In this paper, we address the following research question: “How can we understand the nature of risk in IS projects in the context of globalization?” Based on a case study conducted over a period of two years in a Norwegian hospital on the development and implementation of a Electronic Patient Record (EPR), the paper contributes to the current discussion on the conceptualization of risk in IS projects. Drawing upon the concept of reflexive modernization (Beck 1999) the paper makes two key contributions: firstly, it shows the limits of current risk management approaches in understanding the nature of new risks in IS generated by globalization processes; secondly, it suggest a possible theoretical framework for analyzing such nature. The research question is addressed by providing a historical and contingent analysis of the risk management dynamics emerging from the case.