IT outsourcing is a complex endeavour with multiple sources of risks. The body of knowledge on the subject is vast but scattered. Our project aims to create an integrated risk and controls framework. This paper discusses the multidimensional nature of outsourcing risks that needs to be addressed when such framework is developed. This paper presents findings from two workshops where risks, their classifications and dimensions where discussed by a group of experienced risk practitioners. The results highlight that practitioners see strategy, stakeholders and the different phases of the outsourcing as important dimensions that create risk and needs to be addressed by organisations that are planning or already running an outsourcing venture. This research confirms that there are a number of dimensions in IT outsourcing risk and it has provided depth to the understanding of these dimensions.