This is the ISO31000 standard, it consists of 3 core steps; Step 1: Scope, Context, Criteria, Step 2: Risk Assessment, Step 3: Risk Treatment. Step 2 is further broken down into 3 further steps: Risk Identification, Risk Analysis and Risk Evaluation. Two parallel process operate across these steps: Communication and Consultation and Monitoring and Review. Recording and Reporting sits as a step across all activity. In this image, risk treatment is highlighted in green.