Abstract: This paper presents a practical risk analysis method for critical, large-scale IT systems in an organisation. The method is based on reliability block diagram modelling and was adapted to fit the requirements of governmental organisations and to reduce the effort required to capture complex failure behaviour. Through the use of different failure categories the risk analysis can be simplified, the input data becomes easier to estimate and the results are easier to use in an organisational risk and vulnerability analysis. The paper first explicitly describes the different steps of the method and then presents a case study in which the method was applied and evaluated in a real-life setting. The method is meant to help an organisation to communicate internally about the reliability of their critical IT systems and to prioritise proposed improvements to this reliability.