This is a somewhat subjective question as what one person believes to be the best risk management policies in the area of technology, may not be the same as the next. Having said this, I will discuss those risk management services that are most common/important.
Perform Risk Assessment
Assess Key Business Risks
Begin with an in-depth analysis of the key functions in each of your business units, including a review of the special internal, external, and Sarbanes-Oxley (SOX) considerations unique to your organization and industry.
Deploy Proprietary Risk Assessment Model
Based upon an initial examination, its ...
About 300 words (no references). OTA's opinion with discussion.