The total worth of a company to its shareholders, typically measured through stock price appreciation and dividend payments. Creating sustainable shareholder value is the ultimate goal of commercial organizations and serves as the final outcome of the RBPM framework. The RBPM approach emphasizes that sustainable value creation requires balancing short-term performance with prudent risk management, ensuring that current returns are not achieved at the expense of future viability through excessive risk-taking or inadequate capability development.

A strategic planning method that organizations use to develop flexible long-term plans by exploring different possible future states. Scenario planning involves creating detailed narratives about potential future environments and testing strategic options against these scenarios to identify robust approaches. In RBPM, scenario planning helps organizations understand potential risk exposures under different conditions and develop appropriate contingency plans. It is particularly valuable for addressing external risks that cannot be directly controlled but require adaptive responses.

A concept describing how leadership behaviors create the cultural tone that shapes working practices and attitudes throughout an organization. The term recognizes that employees tend to emulate the behaviors modeled by their leaders, particularly regarding risk awareness, ethical standards, and performance expectations. In RBPM, the shadow of the leader significantly influences whether risk appetite boundaries are respected in day-to-day decision-making. Leaders who demonstrate commitment to operating within appetite create cultures where appropriate risk-taking flourishes.

The RBPM discipline focused on developing organizational direction through defining vision, mission, strategic objectives, and risk appetite. This discipline involves analyzing the business environment, articulating the business model, identifying key drivers, and determining the level of risk required to achieve strategic goals. Setting strategy establishes the foundation for all other RBPM disciplines by defining what the organization aims to achieve and the risk boundaries within which it will operate. Effective strategy setting requires integration of performance ambitions with risk considerations.

A systematic process for identifying the underlying causes of problems or events rather than just addressing symptoms. Root cause analysis techniques include the "5 Whys" approach (asking why repeatedly to drill down to fundamental causes) and Ishikawa diagrams (fishbone diagrams that categorize potential causes). In RBPM, root cause analysis is applied to risk events to understand their origins and implement more effective preventive controls. It helps organizations address systemic issues rather than treating individual symptoms.

The process of selecting and implementing measures to modify risk exposure. Risk treatment options include avoiding the risk, taking the risk to pursue an opportunity, removing the risk source, changing the likelihood or consequences, sharing the risk with another party, or retaining the risk by informed decision. In RBPM, risk treatment decisions consider both the organization's risk appetite and the strategic importance of related objectives, ensuring that control investments align with strategic priorities.

The acceptable level of variation in the pursuit of specific objectives. Risk tolerance establishes the operational parameters within which the organization can operate while remaining consistent with its broader risk appetite. In RBPM, tolerance levels are expressed as thresholds around Key Risk Indicators, defining acceptable boundaries for risk metrics. Organizations with higher risk appetite will typically set wider tolerance ranges, allowing greater variation, while those with lower appetite will set narrower ranges requiring tighter control.

The deliberate acceptance of uncertainty in pursuit of strategic objectives. Risk-taking is an inherent part of business activity and value creation - without some level of risk-taking, organizations cannot innovate, grow, or generate returns. In RBPM, the focus is on appropriate risk-taking within defined appetite boundaries rather than risk minimization. The Appetite Alignment Matrix highlights where organizations may be taking too much risk (over-exposed) or not enough risk (under-exposed) relative to their strategic ambitions.

A management tool that tracks and reports on an organization's key risks and their status. It includes information on risk owners, appetite alignment status, risk assessment results, key risk indicators, and risk scores. The Risk Scorecard helps senior management answer questions about whether risks are being effectively managed, whether risk exposures are within tolerance levels, whether risk management trends are moving in the right direction, and what risk exceptions require investigation. It complements the Performance and Control Scorecards to provide a comprehensive view of risk-based performance management.

The approach an organization takes to address an identified risk. Common risk responses include:

- Accept (take the risk without additional controls)

- Avoid (eliminate the activity or circumstance creating the risk)

- Transfer (shift risk to a third party through insurance or outsourcing)

- Reduce (implement controls to decrease likelihood or impact)

- Exploit (take actions to increase the probability of beneficial outcomes)

In RBPM, risk responses should align with risk appetite and contribute to strategic objectives rather than simply minimizing all risks.

