If a known risk materializes (triggered) it has been realized. Review the risk register to identify the risk owner, risk response (if planned) is then implemented by the risk owner.
If a new risk is identified (during monitoring/controlling), risk register updated and subsequent risk processes conducted.
As you mentioned, an issue has already happened and is something that requires a resolution. The issue log is updated, not the risk register.