executive summary the gartne 247514

5/27/2018 Executive Summary the Gartne 247514

1/16

G00247514

Executive Summary: The Gartner Business Risk

ModelPublished: 20 March 2013

Analyst(s): Paul E. Proctor, Michael Smith

Leading riskindicators provide insight to factors that may negatively impact

success andcomplement leading performance indicators to provide a more

completepicture supporting the attainment of desired business outcomes.

Key Findings Companies that use leading indicators outperform their competitors in terms of return on equity

and return on assets.

Leading risk indicators (LRIs) measure factors the business can control and manage.

Risk-adjusted leading performance indicators (LPIs) accommodate both value creation and

factors that can negatively impact value creation.

Recommendations When developing metrics, remember that less is more. Limit the number of metrics to five to

nine at any single managerial level.

Use the LRI catalog to create organization-specific metrics that can be mapped into LPIs.

Table of Contents

Analysis..................................................................................................................................................2

Introduction......................................................................................................................................2

Risk-Adjusted Value Management....................................................................................................3

The Business Risk Model Overview.................................................................................................. 3

Target Audience and Positioning...................................................................................................... 6

Guiding Principles for LRI Development............................................................................................ 6

Risk-Adjusted Leading Performance Indicators.................................................................................7

Advanced Metrics.............................................................................................................................8


2/16

Applying the Business Risk Model.................................................................................................... 8

Leading Risk Indicators Catalog....................................................................................................... 9

Recommended Reading.......................................................................................................................12

List of Figures

Figure 1. Business Risk Model Outcomes...............................................................................................4

Figure 2. The Gartner Business Risk Model............................................................................................ 5

Figure 3. Simple Principles for LRI and LPI Development........................................................................7

Figure 4. Full LRI Example: Marketing Failure Index.............................................................................. 10

Figure 5. Full LRI Example: IT Production Availability Loss Index...........................................................11

Figure 6. Full LRI Example: Poor Online Sentiment Index......................................................................12

AnalysisThis is an executive summary of the Gartner Business Value Model. It includes the full text of "The

Gartner Business Risk Model: A Framework for Integrating Risk and Performance," but only select

examples of the leading risk indicator catalog. For a full version of the catalog, see "The Gartner

Business Risk Model: A Framework for Integrating Risk and Performance" and "Toolkit: The Gartner

Business Risk Model."

Introduction

Good risk management influences business decisions. Executive management teams struggle to

make effective use of risk management because they fail to understand the relationship between

business processes and the risks. Instead, they focus time and resources on operational data,

which is not directly associated with the achievement of desired business outcomes. This

disconnect results in wasted risk management efforts that deliver no value and perpetuates the idea

that risk management is a waste of time. The Business Risk Model is designed to address this

disconnect.

Leading indicators extend the value of lagging indicators and provide a mechanism for gaining

competitive advantage. LRIs provide insight to factors that may negatively impact success and

complement leading performance indicators to provide a more complete picture supporting theattainment of desired business outcomes.

Clearly, risk management efforts benefit from business context, but it is also true that business

decision making benefits from risk context. This concept is the foundation of Risk-Adjusted Value

Management (RVM), a methodology designed to address an even broader disconnect between

strategy setting and strategy execution (see "Using Risk-Adjusted Value Management to Close the

Strategy Gap and Gain Competitive Advantage"). RVM is a top-level methodology that integrates

Page 2 of 16 Gartner, Inc. | G00247


3/16

the Gartner Business Value Model with the Gartner Business Risk Model to produce a small, but

critical, list of risk-adjusted leading indicators of business performance.

Risk-Adjusted Value Management

Risk-Adjusted Value Management is a methodology that translates vision into action. It engages all

the stakeholders of an enterprise to understand:

How they affect the chosen business strategy

How to work collaboratively to effectively execute that strategy

RVM differs from previous efforts because it:

Integrates measurable risk with performance management

Can be implemented top-down, bottom-up or anywhere along the value chain

Can be fully implemented in four to six weeks

The key components of RVM are the Business Value Model, the Business Risk Model and the

financial sensitivity calculations.

