That message was a bit vague...

An RMP is used when the certificate holder knowingly or unknowingly accepts, or even generates, an undesirable level of risk, and the PI takes action to ensure that the certificate holder is effectively managing these risks in their operation...