There is a good website for references for developing a 27001 system that includes some decent material:
http: //www .iso27001security .com/html/iso27k_toolkit.html - DEAD 404 LINK UNLINKED
I believe it was on here that I ran across a good reference for different types of risks assessment, the bits calculator spreadsheet, designed to function as an assessment tool.
Developing a good risk assessment framework (plans, procedure or process document, the actual risk calculations, the assessment records structure, risk treatment records, etc.) takes some doing but the background knowledge to make the right meaningful judgments is the critical part. A three day course and a lot of internet research isn't going to cover it. Of course, if the point is to generate the paperwork to get through an audit it would, but that's a horrible starting point.
One obvious starting point that might be overlooked is existing processes, systems, and plans and past related actions geared towards improving security. It seems like these might be so obvious that of course they'd be considered, but it is possible to miss the obvious. If later in the process it turns out that real work related to security is occuring separately of the assessments (upgrading systems or capacity, etc.) that's a problem.