There are 2 different types of risk discussed in As9100 Rev D. Clause 6.1 talks about top level process risks as they apply to the QMS. These are the risks that come out in a top managmenet6 SWOT analysis of the business and could include such things as future obsolescence of key components, or suppliers going out of business. These risks need to be assessed, and you need to determine what if anything you will do about them, but there does not need to be a risk management tracking of these risks.
Additionally, clause 8.1.1 talks about operational risks management. Here you need to track the risks to delivering your products and services. Operational risks could include short delivery time, critical path components, delays for certain external tests, etc. These risks need to be tracked and actioned until they could no longer happen. S ome risks from the SWOT analysis could move onto this list, but not all of them.
I received a further related question:
>Risk Mitigation techniques like PFMEA and DFMEA are deployed for which category of risks? Usually they are for a manufacturing process or design of a product.
It is important to note that the AS9100 Rev D standard does not include requirements of how you will perform your risk assessments or risk management. As such, it does not specify the use of FMEA in any risk mitigation activities, how you do this is up to you. As you have stated FMEA can be used for many different implementations such as product design (operational risk) or process design (could be management risk or operational risk). You should use the tool where you find it useful, and of course where it is a requirement of the customer.