Refers to the actions, processes, traditions and structures by which authority is exercised and decisions are taken and implemented. Risk governance applies the principles of good governance to the identification, assessment, management and communication of risks. Effective risk governance should provide the operating model and decision-making framework needed to identify and respond to risks.
Retrieved and adapted from International Risk Governance Council. (2018). https://www.irgc.org/risk-governance/what-is-risk-governance/
In the context of IT, a process to assure that investments in IT generate business value and mitigate the risks, for example security and privacy risks, that are associated with IT. Risk Governance is aided by the use of common control frameworks and standards and usually involves various risk management activities such as threat / risk assessments and response / remediation planning.