While the issue of risk in information technology outsourcing (ITO) is addressed by numerous authors, the risks of business process outsourcing (BPO) are essentially unexplored. The authors propose that the risk structure of ITO is different compared to the one in BPO, the latter therefore requiring additional research. To challenge this proposition the major risks of ITO have been derived from literature and were assessed whether they apply differently to BPO engagements. The assessment has been conducted via structured interviews with senior business and risk mangers of BPO service providers and BPO customers. Our findings indicate that, although the individual risk types are generally the same, they differ significantly in tendency. Fifteen individual risks were analyzed and the findings were that in BPO compared to ITO, two risks are classified to have a tendency to be lower and eleven risks are classified to have a tendency to be higher. Only two risks were seen to generally be the same in BPO as with ITO. Additionally, a risk type has been identified which was not formerly reported in outsourcing, namely the misuse of trust regarding sensitive data.