Board directing is a continuous process of risk analysis and control in response to the duality of risk as threat and opportunity. Judgments are made and remade to simultaneously reduce the potential for damaging threats (e.g., fraud, reputation damage), while exploiting opportunities (e.g., new product development, mergers and acquisitions). Adopting an institutional logics approach, we explore this process of risk analysis and control through the varied subject identities (e.g., directorial roles), risk management practices (the procedures and tools used to identify, assess, and control risk), and risk objects (the product of risk identification, assessment, and control, e.g., a risk matrix or register) of boards. We argue that the contingent interaction between these identities, practices, and objects inform the “risk logic” of a board, which may draw attention to the notion of risk as threat, risk as opportunity, or both threat and opportunity. Using the testimony of 30 executive and nonexecutive directors that represent 62 companies from a range of public, private, and third‐sector organizations, we contribute to the literature on the microfoundations of risk analysis in organizations by shining a light on how board directors understand, assess, control, and ultimately govern risk in organizations.