In TOGAF’s treatment of risk within architecture governance and ADM Guidelines & Techniques, risk management is seen as a continuous process including several phases. First one classifies potential risk types. Then one identifies specific risks. After identification comes assessment (evaluating likelihood and impact), monitoring (tracking over time), mitigation (taking actions to reduce the risk), and related response or treatment options to decide what to do with residual risk. That sequence—classification, identification, assessment, monitoring, mitigation, and response—completes the risk management life cycle. It does not stop at evaluation or reporting; it includes active monitoring, control, and reaction to risks over time.