the App has the write_orders scope on the store in question,
the order ID is valid,
the Order Risk that's attempting to be modified was created by the same app that's attempting to modify it
If all of those are ok then please reach out [to Partner Support using the email option] and select the 'App Development & API' topic for further assistance. Please be sure to include details about the specific store, which App was making the API call, as well as a date/time/timezone for the request id.