Cooke-Davies (2000) in his dissertation on project management practices (in general, not specifically for IT projects) states that based on empirical evidence, risk management planning has a positive impact on the ability to predict the project duration. Risk management aims at listing the characteristics of the risk management process of a particular project. It involves issues such as: who will participate in the risk identification, which tools will be used, how should the risks be reported, who will receive this information, and what is expected of them. And although risk management planning is described in project management handbooks (Project Management Institute, 2004), the activity itself is not part of the cyclical process of identifying, analysing, managing, and controlling risks. If risk management planning is performed, it is generally performed only once, at the start of the project. Cooke- Davies (2000) does not elaborate in further detail on why there is a relation between risk management planning and project duration. Apparently, the fact that attention is given to the risk management process at the project start, rather than to the actual risks, is enough to create a positive influence on at least one specific project success indicator. The cause–effect of this relation is however an open question, because it may be that the project was already labelled being risky, and because of that it was decided to use risk management, starting with the creation of a risk management plan. Not the risk management plan itself then contributed to the project success indicator, but the fact the project had already been identified as risky, as a result of which it was decided to start risk management planning.