ITIL is considered a framework of best practice guidance for IT Service Management and it is widely used in the business world. In spite of this, regarding Risk Management, there is only a coordination of exercises instead of a clear and owned process, which can limit the efficiency of ITIL's implementation in organizations. The present work approaches this issue and compares IT risk management in ITIL to other IT Governance and service management frameworks. Going further on this topic, we propose to map the M_o_R risk management framework in ITIL, mapping every M_o_R process, and adopting a strong risk management, which is based on specific guidelines without changing the framework. Besides this, we propose the introduction of new elements in the risk management ITIL process, such as KRIs and a new process responsible for defining risk management that can help guide risk in other processes.