Does anyone have a questioneer for "Quantifying" Risk as it relates to IT or Information Systems?

I have an older quantification worksheet based on the 1996 Manual which includes: Transaction Dollar Exposure, Volume, Changes in Ownership, Complexity etc... but it is very short and I don't think it is comprehensive enough to provide a true analysis. Since the new publications have been developed, I can't seem to find any more info....Thanks!