The majority of software development projects normally connected with the application of new or advanced technologies. The use of advanced and, in most cases, unproven technology on software development projects could leads to a large number of risks. Every aspect of a software development project could be influenced by risks that could cause project failure. Generally, the success of a software development project is directly connected with the involved risk, i.e. project risks should be successfully mitigated in order to finish a software development project within the budget allocated. One of the early researches on risk of software projects was conducted by Boehm (1991) where the research identified top 10 risk factors for software project. Boehm research had been the starting point of research in risk of software projects. For the past 10-15 years, many researches had been conducted with the introduction of frameworks and guidelines. However, still software development project failures had been reported in the academic literatures. Researchers and practitioners in this area have long been concerned with the difficulties of managing the risks relating to the development and implementation of IT software projects. This research is concerned specifically with the risk of failure of IT software projects, and how related risk constructs are framed. Extant research highlights the need for further research into how a theoretically coherent risk construct can be combined with an empirical validation of the links between risk likelihood, risk impact on cost overrun, and evidence of strategic responses in terms of risk mitigation The proposal within this research is to address this aspect of the debate by seeking to clarify the role of a project life cycle as a frame of reference that contracting parties might agree upon and which should act as the basis for the project risk construct. The focus on the project life cycle as a risk frame of reference potentially leads to a common, practical view of the (multi) dimensionality setting of risk within which risk factors may be identified and which believe to be grounded across a wide range of projects and, specifically in this research, for IT software projects. The research surveyed and examine the opinions of professionals in IT and software companies. We assess which risk factors are most likely to occur in IT software projects; evaluate risk impact by assessing which risk factors IT professionals specifically think are likely to give rise to the possibility of cost overruns; and we empirically link which risk mitigation strategies are most likely to be employed in practice as a response to the risks and impacts identified. The data obtained were processed, analysed and ranked. By using the EXCEL and SPSS for factor analysis, all the risk factors were reduced and groups into clusters and components for further correlation analysis. The analysis was able to evidence opinion on risk likelihood, the impact of the risk of cost overrun, and the strategic responses that are likely to be effective in mitigating the risks that emerge in IT software projects. The analysis indicates that it is possible to identify a grouping of risk that is reflective of the different stages of the project life cycle which suggest three identifiable groups when viewing risk from the likelihood of occurrence and three identifiable groups from a cost overrun perspective. The evidence relating to the cost overrun view of risk provided a stronger view of which components of risk were important compared with risk likelihood. The research account for this difference by suggesting that a more coherent framework, or risk construct, offered by viewing risk within the context of a project life cycle allows those involved in IT software projects to have a clearer view of the relationships between risk factors. It also allows the various risk components and the associated emergent clusters to be more readily identifiable. The research on strategic response indicated different strategies as being effective between risk likelihood versus cost overrun. The study was able to verify the effective mitigation strategies that are correlated to the risk components. In this way, the actions or consequences conditioned can be observed on identification of risk likelihood and risk impact on cost overrun. However, the focus of attention on technical issues and the degree to which they attract strategic response is a new finding in addition to the usual reports concerning the importance of non-technical aspects of IT software projects. The research also developed a fuzzy theory based model to assist software practitioners in the software development life cycle. This model could help the practitioners in the decision making of dealing with risks in the software project. The contribution of the research relates to the assessment of risk within a construct that is defined in the context of a fairly broadly accepted view of the life cycle of projects. The software risk construct based on the project management framework proposed in this research could facilitates a focus on roles and responsibilities, and allows for the coordination and integration of activities for regular monitoring and aligning with the project goals. This contribution would better enable management to identify and manage risk as they emerge with project stages and more closely reflect project activity and processes and facilitate the risk management strategies exercise. Keywords: risk management, project planning, IT implementation, project life cycle