The success rate of information technology (IT) projects is still low. Based on one survey done in 1990s, only about 10% of software development project could be finished according to its planned budget and schedule. Another study in 1995 found that only 16.2% IT project succeed, and at the same time more than 31% IT projects were cancelled before finished. It has been found a lot of IT projects had been implemented with swelling budget. Although it is still debatable, one of the reasons of IT project implementation failure is because risk management in some IT projects is not implemented by the IT providers. The objectives of this research are to get knowledge and assess risks in implementing IT projects. This research also gives recommendations in mitigating IT project risks. In two projects that were used as sample of this research, it has been found some risks that could be happened in IT projects. That risks were then assessed based on the probability and its impact, and finally produced the recommendation for risk mitigation. All risks are described in the Risk Priority, moreover risk probability and impact is described in the probability-impact matrix from all of 4 levels. This research could improve the awareness of IT providers in Indonesia about the important of implementing IT risk management so that more IT projects in Indonesia could be run successfully.