US state IT departments have a complicated customer base and a wide variety of project types to carry out. You can understand why a robust set of project management processes would be important for managing them. This example of a risk management process from Texas is interesting - it is clearly laid out, covers the major activities associated with risk identification and management and gives examples of types of risks and how they might be addressed.
The fact that there does not seem to be a more recent version of this procedure than V1.0 from 2000 invites the question of how actively the process is being followed and refined.
DIR - Guidelines: Analyzing and Managing Project Risk