Conventional techniques for identifying, classifying, organizing, and mitigating risks are becoming overwhelmed by the system’s complexity, both in terms of the number of individuals and organizations that are involved in such systems as well as the large amount of data that is required to support risk management practices. The practice of Risk Management at the system or program level has focused on analyzing and mitigating individual risks. Risks at the enterprise level introduce an additional layer of complexity because of the far reaching implications of the risks at that level. Consequently, it is not sufficient to address individual risks, nor will the potential mitigations necessarily be effective for the entire enterprise. Enterprise risks require an adjustment to our thinking about how and where to apply risk mitigations. This paper proposes that risks at the enterprise level be viewed as “portfolios” or collections of risks. The methodology is to analyze risk patterns across the enterprise and determine where the natural aggregation points are. The interdependencies between risks are highlighted and used to determine effective mitigation strategies. Once the overall pattern or the “RiskMosiac©“ are understood, then individual risks can be treated to the benefit of the multiple entities in the enterprise. Examples of some early work in this area for NextGen are discussed.