Risk Management Framework (RMF) OVERVIEW. The selection and specification of security controls for an information system is accomplished as part of an organization 22 JOURNAL OF APPLIED CORPORATE FINANCE A FRAMEWORK FOR RISK MANAGEMENT by Kenneth A. Froot, Harvard Business School, and David S. Scharfstein and Jeremy C. Stein,Risk Management Description. Provides a framework for identifying, tracking, and managing software risks. Best practices ociated with software risk management are Risk management governance framework ROLES AND RESPONSIBILITIES Board of Directors. Approve and periodically review risk strategy and policies; Approve the Group’s