Software risk management can be defined as an attempt to formalize risk oriented correlates of development success into a readily applicable set of principles and practices. By using a survey instrument we investigate this claim further. The investigation addresses the following questions: 1) What are the components of software development risk? 2) how does risk management mitigate risk components, and 3) what environmental factors if any influence them? Using principal component analysis we identify six software risk components: 1) scheduling and timing risks, 2) functionality risks, 3) subcontracting risks, 4) requirements management, 5) resource usage and performance risks, and 6) personnel management risks. By using one-way ANOVA with multiple comparisons we examine how risk management (or the lack of it) and environmental factors (such as development methods, manager's experience) influence each risk component. The analysis shows that awareness of the importance of risk management and systematic practices to manage risks have an effect on scheduling risks, requirements management risks, and personnel management risks. Environmental contingencies were observed to affect all risk components. This suggests that software risks can be best managed by combining specific risk management considerations with a detailed understanding of the environmental context and with sound managerial practices, such as relying on experienced and well-educated project managers and launching correctly sized projects.