The gap between research and practice is strikingly evident in the area of information technology (IT) project risk management. In spite of extensive research for over 30 years into IT project risk factors resulting in normative guidance on IT project risk management, adoption of these risk management methods in practice is inconsistent. Managing risk in IT projects remains a key challenge for many organizations. We discuss barriers to the application of normative prescriptions, such as assessments of probability and impact of risk, and suggest a contingency approach, which addresses the uncertainties, complexities, and ambiguities of IT projects and enables early identification of high-risk projects. Specifically, in a case study, we examine how the project management office (PMO) at one organization has bridged the gap between research and practice, developing a contingency-based risk assessment process well founded on research knowledge of project dimensions related to project performance, while also being practical in its implementation. The PMO's risk assessment process, and the risk spider chart that is the primary tool in this assessment, has proven to be effective for surfacing inherent risk at the early stages of IT projects, thereby enabling the recommendation of appropriate management strategies. The PMO's project risk assessment process is a model for other organizations striving to engage in effective and collaborative practices in order to improve project outcomes. The case illustrates the importance of considering the practical constraints of the context of application in order to transform research findings into practices that promote attainment of desired outcomes.