An influential review of corporate governance in UK banks and financial institutions conducted by Sir David Walker following the 2008 financial crisis. The report made recommendations on board composition and qualifications, risk management governance, remuneration practices, and shareholder engagement. It emphasized the importance of aligning risk management with strategy and ensuring that remuneration structures support appropriate risk-taking. The Walker Report influenced subsequent governance codes and contributed to evolving expectations for board risk oversight across sectors.

A strategic framework developed by Michael Treacy and Fred Wiersema identifying three distinct approaches to market leadership: operational excellence (lowest cost and inconvenience), customer intimacy (tailored solutions for specific customer segments), and product leadership (continuous innovation). The authors argued that organizations should excel in one discipline while maintaining threshold capabilities in the others. In RBPM, the chosen value discipline influences both strategic objectives and appropriate risk appetite levels across different business activities.

The factors that increase the value of a business or project. Value drivers can be operational (such as sales growth, operating margins, or capital efficiency) or strategic (such as competitive position, innovation capabilities, or brand strength). In RBPM, understanding value drivers is essential for defining both strategic objectives and risk appetite, as these drivers represent the most critical areas for performance improvement and risk management focus. Value driver analysis helps prioritize management attention and resource allocation.

The worth, importance, or usefulness of something to stakeholders. In commercial organizations, value typically refers to shareholder returns, while in public sector organizations, it encompasses benefits to citizens, communities, and society. In RBPM, sustainable value creation requires balancing short-term performance with long-term viability through appropriate risk-taking. Value is created not just by avoiding risks but by deliberately taking risks where the potential returns justify the exposure, all within defined appetite boundaries.

The area of the Appetite Alignment Matrix where risk appetite exceeds risk exposure. Organizations operating in this zone are taking less risk than they have deemed acceptable, potentially missing valuable opportunities for growth, innovation, or efficiency. The under-exposed zone signals potential for increased risk-taking within appetite boundaries, which might involve exploring new markets, introducing innovative products, or relaxing excessive controls. Addressing under-exposure offers opportunities for enhanced value creation while remaining consistent with risk governance requirements.

A management approach focused on long-term success through customer satisfaction, based on the participation of all members of an organization in improving processes, products, services, and culture. TQM principles, particularly as articulated by W. Edwards Deming and Joseph Juran, emphasized continuous improvement, customer focus, and employee involvement. TQM represents an important historical influence on RBPM, especially in its recognition that quality and performance improvement require cultural change rather than just technical solutions.

A model for organizing risk management responsibilities within an organization:

- First line: Business units that own and manage risks in their operations

- Second line: Risk management and compliance functions that oversee risk frameworks and challenge first-line activities

- Third line: Internal audit that provides independent assurance on risk management effectiveness

In RBPM, the three lines model is complemented by the RACI governance approach to create clear accountability for risk management while promoting appropriate challenge and oversight throughout the organization.

The scientific management principles developed by Frederick W. Taylor in the early 20th century, emphasizing standardized work methods, detailed instructions, output-based incentives, and separation of planning from execution. Taylorism treated workers as interchangeable parts in industrial processes, prohibiting their involvement in process improvement. While these principles greatly improved manufacturing efficiency, they created rigid organizational structures poorly suited to knowledge work. RBPM represents a post-industrial approach that integrates strategic thinking and risk awareness throughout the organization rather than concentrating it at the top.

The risk of extreme events occurring with low probability but high impact. Tail risks represent the outer portions of a probability distribution, typically three or more standard deviations from the mean. Examples include major natural disasters, terrorist attacks, or systemic financial crises. In RBPM, tail risks require special consideration through scenario planning, stress testing, and contingency planning, even when their probability is low. Management teams should regularly conduct "tail risk meetings" to discuss potential high-impact, low-probability events and appropriate responses.

A U.S. federal law enacted in 2002 in response to major corporate accounting scandals, establishing new or expanded requirements for public company boards, management, and accounting firms. The act includes provisions on corporate responsibility, enhanced financial disclosures, auditor independence, and corporate fraud accountability. Compliance with Sarbanes-Oxley drove significant enhancements in internal control frameworks and influenced the development of enterprise risk management approaches, contributing to the foundation upon which RBPM was later built.

