Commonly, project managers and researchers agree that identifying risks is the most crucial step in project risk management. Hence, extant research provides various rankings of risk factors. In this paper, we rank the importance of risk factors based on an archive of project risk reports provided by project managers of a large software development company. In contrast to previous research that ranks people and processes as most important risk domains, our analysis emphasizes technologyrelated risk factors. We argue that this conflict might result from two dimensions determining the perceived importance of risk factors: Controllability and micro-politics. A project manager will rank risks higher when he has only limited control on mitigating risks. Risks beyond control will be neglected. However, in a corporate context, micro-political mechanisms change the importance towards these risks. They will exploit risk management to escalate uncontrollable threats to project success and cover risk factors that stem from shortcomings of their own or of colleagues. Thus, micropolitical mechanisms reveal the most important risks from a corporate perspective. Detached from the corporate context, project managers emphasize risks threatening efficient project management. We contribute to IS research by proposing alternative explanations for the ranking discrepancies.