A U.S. federal law enacted in 2002 in response to major corporate accounting scandals, establishing new or expanded requirements for public company boards, management, and accounting firms. The act includes provisions on corporate responsibility, enhanced financial disclosures, auditor independence, and corporate fraud accountability. Compliance with Sarbanes-Oxley drove significant enhancements in internal control frameworks and influenced the development of enterprise risk management approaches, contributing to the foundation upon which RBPM was later built.

An organizational environment characterized by simultaneous focus on strategic objectives and awareness of associated risks. This culture combines strategic clarity, risk understanding, appropriate challenge, transparent communication, and decision-making aligned with risk appetite. In RBPM, a strategy-focused, risk-aware culture is characterized by seven key attributes: driven by a compelling vision, living by clear values, led with integrity, aligning risk-taking to strategy, establishing clear accountabilities, engaging in high-quality conversations, and aligning incentives to appetite.

A concept developed by Robert Kaplan and David Norton describing organizations that excel at strategy execution by following five principles: translate strategy into operational terms, align the organization to the strategy, make strategy everyone's everyday job, make strategy a continual process, and mobilize change through executive leadership. The RBPM approach builds on this foundation, adding risk management integration as a critical component for sustainable strategy execution in volatile environments.

A visual representation of an organization's strategy that illustrates the cause-and-effect relationships between strategic objectives across four perspectives: financial, customer, internal processes, and learning and growth. The Strategy Map tells the "story" of the strategy by showing how capabilities and processes drive customer value and financial outcomes. In RBPM, the Strategy Map serves as a foundation for integrating risk management with strategy execution, with each objective linked to associated risks, controls, and appetite levels.

A sustainable and defensible position that enables an organization to achieve its objectives while operating within defined risk appetite boundaries. Strategy describes how an organization will create and capture value in its chosen markets, differentiating itself from competitors through deliberate choices about which activities to pursue and which to avoid. In RBPM, strategy must be formulated with explicit consideration of risk appetite, ensuring that strategic ambitions align with the organization's willingness and capacity to take risks.

Major focus areas that organize strategic objectives into coherent groups addressing specific aspects of the strategy. Themes typically span multiple perspectives of the Strategy Map, connecting related objectives into causal chains that describe how value is created in different domains. Examples might include "operational excellence," "customer intimacy," or "innovation leadership." In RBPM, strategic themes help communicate strategy more effectively and can serve as a basis for risk categorization and appetite definition.

Uncertainty related to strategic choices and assumptions, such as misreading market trends, pursuing flawed business models, or making inappropriate competitive moves. Strategic risks involve the potential for major deviations from expected outcomes due to inadequate strategic analysis or changing external conditions. In RBPM, strategic risk management focuses on challenging strategic assumptions, monitoring environmental changes, and maintaining strategic flexibility. Effective governance processes ensure regular review of strategy relevance in light of evolving conditions.

The specific goals an organization aims to achieve in pursuit of its vision and mission. Strategic objectives describe what success looks like across different aspects of performance (financial, customer, internal processes, and people/capabilities) and provide the focal points for strategy execution efforts. In RBPM, objectives serve as anchors for both performance management and risk management, with each objective having defined key performance indicators, associated risks, appetite levels, and supporting initiatives.

Significant projects or programs designed to close performance gaps and drive progress toward strategic objectives. Unlike operational activities, strategic initiatives represent one-time, transformational efforts with defined start and end dates. In RBPM, initiatives should be prioritized based on their contribution to strategic objectives and their risk profiles, with the Initiative Alignment Matrix providing a visualization of these relationships. Effective initiative management includes clear ownership, regular progress monitoring, and appropriate risk assessment.

The RBPM components focused on organizational behavior, relationships, and communication rather than technical processes. The soft disciplines include governance, culture, and communication, which collectively enable the effective functioning of the "hard" disciplines (set strategy, manage performance, manage risk, align risk to strategy). While often more challenging to implement than technical solutions, the soft disciplines are critical success factors for RBPM implementation, as they shape how people interact with the framework and whether they embrace its principles in daily decision-making.

A concept emphasizing the importance of maintaining consistent, authoritative data sources for organizational decision-making. In RBPM, a single source of truth refers to having unified repositories for strategic objectives, risks, controls, and performance metrics, ensuring that all stakeholders work with the same information. Technology solutions supporting RBPM should provide this unified view, eliminating conflicting data versions that can undermine effective risk-based performance management. This contrasts with the fragmented, inconsistent information that often results from spreadsheet-based approaches.

The total worth of a company to its shareholders, typically measured through stock price appreciation and dividend payments. Creating sustainable shareholder value is the ultimate goal of commercial organizations and serves as the final outcome of the RBPM framework. The RBPM approach emphasizes that sustainable value creation requires balancing short-term performance with prudent risk management, ensuring that current returns are not achieved at the expense of future viability through excessive risk-taking or inadequate capability development.

A strategic planning method that organizations use to develop flexible long-term plans by exploring different possible future states. Scenario planning involves creating detailed narratives about potential future environments and testing strategic options against these scenarios to identify robust approaches. In RBPM, scenario planning helps organizations understand potential risk exposures under different conditions and develop appropriate contingency plans. It is particularly valuable for addressing external risks that cannot be directly controlled but require adaptive responses.

A concept describing how leadership behaviors create the cultural tone that shapes working practices and attitudes throughout an organization. The term recognizes that employees tend to emulate the behaviors modeled by their leaders, particularly regarding risk awareness, ethical standards, and performance expectations. In RBPM, the shadow of the leader significantly influences whether risk appetite boundaries are respected in day-to-day decision-making. Leaders who demonstrate commitment to operating within appetite create cultures where appropriate risk-taking flourishes.

The RBPM discipline focused on developing organizational direction through defining vision, mission, strategic objectives, and risk appetite. This discipline involves analyzing the business environment, articulating the business model, identifying key drivers, and determining the level of risk required to achieve strategic goals. Setting strategy establishes the foundation for all other RBPM disciplines by defining what the organization aims to achieve and the risk boundaries within which it will operate. Effective strategy setting requires integration of performance ambitions with risk considerations.