An organizational environment characterized by simultaneous focus on strategic objectives and awareness of associated risks. This culture combines strategic clarity, risk understanding, appropriate challenge, transparent communication, and decision-making aligned with risk appetite. In RBPM, a strategy-focused, risk-aware culture is characterized by seven key attributes: driven by a compelling vision, living by clear values, led with integrity, aligning risk-taking to strategy, establishing clear accountabilities, engaging in high-quality conversations, and aligning incentives to appetite.

A concept developed by Robert Kaplan and David Norton describing organizations that excel at strategy execution by following five principles: translate strategy into operational terms, align the organization to the strategy, make strategy everyone's everyday job, make strategy a continual process, and mobilize change through executive leadership. The RBPM approach builds on this foundation, adding risk management integration as a critical component for sustainable strategy execution in volatile environments.

A visual representation of an organization's strategy that illustrates the cause-and-effect relationships between strategic objectives across four perspectives: financial, customer, internal processes, and learning and growth. The Strategy Map tells the "story" of the strategy by showing how capabilities and processes drive customer value and financial outcomes. In RBPM, the Strategy Map serves as a foundation for integrating risk management with strategy execution, with each objective linked to associated risks, controls, and appetite levels.

A sustainable and defensible position that enables an organization to achieve its objectives while operating within defined risk appetite boundaries. Strategy describes how an organization will create and capture value in its chosen markets, differentiating itself from competitors through deliberate choices about which activities to pursue and which to avoid. In RBPM, strategy must be formulated with explicit consideration of risk appetite, ensuring that strategic ambitions align with the organization's willingness and capacity to take risks.

Major focus areas that organize strategic objectives into coherent groups addressing specific aspects of the strategy. Themes typically span multiple perspectives of the Strategy Map, connecting related objectives into causal chains that describe how value is created in different domains. Examples might include "operational excellence," "customer intimacy," or "innovation leadership." In RBPM, strategic themes help communicate strategy more effectively and can serve as a basis for risk categorization and appetite definition.

Uncertainty related to strategic choices and assumptions, such as misreading market trends, pursuing flawed business models, or making inappropriate competitive moves. Strategic risks involve the potential for major deviations from expected outcomes due to inadequate strategic analysis or changing external conditions. In RBPM, strategic risk management focuses on challenging strategic assumptions, monitoring environmental changes, and maintaining strategic flexibility. Effective governance processes ensure regular review of strategy relevance in light of evolving conditions.

The specific goals an organization aims to achieve in pursuit of its vision and mission. Strategic objectives describe what success looks like across different aspects of performance (financial, customer, internal processes, and people/capabilities) and provide the focal points for strategy execution efforts. In RBPM, objectives serve as anchors for both performance management and risk management, with each objective having defined key performance indicators, associated risks, appetite levels, and supporting initiatives.

Significant projects or programs designed to close performance gaps and drive progress toward strategic objectives. Unlike operational activities, strategic initiatives represent one-time, transformational efforts with defined start and end dates. In RBPM, initiatives should be prioritized based on their contribution to strategic objectives and their risk profiles, with the Initiative Alignment Matrix providing a visualization of these relationships. Effective initiative management includes clear ownership, regular progress monitoring, and appropriate risk assessment.

The RBPM components focused on organizational behavior, relationships, and communication rather than technical processes. The soft disciplines include governance, culture, and communication, which collectively enable the effective functioning of the "hard" disciplines (set strategy, manage performance, manage risk, align risk to strategy). While often more challenging to implement than technical solutions, the soft disciplines are critical success factors for RBPM implementation, as they shape how people interact with the framework and whether they embrace its principles in daily decision-making.

A concept emphasizing the importance of maintaining consistent, authoritative data sources for organizational decision-making. In RBPM, a single source of truth refers to having unified repositories for strategic objectives, risks, controls, and performance metrics, ensuring that all stakeholders work with the same information. Technology solutions supporting RBPM should provide this unified view, eliminating conflicting data versions that can undermine effective risk-based performance management. This contrasts with the fragmented, inconsistent information that often results from spreadsheet-based approaches.