At the portfolio level, all risk elements should be addressed. Risks not addressed at the portfolio level could be addressed through governance processes at the strategic level. In the final analysis, if a risk becomes an issue, that issue may be handled through the organization’s portfolio, program, and project structure, and not at the strategic governance level. In a nutshell, Portfolio Risk Management Framework involves risk planning, assessment and response.
I found the following diagram very interesting where its clearly summarized all the stages of risk management.