Risk Management for IT Projects

There are a variety of standards associated with risk management including PMI's Project Management Body of Knowledge (PMBOK), Australia-New Zealand ANZ- 4360, ISO 31000 Risk Management - Guidelines on Principles and Implementation of Risk Management, NIST 800-30 Risk Management Guide for Information Technology Systems, FAIR, IEEE 1540, and many others. Both PMBOK and ANZ-4360 focus primarily on project risk management whereas NIST 800-30, ISO 31000, and FAIR have a much broader scope and focus primarily on organizational or Enterprise risk management. Fundamentally, all of these standards have five basic components in common; risk management planning, risk identification, risk analysis, risk mitigation, and risk monitoring.