memorandum of understanding for risk transfer

[Glen Shere <g-shere () ONU EDU>]

I am searching for examples of, or templates for, a memorandum of
understanding prepared by information security staff and endorsed by senior
management, that:
(a) documents an identified and ongoing information security risk;
(b) documents that senior management elects to accept the identified risk
rather than allocate resources required to address it; and
(c) explicitly releases information security staff from accountability for
managing that risk.

If your organization has a standard template to create this documentation
as the need arises, I am interested in what ever you can share. Real
examples are even better, but given the frequently sensitive nature of
these documents, I am interested only in the documents you are comfortable
sharing.

I recall that several attendees of the EDUCAUSE Security Professionals
Conference called these "risk transfer memos", but various permutations of
that Google search does not yield anything useful. If you call them
something else, what do you call them?

Thank you in advance.
Glen Shere
Ohio Northern University