The IRM guidance, A structured approach to effective risk management and the requirements of ISO 31000 breaks the problem down into strategic, tactical and operational risks. It uses an IT implementation as an example. The process of choosing which system to go for has strategic risks associated with it; the project to implement the chosen system has tactical risks and the use of the system post installation has operational risks.

7R’s and 4T’s

The IRM claims that the risk management process can be presented as “a list of co-ordinated activities”, which they label the 7Rs and 4Ts of risk management. They are:

- Recognition or identification of risks

- Ranking or evaluation of risks