Can we merge Risk Management for QMS and EMS? 

If yes what is the common criteria? 

Integration of Risk Management for QMS and EMS is highly advisable. 

 A unified methodology does not confuse employees, makes the organization's management system more "slender", etc.

International standards ISO 31000: 2009 and ISO 31010: 2009 are the common criteria.

There are two possible approaches:

1. In full - risk management system is developed and implemented in accordance with ISO 31000:2009, as part of the organization's management system. A simple tried-and-tested option is to word Risk Management Manual in a single documented procedure. 
2. At minimum - risk management methodology is developed that is uniform for all systems. A set of methods suitable for the organization's tasks should be taken from ISO 31010:2009. An example of a simple risk management technique can be found in ISO 9001:2015 Actions to Address Risks and Opportunities Methodical Manual. 

Examples of risk management description in the system manuals can be found:

• ISO 9001:2015 Quality Management System Manual Template
• ISO 14001:2015 Environmental Management System Manual Template