The process of risk management enables you to take control of the risks that your organization faces to meet business objectives, including risks that arise from not complying with mandated regulations or voluntary policies. In the Compliance and Risk Process Management Pack, risks are defined as "The possibility that an event will occur and adversely affect the achievement of objectives."

Risk management takes place as an IT organization attempts to address risks while achieving its management objectives. IT organizations achieve long-term success using risk driven compliance. Complying with multiple mandated regulations and voluntary polices can be overwhelming. IT needs a structured approach to focus its efforts. Risk Management in the Management Pack is designed to enable you to prioritize your efforts to mitigate areas of high risk in your organization. You can use the Risk Management features to manage risk and map it to control objectives and control activities to help you reduce risk in your organization.