Identity Governance allows custom definition of risk based on your policies and risk tolerance. Customized risk ranges and levels allow Identity Governance to calculate risk scores for your organization, users, applications, business roles, and permissions. Use risk scores to focus reviews and measure impact. Risk scoring supports better context for decision-makers who conduct reviews prioritized by risk scoring based on attribute value, group membership, management relationship, application, permission, cost, risk, and other criteria. For more information about conducting reviews based on risk, see Section 23.0, Creating and Modifying Review Definitions.