Future wish: Adding risks and controls on a BPMN level

This is more a heads up for a future wish we expect to develop:

- the ability to link objects of type 'risks' as items to business process activities on a BPMN level (and be able to link a questionnaire - for further attributes such as description, risk classification, owner, risk chance, risk impact) 

- the ability to link objects of type 'controls' to these risks, also with an questionnaire (such as description, owner, last audit-date)

- And the ability to report (reporting and interface) on risks and controls, such as: which processes have what risks? What risks have no controls attached? What processes have risk 'privacy data leak' (AVG)? 

Challenge: of course we can do this on the Archimate level, but for certain risks we want to be more specific and be able to define where in a process the risk occurs. Challenge is that, as far as I know, there is no agreed upon Risk-extension to BPMN as of yet (unlike Aris' EPC standard)

• What is the problem you encounter?
  BD does not support risk and control-definitions on a BPMN-level.
  
  
• Why do you want this wish?
• In the future we want to integrate our risk management system and process management solution. 
•  
• Do you have a workaround? And if so, what is it?
  No, nothing. But currently is just a future wish
•  
• How would you ideally solve the problem?
  
  
• How big is the problem on a scale from 1 to 5? 2