Investment projects, especially in area of information technology, carry numerous risks. Factors such as innovative nature of the projects, along with their complexity and uniqueness, are commonly reasons for significant cost increases that may lead to over-expenditure, noticeable increases in amount of time required for project completion, or failure to fulfill the planned goals of the implemented information system. Therefore, correct risk management is crucial to success of information technology projects, with the purpose of reducing probability of such factors influencing the projects and lowering potential losses – and other negative factors – connected with their influence. The paper is focused on various types of risk that can occur during the project and rules that govern sharing them between the sides, i.e. both client and the provider.