governance framework - in the Plan-Do-Check-Act cycle, the Check phase involves a wide range of audit activity, much of which can be conducted by an internal audit team. IT Audit manuals and guides are an important source of guidance on good practice.
Management of Risk (M_o_R)®
M_o_R is the OGC's Best Practice guidance for the management of risk. Almost every organizational decision has an upside and a downside involving some degree of risk. Aimed at everyone who has ever made an important decision, M_o_R is a robust yet flexible framework that allows organisations to assess risk accurately time and time again.
Through this site you can access official MoR guides and books, in all the standard formats.