Risks originating from factors outside an organization's control, such as economic conditions, competitor actions, regulatory changes, technological disruptions, or natural disasters. These risks cannot be eliminated but can be anticipated, monitored, and mitigated. Within RBPM, external risk management focuses on developing resilience, agility, and contingency plans rather than risk elimination. Scenario planning and early warning systems are particularly important for managing external risks within the organization's appetite boundaries.

Uncertainty related to an organization's ability to execute its chosen strategy. This includes risks associated with inadequate resources, insufficient capabilities, poor project management, change resistance, or implementation failures. In RBPM, execution risk is distinguished from strategic risk (which relates to the soundness of strategic choices themselves). Effective management of execution risk requires clear governance structures, robust program management capabilities, regular performance monitoring, and appropriate contingency planning to address implementation challenges.

A six-step management system developed by Robert Kaplan and David Norton that connects strategy formulation and planning with operational execution. The system includes: 1) Develop the strategy, 2) Plan the strategy, 3) Align the organization, 4) Plan operations, 5) Monitor and learn, and 6) Test and adapt the strategy. This system represents the most evolved version of the Balanced Scorecard methodology and serves as an important foundation for the RBPM approach, particularly in its emphasis on linking strategic objectives to operational activities.

A comprehensive approach to identifying, assessing, managing, monitoring, and reporting on risks across an entire organization. ERM considers strategic, operational, financial, compliance, and reputational risks within a holistic framework rather than addressing risks in silos. In contrast to earlier risk management approaches that focused narrowly on insurable or financial risks, ERM emerged in the early 2000s to provide a more integrated perspective. RBPM builds on ERM concepts, particularly in its emphasis on linking risk management to strategy execution.