The need for theoretical justification of the adaptation process of risk management procedures for IT projects, is evidenced by practical problems, analyzed in the studies of The Standish Group International. According to published data, the average value of completed projects in the field of information technology in 2013 amounted to 189% of the initial estimates. Thus, the article analyzes the main tools and procedures for risk management (identification, analysis, risk response, monitoring and control) in IT projects. Based on research results, the interdependence and interrelationship between the major risk management procedures is established. The results presented in this article will be of interest to managers of IT projects, as well as to researchers who study the nature of risk events.