Monitoring and managing thousands of IT projects simultaneously is extremely challenging for large consultancies or IT service providers wherefore a functioning and effective risk management approach is of pivotal importance. In this paper we illustrate the preliminary results of an ongoing longitudinal action research project. Invited by the CIO, the authors were embedded in a reorganization project of one of Europe’s largest IT service provider’s risk management office, responsible for several thousand IT projects. In this action research approach, the authors were able to contribute to the improvement of the existent risk management approach from a theoretical perspective as scientific consultants. First results indicate that the new proactive risk management led to a 25% reduction of critical project indexes in 2007. This research-in-progress paper will outline the applied action research approach and the current status of the ongoing project.