Many software organizations engage in software process improvement (SPI) initiatives to increase their capability to develop quality solutions at a competitive level. Such efforts, however, are complex and very demanding. A variety of risks makes it difficult to develop and implement new processes. We studied SPI in its organizational context through collaborative practice research (CPR), a particular form of action research. The CPR program involved close collaboration between practitioners and researchers over a three-year period to understand and improve SPI initiatives in four Danish software organizations. The problem of understanding and managing risks in SPI teams emerged in one of the participating organizations and led to this research. We draw upon insights from the literature on SPI and software risk management as well as practical lessons learned from managing SPI risks in the participating software organizations. Our research offers two contributions. First, we contribute to knowledge on SPI by proposing an approach to understand and manage risks in SPI teams. This risk management approach consists of a framework for understanding risk areas and risk resolution strategies within SPI and a related process for managing SPI risks. Second, we contribute to knowledge on risk management within the information systems and software engineering disciplines. We propose an approach to tailor risk management to specific contexts. This approach consists of a framework for understanding and choosing between different forms of risk management and a process to tailor risk management to specific contexts.