May I suggest the option to include Compliance related fields in a Risk item report. Currently no fields from Compliance (including compliance package name, item ID, item name etc) can be used in a Risk item report. This would help to show which compliance control objectives are impacted by a specific risk.
Also refer to this discussion:
Thanks