The probability of occurrence is high and the consequence loss is small.The probability of occurrence is low and the consequence loss is small.High probability of occurrence and great loss of consequence;The probability of occurrence is relatively low and the consequence loss is large.According to the four situations, different strategies can be adopted.If the probability of occurrence is high and the loss is small, the risk reduction or risk reduction measures can be adopted.If the probability of risk occurrence is high and the consequence loss is large, the risk avoidance strategy can be adopted. It's trying to get the work out by insurance or other means.If the probability of occurrence is low and the consequence loss is large, try to transfer the risk.If the probability of occurrence is low and the consequence loss is small, this kind of risk is suitable for oneself. Because it doesn't have a big impact on the goal itself.Of course, risk control strategy is not an absolute concept. Risks and benefits often have a corresponding relationship. If the risk is high, there is usually a higher return. If you avoid high risks, you may give up the opportunity to get high returns. What kind of risk control strategy should be adopted depends on the environment of the project, different objective requirements and risk tolerance of project stakeholders.Project risk includes nine knowledge areas, including project scope risk, schedule risk, cost risk and quality risk. The risk process will occur in the process of project implementation, so the risk management of IT project should be consistent. The project. In particular, the early risks of the project should be paid special attention to and dealt with in time, otherwise it will bring more and more problems. The early risks of it projects include, for example, the failure to effectively clarify their business needs, the ineffective formation and organization of project teams, the wrong timing of projects, and the unavailability of organizational change awareness and corresponding skills. The medium-term common risks of the project are, for example, the backbone of the project team, lack of motivation and cooperation, low morale, lack of motivation, lack of high-level support for the project, lack of assurance of work quality and progress, and weak control over changes.In the whole process of IT project management, risks are everywhere and sometimes hidden. Therefore, the identification, evaluation and response of risks are very important. Project managers should pay close attention to risk issues. In addition, for enterprises, facing the changing project management team and the growing number of new people, the learning process of risk management of this project is inevitable, so it is necessary to accumulate and draw lessons from many projects to shorten the learning process and reduce the learning cost, so that the company can continue to improve the overall project management ability, rather than relying on the project manager completely. On a personal level.Combined with the existing management process of M company, M company must first carefully plan and design how to carry out project risk management, and formulate a complete set of risk management plan in IT project planning and follow-up projects, and strictly implement it in the follow-up project process. It includes the following contents:(1) choose the method of risk management. Methods, tools and data sources used in risk management can be determined and adjusted appropriately during the project phase and risk assessment. Project risk planning requires the use of professional technologies and tools, such as project work breakdown structure and risk list technology, risk management table and risk database model [10].