A strategic approach focused on delivering precisely what specific customers want through detailed customer knowledge and operational flexibility. Organizations pursuing customer intimacy continually tailor and shape products and services to fit increasingly precise definitions of customer segments. This strategy requires deep customer insights, relationship-building capabilities, and often entails higher costs that are justified by building long-term customer loyalty. In RBPM, organizations pursuing customer intimacy must define appropriate risk appetite levels for customer-related investments and service delivery.

The shared values, beliefs, assumptions, and behaviors that characterize an organization. In RBPM, culture is a critical "soft" discipline that can either enable or undermine the effectiveness of strategy and risk management. A strategy-focused, risk-aware culture is one where employees at all levels understand strategic objectives, appreciate risk-taking boundaries, feel empowered to identify and report risks, and make decisions aligned with the organization's risk appetite. Cultural factors often determine whether RBPM implementation succeeds or fails.

The severe global financial crisis that began in 2007-2008, triggered by failures in the subprime mortgage market and resulting in a liquidity crisis in the banking system. The Credit Crunch revealed significant weaknesses in risk management practices, particularly in financial institutions that failed to understand their risk exposures and operate within appropriate risk appetite boundaries. It highlighted the consequences of divorcing risk management from strategy, demonstrating the need for integrated approaches like RBPM to ensure sustainable strategic execution.

The Enterprise Risk Management – Integrated Framework published by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) in 2004 and updated in 2017. This framework defines enterprise risk management as a process applied in strategy setting and across the enterprise, designed to identify potential events and manage risk within risk appetite. The COSO ERM Framework is a significant influence on RBPM, particularly in its emphasis on risk appetite and the integration of risk management with strategy setting.

The system of rules, practices, processes, and relationships by which a company is directed and controlled. It involves balancing the interests of stakeholders such as shareholders, management, customers, suppliers, financiers, government, and the community. In RBPM, corporate governance establishes the framework for decision-making, risk oversight, and accountability. It ensures that strategic objectives are pursued within appropriate risk appetite boundaries and that risks are effectively identified, assessed, managed, and monitored.

An informal coalition of individuals from various levels within an organization who share a common commitment to implementing risk-based performance management. This alliance includes both formal participants in the implementation and informal supporters who can influence and advocate for the approach. Building a core change alliance is a critical early step in the RBPM implementation process, helping to overcome resistance and sustain momentum through the transformation journey. The alliance provides guidance, shares expertise, and helps navigate organizational politics.

A management tool that tracks and reports on the effectiveness of key controls within an organization. It includes information on control owners, key control indicators (KCIs), assessment results, and status indicators. The Control Scorecard helps senior management answer questions about whether the control environment is effective, whether compliance obligations are being met, whether control effectiveness trends are moving in the right direction, and what exceptions require investigation. It complements the Performance and Risk Scorecards to provide a comprehensive view of risk-based performance management.

A visualization tool that assesses control performance and control design dimensions on a matrix. Control performance is evaluated based on how consistently the control is applied, while control design is assessed on how effectively the control mitigates the associated risk. The Control Map provides insight into control effectiveness and helps prioritize improvement actions. It can be further enhanced by incorporating exposure or appetite alignment dimensions, enabling organizations to focus control improvement efforts on areas where exposure is high or outside appetite boundaries.

The set of standards, processes, and structures that provide the foundation for carrying out internal control throughout an organization. It encompasses the organization's integrity, ethical values, management philosophy, board oversight, accountability structures, and commitment to competence. In RBPM, the control environment is a critical component of risk management, establishing the tone for risk awareness and the importance of operating within appetite. A strong control environment helps prevent excessive risk-taking while enabling appropriate risk-taking in pursuit of strategic objectives.

A term describing the early 21st century business environment characterized by unprecedented speed of change, technological disruption, economic volatility, geopolitical shifts, regulatory evolution, and intensified competition. In this environment, organizations face greater uncertainty and complexity than ever before. The RBPM approach was designed specifically to help organizations thrive in continuous turbulent times by integrating strategy and risk management, enabling more agile responses to emerging opportunities and threats while maintaining appropriate risk appetite boundaries.

The risk of legal or regulatory sanctions, material financial loss, or reputational damage that an organization may suffer as a result of failing to comply with laws, regulations, internal policies, or prescribed practices. Within RBPM, compliance risk is typically identified as a specific risk category requiring dedicated controls and monitoring. Effective management of compliance risk involves identifying applicable requirements, assessing potential impacts of non-compliance, implementing appropriate controls, monitoring compliance status, and reporting to governance bodies.

The structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state. In RBPM implementation, change management focuses on preparing, supporting, and helping people successfully adopt new ways of working. This includes managing cultural transformations necessary to embed risk awareness into decision-making processes. Effective change management addresses resistance, builds commitment, and ensures sustainability of the new practices. It encompasses communications planning, stakeholder analysis, coaching, training, and reinforcement activities to facilitate the adoption of integrated strategy and risk management approaches.

A methodology for evaluating and measuring the maturity of an organization's processes, originally developed by the Carnegie Mellon University Software Engineering Institute. It typically defines maturity levels ranging from initial (processes are unpredictable and poorly controlled) to optimized (focus on continuous improvement). In RBPM, maturity models help assess the sophistication of risk management practices and strategy execution capabilities, identifying gaps and improvement opportunities. They provide a roadmap for developing more advanced risk management and performance management capabilities.