I'm curently working in defining and implementing a risk management process for our IT department projects.
At this moment I've defined a process (not alone) and I try to build a risk catalog, which should contain the main risks for our projects, together with possible mitigation strategies and contingency plans.
I try to gather all this "main risks" by a risks assesment form inteviews with senior employees for our company.

I'd like to know if somebody have done this, and if you can make any suggestions.

Thank you,