GRC risks, risk criteria, and risk approach rules - Legacy A risk is a defined consequence that can occur if a policy is ignored. Risk criteria values are stored in the Risk Criteria [grc_risk_criteria] table. Approach rules are a short description of the approach philosophy that will be used to mitigate the risk. Demo data in GRC provides a default range of criteria levels from least to most for both types. Define a GRC risk - LegacyUse the Risk form to define a new risk.Define GRC risk criteria - LegacyUse the Risk Criteria form to define risk criteria.Define a GRC risk approach rule - LegacyDefine a new risk approach rule using the Risk Approach Rules form.