Relational risk emerges if relationship partners have differing interests and cannot trust in their partner’s benevolence. As IT outsourcing (ITO) relationships incur a high level of relational risk, researchers have tried to find appropriate mitigation mechanisms. However, there has been little research on the preference of either incentivizing or controlling the provider to mitigate relational risk. Our contribution is to analyze the application of incentive and control mechanisms in ITO relationships by (1) taking up previously defined relational risk scenarios, (2) composing mitigation mechanisms based on different types of incentives and control and (3) associating an appropriate mechanism to each risk scenario. We use multiple case studies with ITO clients in Germany to reveal a pattern of control and incentive mechanisms and reasons for it. Formal control turned out to be a suitable mechanism for mitigating service debasement and lock-in whereas social control contributed to reducing the risk of disputes.