I’ve looked at numerous risk management models and processes and have tried out several. I always look at it with an eye toward practicality. Even if the process is the best in the world, if it is too difficult or time-consuming to actually do, then it’s worthless. This could be why most projects I've been around have paid only minor attention to risk management, if indeed addressing it at all.
That is where the MSF Risk Management Discipline comes in. This white paper from Microsoft is one of the best short discussions on risk management for software projects that I have found. Every developer should read it. It shows the basics of how to identify, categorize, assign impacts to, and prioritize risks. It also covers all phases of risk management, from risk identification and project inception through risk mitigation and project completion.
Not all of it needs to be implemented though.
There is the potential for a lot of process; however it is there because the MSF is meant to be scalable, much more so than most agile methodologies.
The best advice that I can give is to start with a “Top 10 Risk List” as described in
Rapid Development by Steve McConnell.
Then, when the situation warrants it (e.g., your project grows rather large), add more process as necessary.
For more info