At the outset, it should be recalled that a risk is an uncertain event or circumstance which, if it occurs, may have a positive or negative impact on the objectives and course of an IT project. On the one hand, risk is therefore a threat, but they can also be – although less frequently – an opportunity for the company.
Many innovations and technologies were discovered by accident, e.g .:
	- Microwave oven (application discovered by accident in 1945 during tests of electron tubes)
- Potato chips (the effect of a cook’s dish being matched to the customer’s constant complaints – 1853)
- Play-Doh plasticine (accidentally created as a result of the development of a wallpaper cleaner, the recipe is a secret – 1955)
 
A possible problem for the company arises when the risk materializes, i.e. the scenario described in the risk actually occurs. For this reason, it is recommended to manage potential risks as part of IT projects.
The most important types (sources) of risks include the following risks (after M. Wirkus):
	- TECHNICAL – resulting from the application of new IT technical solutions.
- MARKET – arising from the uncertainty of what the future recipients of new solutions will be, how big the market will be (how many buyers there will be) and how willing and on what terms they will want to take advantage of the proposed offer (based on the implemented technology).
- FINANCIAL – associated with unknown costs and effects of the implementation activities and the methods of their financing.
- TIME RELATED – denoting threats resulting from improper estimation of the time of implementation of implementation activities, as well as disruptions in their course.
- RELATED TO PEOPLE – resulting from, for example, improper selection and effectiveness of work and cooperation of team members (teams) of executors.
- MANAGEMENT – arising from the risk of adopting the wrong structures and methods of operation (eg post-implementation IT technology support processes or a new tool that supports project portfolio management that is too complicated and involving too many company resources).
 
Every risk can be managed. There are at least four main ways of dealing with the risks associated with technology transfer projects, which are presented in the table below.
 Tab. 1. Ways of dealing with risk (with examples)
| Manner of dealing with risk | Characteristics | Examples | 
| Risk elimination and / or avoidance | A procedure consisting, for example, in ceasing the implementation of a too risky project or a radical change in the approach to its implementation. | The cable computer networks originally planned for implementation were replaced with wireless technology due to the risk of interfering with the structure of the building walls. | 
| Transfer of responsibility | Enabled, for example, through a contract with an insurance company signed to insure against the negative effects of project implementation or the purchase of additional guarantees from a technology supplier. | In order to minimize the risk of loss of equipment, the ordered transport of servers from Canada was insured for $ 1 million. | 
| Mitigation of potential effects | Focus on taking proactive (anticipatory) actions or introducing preventive actions. | A company from the mechanical industry diagnosed the risk of a modern (computer-controlled) cutting laser not matching the dimensions of the room – a smaller model was selected before placing the order. | 
| Acceptance of the risk | It consists in accepting a certain factor (passive transition) or building a back-up plan. | One insurance company was changing the internet platform for all of its 50,000 customers. The implementation of the new platform was subject to the risk that customers would not be able to log into the new website due to the possibility of old passwords not working. For this circumstance, a backup plan was built to ensure that a new password to the portal could be generated and sent to customers electronically. | 
 
At INNOKREA, we have implemented the ISO9001: 2015 quality management system. As part of this system, we make sure that each of our projects has a project card under which we manage the current key project risks. Risks change during the implementation of each IT project. We deal with some of them and others appear. It is important to be pragmatic in this entire process and to focus only on the significant risks to the success of the entire project.