Which of the following detail the duties and actions to be performed in managing the risk?