The Business Value Model is used to select the LPIs, which measure opportunities for the enterprise

(see "The Gartner Business Value Model: A Framework for Measuring Business Performance").

The Business Risk Model is used to select LRIs, which measure threats to the enterprise. LRIs are

used to adjust LPIs: LPI LRI = risk-adjusted performance indicators.

The financial sensitivity calculations are used to monetize changes in risk-adjusted performance

indicators. These calculations tie the indicators back to the income statement or balance sheet (see

"Toolkit: Monetizing the Outcomes in the Business Value Model").

The Business Risk Model Overview

At the heart of the Business Risk Model is an LRI catalog, which is a reference list of leading

indicators of business risk. It is not intended to be a set of recommended risks that organizations

should be addressing, nor is it intended to be an exhaustive list of everything that can go wrong in

an enterprise. Instead, it is a starting place for executives and risk managers to understand

business alignment and the influence risk should have on decision making.

As a starting place, the LRI catalog and the principles in the Business Risk Model provide guidancefor executives and risk managers to build their own organization-specific list of risk factors tied to

performance factors. Each entry addresses a broad area of risk and provides a sample LRI and an

example of a risk-adjusted LPI.

The catalog is organized by the same principles and categories introduced in the Business Value

Model. This is done to facilitate alignment and mapping, but also to reflect the business impact of

Gartner, Inc. | G00247514 Page 3 o


4/16

the various risks. The scope of the Gartner Business Risk Model covers all the controllable activities

performed within an organization by three broad categories:

Demand Management.All the actionable activities involved with generating demand for the

products and services offered by the organization.

Supply Management.All the actionable activities directly involved with supplying the products

and services offered by the organization.

Support Services.All other actionable activities involved with supporting the organization.

These services operate within organizations by providing services to internal clients. They

operate on business principles and provide internal services at a cost and quality that are

acceptable to their clients when assessed against alternatives.

Each high-level business aspect comprises three business outcomes; for example, in Figure 1,

Demand Management is made up of Market Responsiveness, Sales Effectiveness and Product

Development Effectiveness.

Figure 1. Business Risk Model Outcomes

Supply Chain

Information

Technology

Responsiveness

Finance and

Regulatory

Responsiveness

Human Resources

Responsiveness

Support

Services

Customer

Responsiveness

Supplier

Effectiveness

Operational

Efficiency

Supply

Management

Sales

Effectiveness

Product

Development

Effectiveness

MarketResponsiveness

DemandManagement

Source: Gartner (March 2013)

Each business outcome has a defined set of risk categories, and within each category, there are

suggested LRI metrics and alternative measures that can be considered. The Business Risk Model

is applicable to all industries. A high-level overview of the Business Risk Model is presented in

Figure 2.



5/16

Figure 2. The Gartner Business Risk Model

BusinessAspect

Outcomes Leading Risk Indicators

DemandManagement

MarketResponsiveness

Marketing Transparency Online Reputation Channel Cost

SalesEffectiveness

Customer Loss Sales Loss Forecast Inaccuracy

Product DevelopmentEffectiveness

Aging Products R&D Product Management

SupplyManagement

CustomerResponsiveness

Service Agreement Customer Care Delivery Material Quality Order Fill

Privacy Returns Service Accuracy Service Performance

SupplierEffectiveness

Sourcing Supply Chain Planning Vendor Risk

Management (IT) Supplier Agreement

Supplier CarePerformance

OperationalEfficiency

Manufacturing Facilities Management Facilities Security Enterprise Asset

ManagementBusiness Continuity

Management

Sustainabil ity Risk Management

Supply Chain

Low-Cost CountrySourcing

Natural Disaster Equipment Fai lure S ingle Sourc ing Emerging Market

Del ivery Capacity Uti lization Environmental

Compliance Fire Human Error

SupportServices

Human ResourcesResponsiveness

Workforce (IT) Skills Inventory Training Identity and Access

Management

InformationTechnology

Responsiveness

Availability (IT) Internal Audit (IT) Applications Change Management Public CloudInformat ion Securi ty Application Secur ity Data Secur ity Desktop Secur ity Infosec Governance

