Nowadays, one of the main requirements of a software development project is the delivery of a quality product that conforms to the expected schedule and budget and satisfies customer needs. Using the hypothesis that the quality of the developed product is closely related to the quality of the processes used in its development, many organizations invest in process improvement programs, where the processes are continuously assessed and improved. In this work we propose an approach for process assessment based on risk and process compliance analysis. This approach is composed of a two-step appraisal method and a supporting tool. In the first step of the method, a quick analysis is executed to identify the most problematic areas. In the second one, a more elaborated analysis is performed only in the critical areas, reducing the costs and increasing the effectiveness of the appraisal. The tool uses a mechanism of surveys and checklists to verify the risk and the compliance of the process of the organization. A knowledge base is organized in accordance to a reference quality norm or maturity model. At the end of an assessment, reports, tables and charts support the decision-taking, and they can be used to guide an improvement program. The approach has been used in three case studies.