The article is aimed at increasing the probability of successful IT project completion by identifying the sources of 105 universal risks as well as establishing cause-and-effect relationships between these risks. The article presents the results of an analysis of 105 risks relevant to IT projects; five of them are commercial risks, 45 are compliance risks and 55 are project risks. Risk analysis was carried out using the 5Why, SWIFT and Harrington coefficients. Based on the results of the analysis, the root causes initiating the onset of risks were identified, such as the user, customer, project manager, project team, subcontractor and competitor. Moreover, it was found that the share of the users in the total number of risk sources is 2%, 15% for the customer, 43% for the project manager, 36% for the project team, 2% for the subcontractor and 2% for the competitor. The article also shows models of cause-and-effect relationships of compliance and project risks, presents the results of assessing the risks occurrence probability and their possible impact in cases of materialization, and establishes the most likely and dangerous scenarios in IT projects. The results obtained allowed the development of a criterion to assess the management maturity of a contractor (executor, supplier) planning to develop an computer program as part of an IT project.