Network Securi ty Server Securi ty IT Investment

Finance andRegulatory

Responsiveness

Ethics Environment Health

and Safety Insurance Liquidity E-Discovery

Internal Audit (Financial) Legal Records Management Compliance Policy


Gartner, Inc. | G00247514 Page


6/16

Target Audience and Positioning

The Business Risk Model is designed to allow executives to discuss and agree on an appropriate

set of risk metrics tied directly to the performance of different operational areas and to understand

the impacts on different business aspects and, ultimately, financial performance. It can be used

alongside a number of risk methodologies. It can also be used at a departmental level to help ITmanagers integrate risk management in their daily activities, which will support alignment between

IT and the business, prioritize new initiatives, and effectively communicate IT's contribution to the

business.

The Gartner Business Risk Model sits between strategic activities, such as board-level reporting,

and siloed activities, such as operational risk assessments. The Business Risk Model complements

and enhances, rather than replaces, these other risk methodologies and practices.

Guiding Principles for LRI Development

The catalog will evolve over time, and individual entries will change as a part of this evolution.Ultimately, organizations should create their own organization-specific LRIs based on the entries in

the catalog, so this evolution should not impact individual implementations. The following guiding

principles were used to create the catalog, and they should also influence how organizations

develop their own LRIs from the catalog:

Leading indicators Each of these metrics is intended to be a leading indicator impacting a

business performance metric. Trailing indicators, such as financial loss or impact, are not

appropriate for this methodology.

Sources These measures and risk categories are derived from Gartner research spanning

every aspect of IT and the business operations that IT influences, which, in effect, is every

aspect of business operation. Dozens of Gartner subject matter experts, as well as the

experiences of hundreds of our clients, are used to identify and develop entries.

Factors within your control The risk categories and LRI metrics are intended to address

factors within your control. Risks such as natural disasters are not represented because you do

not control the occurrence of hurricanes, but you do control your readiness to handle them if

they do happen. Therefore, while natural disasters are not represented, business continuity is

represented.

Simple metrics For simplicity and consistency, the great majority of the metrics are defined

as simple measures, normalized as percentages that reflect more risk as they increase.

Conversely, LPIs should be defined as simple measures, normalized as percentages that reflectimproved performance as they increase. This relationship simplifies the ability to create risk-

adjusted LPIs (see Figure 3). More advanced metrics are described below.



7/16

Figure 3. Simple Principles for LRI and LPI Development

LPI

Good

Bad

1

0

Maximized

LRI

Bad

Good

Minimized

Values are normalized

0 to 1


Risk-Adjusted Leading Performance Indicators

RVM integrates leading risk indicators, which completes the picture of value creation. The result is a

set of integrated measures (leading performance indicators and leading risk indicators) that can

influence decision making up and down the chain. One of the primary constructs of RVM is the risk-

adjusted LPI. It is the integration of a known leading indicator of risk with a known leading indicatorof business performance. LRIs in the catalog are specifically designed to be applied as discounting

factors to LPIs. For simple LPIs and LRIs, we can subtract the LRI from the LPI, resulting in a new

number that accommodates the risk:

Risk-adjusted LPI = original LPI - LRI

A simple example of this is a risk-adjusted on-time delivery LPI, which subtracts the percentage of

delivery vehicles without oil changes (a leading indicator of failure) from the percentage of packages

delivered on time (a leading indicator of business performance). For this to work, the LRI must be

measured such that it is desirable to maximize it, while the LRI must be constructed such that it is

desirable to minimize it, as previously described and as represented in Figure 3 (see "ImproveBusiness Decision Making With Risk-Adjusted Value Management: Creating Risk-Adjusted Key

Performance Indicators").

Adjustment factors are used to "bound" the impact of an LRI on an LPI. Although it is desirable to

reduce complexity as much as possible, in the real world, the simple construct above is too simple.

Once there is agreement that a leading indicator of risk should be combined with a leading indicator

of business performance, it must be decided how much a risk should discount a performance



8/16

metric. The adjustment factor can be added to the simple construct above to bound the amount of

risk adjustment.

