Research attributes the mixed performance of IS projects to a poor
understanding of risks and thus limited capabilities to manage such
risks. In line with others, we argue that the poor understanding of
risks is partly due to the fact, that current research almost
exclusively concentrates on which risks are important in IS
projects. In contrast to this static view, we focus on the temporal
aspect of project risks, i.e., we explore when risks become more or
less important during a project. In doing so, we analyze an archive
of risk reports of completed enterprise software projects. Project
managers regularly issued the risk reports to communicate the
status of the particular project. Our findings are as follows: First,
risk exposure and thus the perceived importance of risk types does
vary over project phases. Second, the volatility of risk exposure
varies over risk types and project phases. Third, risks of various
origin exhibit synchronous changes in risk exposure over time.
From a research perspective, these findings substantiate the need
for a temporal perspective on IS project risks. Thus, we suggest
augmenting the predominant static view on project risks to help
project managers in focusing their scarce resources. From a
practical perspective, we highlight the benefits of regularly
performing risk management throughout projects and constantly
analyzing the project portfolio. In sum, we provide a first time,
descriptive and exploratory view on variations in project risk
assessments over time.