The engagement in professional risk management is today a fact for most large organizations. In order to satisfy regulation and auditing requirements, an important step thereby is the identification and documentation of risks in an organization and the definition of measures for their mitigation. Thereby, the use of enterprise models provides the foundation for a systematic and holistic analysis of processes, organizational structures and IT systems. In the approach at hand we build upon the SeMFIS approach for semantic annotations of enterprise models with concepts from an OWL2 ontology. By providing an ontology for representing risks and mitigation measures, this additional information can be represented through annotations in arbitrary types of enterprise models without having to adapt the originally used modeling language. In addition, the approach provides a visual modeling language for representing rules according to the SWRL specification. This permits to process the semantic information provided by the annotations. The usage of the approach is illustrated through an example from the domain of risk-aware business process management. Upon the representation of risks in business processes using the semantic annotation approach, it is shown how SWRL rules can be used to automatically generate configurable risk reports.