Risk-adjusted LPI = LPI - (adjustment factor x LRI)

Using this simple calculation, if the LPI and LRI are percentages, then this adjustment factor willcreate an upper bound for how much the LPI can be discounted by the LRI. Risk adjustment factors

are typically negotiated between the risk management leaders and business unit executives to

represent just how much risk is represented by the LRI.

This process is more fully explained in "Improve Business Decision Making With Risk-Adjusted

Value Management: Creating Risk-Adjusted Key Performance Indicators." A practical example of

this methodology is presented in "Achieve Desired Business Outcomes Through Risk Management:

A Practical Example of Risk-Adjusted Value Management."

Advanced Metrics

Most of the LRI metrics in the catalog have been specifically designed to be simple percentages,

but the real world may not be so straightforward. We recommend organizations keep

implementations as simple as possible, but there may be cause to use more sophisticated metrics.

The goal of this exercise remains to influence business decision makers who are not subject matter

experts. If an implementation gets too complicated, then you will lose them. The following are

suggested variations on more advanced metrics that may be baked into business reporting:

Trending.These are metrics where the actual value provides little insight, but a trend up or

down may be very important. For example, the aftermarket satisfaction index may only be

interesting if it shows a continued downward trend.

Composites.Many times, a single metric does not tell a story, but a collection of metrics canbe combined to provide desired insight. For example, information security may be a rollup of

metrics from different aspects, including network security, data security and privacy.

Program maturity.Another way to address circumstances where a single metric is not

sufficient is to measure the maturity of an entire program as a proxy for the level of risk. For

example, the maturity of the business continuity management program can be used as a

leading indicator of readiness to address natural disasters.

Applying the Business Risk Model

The Business Risk Model was designed as a part of RVM. However, it may also be used for avariety of management purposes, including the following:

Develop a risk dashboard for the board of directors

Develop a small set of high-value, risk-based metrics

Separate strategically relevant metrics from operational metrics

Link strategy to execution



9/16

Link risk to desired business outcomes

Improve the relevance of risk and security-related activities

Align risk and security-related activities to business processes

Leading Risk Indicators Catalog

Users can regard these catalog entries as a pool from which they select the metrics most relevant

to their organizations. Each LRI entry in the catalog is composed of the following fields:

Risk Category:The broad area of risk that may have multiple LRI metrics.

Business Outcome:The mapping of the category into the Business Value Model.

Risk Description and Impact:A description of the risk category, the expected benefits of

effectively managing this risk and the possible impacts if it is not appropriately managed.

LRI Description:A description of the LRI metric.

LRI Metric:The LRI metric calculation.

LRI Example:A fictitious calculation example using the LRI metric.

Risk-Adjusted LPI Example:A fictitious example mapping the LRI metric into a LPI from the

Business Value Model.

Alternative Metrics:The intent of the model is to provide a reference and starting point for

organizations to create their own metrics. The alternative metrics section provides suggestions

for other metrics aligned with the risk category that may be more applicable to the

implementing organization.This executive summary of the catalog does not present all the detail available in the full catalog.

Figures 4, 5, and 6 present examples of full entries with all the detail in the catalog. The full catalog

is available in "Toolkit: The Gartner Business Risk Model." See Note 1 for a full list of the entries in

the catalog.



10/16

Figure 4. Full LRI Example: Marketing Failure Index

Risk Description

Marketing establishes the image of an enterprise. It sets the expectation for prospects, customers or

constituents regarding how the enterprise can address their needs. If done poorly, marketing can inhibitor even prohibit the enterprise from meeting its mission.

Risk Impact

Poor marketing can set unachievable expectations among enterprise prospects, customers orconstituents. It can also exacerbate unexpected problems by not effectively communicating what theenterprise is doing to address the problems. The effects of poor marketing can be long lasting anddevastating to an enterprise.

LRIDescription

The Marketing Failure Index reflects the inability to communicate desiredenterprise attributes. Using surveys or focus group sessions, organizationscan test how many of the primary desired attributes are identified by theircustomers and prospects.

LRIMetric

Marketing Failure Index = the number of desired attributes that fail to be

identified by constituents* / the number of desired attributes beingcommunicated

* Using surveys or focus group sessions.

