In the computer age, management information system represent an important component for the management of a company, strong linked to the rest of management subsystems. Inside of this subsystem, IT (information technology) is a fundamental element, which allows for a company to survive or to growth on a global market. IT risk management is a continuous process, integrated in structure and culture of a company, that has as a goal to analyze and to find solution for minimize negative effects and maximize positive effects of risks. The paper develops these main aspects to analyze risk software and the direction to implement it in a company.