The article describes the organizational methods of the process of introduction of risk management in IT-projects. These methods make it possible to eliminate the contradiction that arises among the requirements addressed to the risk management executives of IT-organizations, IT-project managers (PM) and other practitioners. The essence of the contradiction lies in the fact that risk management should provide maximum convergence of the actual and planned results (a variation of less than 5%), but it should not change the existing model of management in IT-projects. In connection therewith, the purpose of the article is to resolve contradictions which may occur among requirements imposed on risk management in IT-projects, namely: introduction of risk management should not change existing and established IT-project management, i. e. project management should remain unchanged (Waterfall, Agile, etc.); introduction of risk management should contribute to minimize variation between actual and planned results.