An IT Investment Risk Framework is a set of constraints that an organisation imposes on its development organisation to ensure that IT Investments are delivered in a way that manages the risk involved. It should create failure containers so that any failure does not propagate across the organisation like the failure at Knight Capital which caused the organisation to fail.
The boundaries imposed by the framework should be negotiable rather than fixed, otherwise the framework may fail catastrophically. (Hat tip to Dave Snowden’s Cynefin Framework.)
The Risk Framework should NOT specify how the IT Investment is made, simply the way that IT Investment risk is managed. The Risk Framework specifies a number of Commitments placed on the development organisation when they accept funding for an investment.
By comparison SAFE and LESS are frameworks that seek to optimise the delivery of value to the organisation. They provide a number of enabling constraints in the form of principles. The SAFE and LESS frameworks can both be deployed within a IT Investment Risk Management Framework providing they satisfy the its constraints. In effect, they are an Option that the development company may adopt.
In summary an IT Investment Risk Management Framework is a commitment placed on a development organisation whereas the SAFE and LESS frameworks are options available to the aid development.