The Mark Twain quote is a good starting point for risk management. The picture below is from Formal Risk Management, David Nicholls in the Data and Analysis Center for Software, 1/1/2004. The DACS is a Department of Defense (DoD) Information Analysis Center (IAC), serving the DoD for over 30 years. As an IAC, the DACS is Center of Excellence, and technical focal point for information, data, analysis, training, and technical assistance in the software related technical fields.
We've all seen these excuses for not doing risk management, for not handling the risks, for not retiring the risks before they become issues.
I'm working on an NDIA Program Management committee that is building a Risk Management Practice Guide (not the official name yet). The committee is trying to frame a set of practices for good risk management on National Defense programs (hence the National Defense Industry Association), without defining the prescriptive steps. Instead to make the practices descriptive in the same way the Earned Value Management Intent Guide.
The problem of course is that many organizations see Risk Management as a necessary evil, rather than a project management method. The best description of how to think about risk management is Tim Lister's How Much Risk is Too Much Risk
The notion Lister states is that Project Management is Risk Management. All other activities in the project are data generating or data producing. The verb management is about managing risk.