Risk control is a type of risk treatment that involves implementing policies, procedures and automations to reduce risk. For example, the risk of equipment failure might be controlled by performing regular maintenance according to a predefined schedule.
Risk management is the end-to-end process of identifying and handling risks. Each risk is analyzed and a decision is made to avoid, accept, mitigate, transfer or share each risk.
Risk management uses risk control as one method of treating identified risks.