Products and services provided by modern organizations are usually designed, deployed, and supported by large-scale Information Technology (IT) infrastructures. In order to obtain the best performance out of provided products and services, it is essential that these organizations enforce rational practices for the management of resources that compose their infrastructures. For this purpose, in recent years a few standards and libraries of best practices for IT infrastructures and services management have been proposed. Among the most widely accepted proposals, in both academy and industry, is worth mentioning the Information Technology Infrastructure Library (ITIL). A common point in most of those standards and libraries is the explicit concern with the risks related to IT activities. Proactively dealing with adverse and favorable events that may arise during everyday operations might prevent, for example: delay on deployment of services, cost overrun in activities, predictable failures of handled resources, and, consequently waste of money. Although important, risk management in practice usually lacks in automation and standardization in IT environments. Generally, it is performed by stakeholders in interviews and brainstorms, which may be a very time/resource-consuming task and sometimes too imprecise to guide risk related decisions. Therefore, in this dissertation, a framework to support the automation of some key phases of risk management is proposed, aiming to make it simpler, faster, and more accurate. The proposed framework is targeted to workow-based IT management systems. The main approach is to learn from problems reported in the history of previously conducted workows in order to estimate risks for future executions. Furthermore, comprehensive and interactive risk reports are proposed aiming to ease the analysis of assessed risks by involved humans. The proposed framework had its applicability evaluated in two case studies both in IT related areas, namely: IT Change Management and IT Project Management. The results show how the framework is not only useful to speed up the risk assessment process, but also to assist the decision making of project managers and IT operators by organizing risk detailed information in a comprehensive way. In addition, the modular approach employed in the design of the proposed framework allows it to be generic enough to t in dierent contexts (changes and projects) and still customizable to adapt to more specic requirements.