Information system outsourcing is very popular nowadays, therefore to be successful when outsourcing a project is particularly important. The purpose of this case study is to understand the risk of information system outsourcing, and thus preventing the risks and improve the success rate of information system outsourcing projects. From literature reviews and practical experiences, this paper developed a conceptual framework of information system outsourcing risks based on an outsourcing life cycle. 23 samples of outsourcing contracts and within the period of 3 years and its related information were extracted from the Bank A for this case study. This paper reviews the risks from the selected 23 outsourcing projects and discusses the possible risks for each phases of the outsourcing life cycle. The major findings and implication of the case study are also discussed in this paper. The result shows that the most risky phase of the outsourcing life cycle is "Contract phase". The most risky managerial activity is "6. Outsourcing project execution". The most common risk items are "A2.1 Unrealistic estimation of schedule & required resources" of pre-contract phase, "B4.1 Failure to specify appropriate measures", "B4.2 Failure to specify non-performance penalties", "B4.10 Vendor lock-in", "B6.1 Over dependence on the vendor", "B6.5 Changing & creeping objectives/scope/requirements" of contract phase, and "C7.1 Lake of assess measurement, metrics, and tools" of post-contract phase.