Project risk management is the systematic utilisation of a process by project managers to identify, analyse and respond to risks posed by events and conditions that are not definitely known in advance but which may adversely affect IT project success. However, although best practice standards in project risk management are applied in information technology (IT) project management, IT project managers seem unable to accurately predict and manage risk. Thus, this study aims to investigate the extent to which project managers in IT project over- and underestimate risk and to what degree their failure in accurately managing risks influences is caused by risk related factors. Findings indicate that project managers tend to considerably under- and overestimate risk. The underestimation of risk is found to have been caused by factors such as lack of knowledge or the preference to wait until risk materialises. An important implication of the research is that the prevention of these causative risk related factors may enable IT projects to increase the accurateness of their predictions regarding project risk and subsequently to increase the effectiveness of project risk management.