I agree with DeMarco's statement: "Risk Management is Project Management for adults". As a PM, we do what we do for reasons of good governance and risk management. Without them a project is just a bunch of people doing stuff.
Risk Management doesn't replace any part of the SDLC or a typical methodology. It's the reason why you do all the boring scheduling, registers and documentation. You do these things to reduce the impact of negative risks and hopefully capitalise on any opportunities (ie: positive risks).
On templates for risk registers, your organisation needs to set the standards depending on their risk appetite. The following describes a pretty simple process;
1) First you identify each risk in a Risk Register which is just a list in Excel.
2) Next you judge each risks' impact and probability.
3) The combination of impact and likelihood then describe the level of risk (see the first matrix table)
4) You use this risk level (low to extreme) to help frame your approach. In my example the level of governance prescribed is specified by the company. (see the second table)
5) From that you, or someone else would then decide what response to take for each risk in your register as per @JohnFx answer. If you are the PM and it's a Low risk.. then "acceptance" might be the right approach. The concept of Risk Management and Governance is that you write this down and clearly communicate it to your stakeholders. Then you all know the why and what you are doing.
I regularly discuss only the top 5 risks with sponsors and the team, however the whole Risk Register should be reviewed semi regularly throughout the project. Don't just chuck it in a drawer. It's meant to be a communication tool of why you made certain decisions and took certain actions, and should be kept up to date.
NB: These are qualitative risk assessment techniques, there are more advanced quantitative techniques .. but just because they are more complicated it doesn't mean they are better. They have their place depending on appetite, budget and capability.