Risk management knowledge is evolving and the body of this knowledge is in the process of formulation, so the necessity of a conceptual framework is obvious.  Conceptual framework is a useful tool in the formulation, implementation and creation of the grounds for the development of knowledge.  The choice of an appropriate framework for implementing a risk management process in organizations is the first and most important step.  An appropriate framework for organizations that have recently implemented a risk management process is indicative of the direction in which programs are developing, and for organizations that have already begun the risk management process, it is a measure to assess the status quo and identify strengths and weaknesses.The two most commonly used risk management frameworks are: 1. The ISO 31000 risk management framework and the COSO 2004 Integrated Framework for Risk Management. In the process of developing these two frameworks, a large number of risk management experts have been widely contributed and recognized both frameworks as good ones.  Each framework has its own strengths and, in addition to being functional, can be developed and not necessarily comparable to identify the best framework.  In fact, the type of organization that seeks to implement the risk management process determines the appropriate framework.  This paper presents a brief description of the two risk management frameworks and emphasizes the role of internal controls in the organization on the importance of establishing a risk management framework on the internal control framework.