What about risk workflow?
The add-on settings allow an administrator to select an existing workflow to use for risk management, or to have a new workflow created for use with risks. What are the implications of each choice, and what's it all about?
We start from the premise that risks can, and probably should, have a workflow that is different to, and independent from, the workflows that apply to other issue types. I might have a workflow for the 'Task' issue type that includes implementation, testing, approval, review, deployment, or whatever; and any risk associated with that task will go through a separate sequence of steps; perhaps assessment, evaluation, treatment, monitoring, and so on.
We discovered over time that organizations vary considerably in the way that they manage risks. Whereas we originally forced all risks to follow a pre-defined workflow, we now allow administrators to select any workflow they like to be the default workflow for risks; and we allow individual projects to assign different workflows to risks in those projects.
To make the product easy to use out of the box, we provide administrators with a button that installs a very basic risk workflow; in case you don't already have one established. You should feel free to select a different workflow for risks, or perhaps modify the workflow that the add-on installs.
If you see a warning in the project settings like, "This project does not use the recommended workflow for risks...", it simply means that the workflow assigned to the risk issue type in that particular project is different to the default workflow for risks according to the add-on settings. You can safely ignore that warning if that particular project is to use a workflow for risks other than the default, for whatever reason.