Increasing IT budget and over-dependence of business on IT infra-structure makes risk management a critical component of enterprise management. The creation and sustenance of an IT risk management framework is one of the crucial and challenging tasks of modern corporate enterprise management. This paper presents the risks that organizations face with respect to IT, discusses the key risks in IT related functions and proposes a framework to monitor the risks. The authors' framework organizes IT risks into five categories: infrastructure development and support, operations and maintenance of business process, office level support, software development and outsourcing management. The framework becomes the basis for an enterprise risk assessment model.