We need to determine a common sense, easy-to-use definition of risk. Risk in mathematical terms consists of multiplying the likelihood of an event or problem occurring by the impact or exposure or loss if the problem occurs. We will use a similar definition. An IT element such as a plan, project, etc., has risk or is risky if it has one or more associated significant problems or issues. Significance is determined by the degree of impact of the issue and the likeli- hood that it will happen. This will be useful for us since it gets at the fac- tors behind the risk. Why is there risk? Because of the associated issues and problems. Information systems and technology have risen in importance to the perform- ance of the business processes of organizations. Thus, the business, technical, and political success of companies is perceived to depend increasingly on IT. With this increased importance, it has become more evident that traditional manage- ment of IT as a narrow, reactive support activity is neither sufficient nor respon- sive to the greater and more sophisticated demands placed on IT. In order for a company to succeed, IT must be aligned and fully integrated into the business processes. Resource allocation, portfolio management, project management, process improvement, and change management must all work together to support sustained process improvement. That is the modern goal of IT as opposed to goals of the past related to efficiency. Here efficiency is replaced by effectiveness. Management expectations of IT and systems was fairly limited. If you read the literature of 20–30 years ago, you find that many upper level managers had little understanding of IT. There was only a limited view of how dependent the organization was on systems and technology. In fact, systems was often viewed as a way to perform manual work faster. Thus, the expectation of management was that IT be an efficient, low-cost service provider. Most IT projects were selected based upon management judgment on what was needed. This was often based on what vendors offered and what other similar firms were doing. People paid lip service to benefits, but benefits were seldom enforced. After all, many processes did not heavily interact with systems. You often did the work and then input the results of the work into the computer system. Technology advances, new software systems, and the drive of firms to be more productive, efficient, and competitive changed all of that. Management began to realize that the critical success factors for business profitability and growth lay in the performance of business processes rather than the business departments. Attention began to center on how to improve the business processes. In parallel, systems became available that could perform more of the work in the business processes. Enterprise Resource Planning (ERP) systems are just one example of a class of systems. Others existed in transportation, logistics, manufacturing, distribution, and retailing.