What you should look at:
BTP LeAd Services for Risk Management
Risk management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
(Risk is defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative)
Good Practices / Standards: Risk IT, ISO 31000