In risk management, risk criteria are used to identify possible events or situations that could pose a negative impact on an organization or project. They are used to evaluate the potential impact of various risk factors that are identified as part of the process of risk assessment. By assigning a risk level to these criteria, they can be used to decide when a specified level of risk is acceptable and can be tolerated or whether action needs to be taken to mitigate that risk.
Risk criteria reflect an organization’s objectives, policies, and values when seeking to achieve a given goal. They can be defined based on external or internal factors and must include inputs from stakeholders as well as relying on standards, laws, regulations, policies, and other requirements that may be based on industry best practice and legal or other compliance requirements.