In the context of process management, risk has been considered mainly from a project management perspective. But risk is an inherent property of every business process and techniques are needed to identify, represent and analyse business process risks. The absence of such techniques is a concern because both operational risk mitigation and legal compliance depend on the sufficient identification of corporate risk. This paper addresses the topic of risk management in the context of business process management. We present a taxonomy of process- related risks and discuss how this taxonomy can be applied in the analysis and documentation of business processes. We demonstrate how a contemporary process modelling method can be extended to document process-related risks and their relationships with goals, other risks and processes. A critical administrative process in an university is used as an example.