Enterprise risk management frameworks defined

Two important ERM frameworks are COSO and RIMS. Each describes an approach for identifying, analyzing, responding to, and monitoring risks or opportunities, within the internal and external environment facing the enterprise. Management selects a risk response strategy for specific risks identified and analyzed, which may include:

Avoidance: exiting the activities giving rise to risk
Reduction: taking action to reduce the likelihood or impact related to the risk
Share or insure: transferring or sharing a portion of the risk, to reduce it
Accept: no action is taken, due to a cost/benefit decision

Monitoring is typically performed by management as part of its internal control activities, such as review of analytical reports or management committee meetings with relevant experts, to understand how the risk response strategy is working and whether the objectives are being achieved.

http://en.wikipedia.org/wiki/Enterprise_risk_management