LRIExample

XYZ Company has been communicating five key attributes about theenterprise to the marketplace. Using a statistically significant sample size,XYZ Company analyzed the results of a recent survey in which prospects,customers or constituents identified only three of those attributes when askedabout the company.

Marketing Failure Index = 2 / 5 = 0.40 = 40%

Risk-AdjustedLPI

Example

The XYZ Company board of directors recognizes a causal relationshipbetween failed marketing and market share.

XYZ Company has a market share of 30%, and it has chosen an adjustmentfactor of 20%. With a Marketing Failure Index of 40%:

Risk-Adjusted Market Share = 0.30 - (0.2 x 0.4) = 0.22 or 22%

Alternate Measures Market sentiment analysis




11/16

Figure 5. Full LRI Example: IT Production Availability Loss Index

Risk Description

IT availability is the time that IT is delivering service through applications, databases, desktops, control

systems and more to every business process dependent on IT services.

Risk Impact

IT failure impacts every business process dependent on IT services. In many businesses, withoutmanual processes to compensate for IT failure, it means that dependent business processes must stopuntil service is restored.

LRIDescription

The IT Production Availability Loss Index is a measure of lost production dueto IT failure.

LRIMetric

IT Production Availability Loss Index = number of production hours lost / totalnumber of production hours

LRIExample

The ABC Company has 160 production hours each month. Last month, ITavailability issues stopped the line for eight hours.

IT Production Availability Index = 8 / 160 = 5%

Risk-AdjustedLPI

Example

ABC is an automobile manufacturer. A new car rolls off the assembly lineevery 90 seconds. Every hour that IT is down costs ABC 40 units in lostinventory. The executives use a Risk-Adjusted Order Fill Rate as a leadingindicator of line performance.

ABC has an Order Fill Rate of 97%, and it has chosen an adjustment factor of30%. With an IT Production Availability Loss Index of 5%:

Risk-Adjusted Order Fill Rate = 0.97 - (0.3 x 0.05) = 0.955 or 95.5%

Alternate Measures Mean time between failure (MTBF), maintenance records




12/16

Figure 6. Full LRI Example: Poor Online Sentiment Index

Risk Description

Reputation is a social quality factor. It is the collected belief about the relative benefit or risk of interacting

with an organization. Organizations must know what is being said online about them. They also mustknow what can be acted on, acting on it where possible and even controlling what is being said. Theyshould understand reputation equity.

Risk Impact

Reputation is complex because organizations don't have direct control over it, but they can't ignore it. Ifan organization's reputation fails, then it can result in loss of brand equity, fewer sales, legal liability,denial of reputation (when a criminal creates false information and causes it to show up first in the searchengine), and market capitalization lost over leaked information to social media sites.

LRIDescription

The Poor Online Sentiment Index is a reflection of a poor online reputation.

LRI

Metric

Poor Online Sentiment Index = negative comments / total comments*

* Measured through auditable social listening platform in the past 12 months.

LRIExample

ABC Computers tracks its online reputation through a social listeningplatform. In the past 12 months, it has been mentioned 1,200 times, and 300of those comments were classified as negative.

Poor Online Sentiment Index = 300 / 1,200 = 25%

Risk-AdjustedLPI

Example

ABC has a Sales Opportunity Index of 88%, and it has chosen an adjustmentfactor of 20%. With a Poor Online Sentiment Index of 25%:

Risk-Adjusted Sales Opportunity Index = 0.88 - (0.25 x 0.20) = 0.83 = 83%

Alternate Measures

Employee training around online engagement, the first page of search engineresults for your company name, influence analysis (trending up or downbased on impact of controls), effectiveness of crises response when there is areputation incident (12 hours or less).


Recommended ReadingSome documents may not be available as part of your current Gartner subscription.

