Something fundamental about a "risk-based approach" is that it is basically asking you not do things in a one-size-fits-all way. A philosophically "perfect" risk-based approach would take each element of a problem and analyse it deeply to come up with a rich description of the nature of risk at hand, and what actions are appropriate for that problem.
This is a good thing, because it means you don't need to go through an enormous process to resolve minor issues - and it means that you aren't "punished" for taking the time necessary to properly resolve major ones.
The complication, of course, is that people don't necessarily think the same way - so taking a risk-based approach in a way that is consistent for your organisation can be difficult to do. This is why there is a need to establish a framework of acceptance criteria, et cetera, for risks. If you're a one-person business (for the sake of argument), maybe you could just have a simple blank space for risk assessment as long as you are diligent enough to put in a consistent assessment every time; but it quickly gets hard and unreasonable to rely on this consistency.
For this reason, I would say this problem is much less about the form, and more about your general process, attitudes and conventions around risk assessment in general. If you are assessing the risk of something, how will you actually go about it? How will you write your justification? How will you make sure different things are assessed in a consistent and reasonably repeatable way?
If you can answer these questions, I think it will become obvious what sort of form you need to provide.