Information systems (IS) requirements are often difficult to define and are inextricably tied up with people and organisations. Add to this the continually changing nature of the technology and you have a cocktail of risks. This article focuses on risk management as one tool which can make the difference between success and failure, and examines its application to a risky project developed for the operating companies of a large multinational organisation.