This paper presents a model of the IT portfolio composition process for IT investments based on data collected from a Fortune-25 enterprise. We argue that IT project rejection and IT project selection decisions are two distinct components of the IT Portfolio composition process and are governed by different factors. The risk factors we use in our study to explain the IT portfolio composition phenomenon are derived from the Enterprise Risk Management - Integrated Framework published by the COSO of the Treadway Commission (COSO 2004). We find that maturity of the project idea, type of the idea and the process-readiness risk factors explain IT project rejection decisions where as technological characteristics (for e.g. technological complexity), timing considerations (for e.g. go live date for the project is less than a year away) and financial characteristics (total investment for a project is less than hundred thousand dollars) explain IT project selection decisions.