The Orange Book sets out a framework for the development and implementation of risk management processes in government organisations.
Risks must firstly be identified, then assessed through an evaluation of the likelihood of each risk occurring and an evaluation of the impact if the risk does occur, then addressed. There must be a sensible review and reporting framework in place, and a sensible communications framework.
Accompanying this guidance is further information on managing risk.
Access the Green Book in full.