Risk criteria are the factors used to evaluate the significance or importance of a risk. They are used to decide what level of risk is acceptable or tolerable. They reflect an organizations policies, values and objectives as well as the potential to breach the requirements of standards, laws, regulations, policies or any other requirements that are applicable to the activity being evaluated.
These criteria are used to perform risk management which is a coordinated set of activities and procedures that are used to direct an organization during its operation to control any risks that might arise and that could affect its ability to achieve its business objectives.
The term risk management also refers to the function that is tasked to manage risk. This function includes risk management principles, defined in risk management framework, that details risk management process that us undertaken to minimize risk.