A documented record of identified risks, their assessment details, planned risk responses, control information, and monitoring requirements. The risk register serves as a central repository of risk information and a management tool for tracking risk status and treatment actions. In RBPM, the risk register links risks directly to strategic objectives, ensuring that risk information directly supports strategy execution decisions. Advanced risk registers may include additional elements like key risk indicators, control effectiveness assessments, and appetite alignment status.

The aggregate view of an organization's risk exposure across all risk categories and business activities. The risk profile presents a comprehensive picture of the organization's risk position at a point in time, considering both threats and opportunities. In RBPM, the risk profile is regularly assessed against risk appetite to determine whether the organization is operating within acceptable risk boundaries. Changes in the risk profile may trigger adjustments to strategy, controls, or risk appetite as circumstances evolve.

The person or entity with the accountability and authority to manage a risk. Risk owners are responsible for ensuring that appropriate resources and attention are directed toward risk assessment, control implementation, monitoring, and reporting. In RBPM, risk ownership is formalized through the RACI model, which distinguishes between ultimate accountability and operational responsibility for risk management activities. Clear risk ownership ensures that risks receive appropriate attention and that risk-related decisions are made at the right organizational level.

The level of development, sophistication, and effectiveness of an organization's risk management capabilities. Risk maturity models typically define stages ranging from initial/rudimentary to advanced/optimized, with each stage characterized by increasingly comprehensive risk identification, more sophisticated assessment methodologies, more effective controls, better integration with decision-making, and stronger risk cultures. In RBPM, understanding current risk maturity helps organizations develop appropriate implementation roadmaps for enhancing their integrated strategy and risk management capabilities.

A term from Accenture's research describing organizations that excel at creating value through superior risk management. Risk Masters integrate risk considerations into strategic planning and decision-making processes, deploy sophisticated measurement and analytics capabilities, align risk management across business units, establish C-level risk leadership, infuse risk awareness throughout their culture, and invest in continuous improvement of risk capabilities. The RBPM approach incorporates many characteristics identified in Risk Masters, particularly their focus on creating competitive advantage through risk management.

A visual representation that displays risks according to a defined classification scheme, such as risk categories, business units, or strategic perspectives. In RBPM, the Four Perspective Risk Map organizes risks according to the Balanced Scorecard perspectives (financial, customer, internal processes, learning and growth), enabling clearer understanding of risk interdependencies and alignment with strategic objectives. Risk Maps help identify risk concentrations, highlight relationships between risks, and communicate risk positions to stakeholders.

The organization's approach to assessing and managing risk, articulating how it will identify, analyze, and address the risks to its objectives. A risk management strategy includes risk governance structures, roles and responsibilities, appetite setting, assessment methodologies, treatment approaches, monitoring processes, and continuous improvement mechanisms. In RBPM, the risk management strategy aligns with and supports the overall business strategy, ensuring that risk management enables rather than constrains strategic execution.

The organizational unit responsible for designing, implementing, and coordinating risk management activities across the enterprise. The risk management function typically develops risk policies, provides risk assessment methodologies, facilitates risk identification and analysis, monitors risk exposures, reports to governance bodies, and promotes risk awareness. In RBPM, the risk management function serves as a strategic partner to the business rather than just a control function, helping to optimize risk-taking in pursuit of strategic objectives.

The structured approach an organization uses to identify, assess, respond to, and monitor risks. A risk management framework typically includes risk governance, risk appetite definition, risk assessment methodologies, control implementation, reporting processes, and continuous improvement mechanisms. In RBPM, the risk management framework is fully integrated with strategy execution processes rather than operating as a separate system. This integration ensures that risk management directly supports strategic decision-making rather than functioning as a compliance exercise.

Metrics that provide insight into risk positions, trends, and emerging issues. Risk indicators include both Key Risk Indicators (KRIs) that track major known risks and emerging risk indicators that monitor potential new threats or opportunities. In RBPM, risk indicators complement performance indicators to provide a balanced view of progress toward strategic objectives and associated risk exposures. Effective risk indicators combine leading measures (predictive) and lagging measures (confirmatory) to enable both proactive and reactive risk management.