"The Gartner Business Risk Model: A Framework for Integrating Risk and Performance"

"Toolkit: The Gartner Business Risk Model"

"The Gartner Business Value Model: A Framework for Measuring Business Performance"

"Toolkit: The Gartner Business Value Model"

"Toolkit: Monetizing the Outcomes in the Business Value Model"

"Definition: Risk-Adjusted Value Management"

"Improve Business Decision Making With Risk-Adjusted Value Management: Creating Risk-

Adjusted Key Performance Indicators"



13/16

"Achieve Desired Business Outcomes Through Risk Management: A Practical Example of Risk-

Adjusted Value Management"

"Using Risk-Adjusted Value Management to Close the Strategy Gap and Gain Competitive

Advantage"

"The Gartner Supply Chain Risk Model: Integrating Supply Chain Risk and Performance"

"Toolkit: The Gartner Supply Chain Risk Model"

Note 1 Risks and Metrics Available in the Full Catalog

The following is a list of the risks and metrics available in the full catalog:

Marketing Risk: Marketing Failure Index

Transparency Risk: Inadequate Transparency Index

Online Reputation Risk: Poor Online Sentiment Index

Channel Cost Risk: Channel Cost Index

Customer Loss: Customer Loss Index

Sales Loss Risk: Sales Loss Index

Forecast Inaccuracy Risk: Forecast Inaccuracy Index

Aging Products Risk: Aging Products Index

R&D Risk: R&D Failure Index

Product Management Risk: Product Management Failure Index

Service Agreement Risk: Agreement Ineffectiveness Index

Customer Care Risk: Customer Care Failure Index

Delivery Risk: Late Delivery Index

Material Quality Risk: Material Quality Failure Index

Order Fill Risk: Order Fill Failure Index

Privacy Risk: Privacy Failure Index Returns Risk: Aftermarket Dissatisfaction Index

Service Accuracy Risk: Service Inaccuracy Index

Service Performance Risk: Service Performance Failure Index

Sourcing Risk: Sourcing Management Failure Index



14/16

Supply Chain Planning Risk: Supply Chain Planning Failure Index

Vendor Risk Management (IT) Risk: Poor Vendor Management Index

Supplier Agreement Risk: Supplier Agreement Ineffectiveness Index

Supplier Care Performance Risk: Supplier Care Failure Index

Manufacturing Risk: Poor Manufacturing Index

Facilities Management Risk: Facilities Planning Failure Index

Facilities Security Risk: Facilities Security Incident Index

Enterprise Asset Management Risk: Unplanned Asset Cost Index

Business Continuity Management Risk: BCM Readiness Index

Sustainability Risk: Excessive Energy Cost Index

Risk Management: Risk Assessment Failure Index

Workforce (IT) Risk: IT Workforce Planning Index

Skills Inventory Risk: Skills Risk Index

Training Risk: Inadequate Training Index

Identity and Access Management Risk: Role Inefficiency Index

Availability (IT) Risk: IT Production Availability Loss Index

Internal Audit (IT) Risk: Audit Inefficiency Index

Application Risk: Application Failure Index

Change Management Risk: IT Change Variance

Public Cloud Risk: Cloud Rogue Index

Information Security: Infosec Program Maturity Index

Application Security Risk: AppDev Noncompliance Index

Data Security Risk: Competitive Intelligence Loss Index

Desktop Security Risk: Desktop Security Failure Index

Infosec Governance Risk: Security Governance Decision Index

Network Security Risk: Incident Management Maturity Index

Server Security Risk: Patch Failure Index

IT Investment Risk: IT Investment Waste Index

Ethics Risk: Unethical Behavior Index



15/16

Environment Health and Safety Risk: EHS Regulatory Actions Index

Insurance Risk: Mismanaged Insurance Index

Liquidity Risk: Excessive Cost of Capital Index

E-Discovery Risk: E-Discovery Delay Index

Internal Audit (Financial) Risk: Ineffective Internal Financial Audit Index

Legal Risk: Legal Awareness Index

Records Management Risk: Storage Growth Index

Compliance Risk: Audit Exception Index

Policy Risk: Policy Management Risk Index

Low-Cost Country Sourcing (LCCS) Risk: LCCS Index

Natural Disaster Risk: Natural Disaster Index

Equipment Failure Risk: Equipment Failure Index

Single Sourcing Risk: Single Sourcing Index

Emerging Market Risk: Emerging Market Expansion Index

Delivery Risk: Late Delivery Index

Capacity Utilization Risk: Maximum Capacity Utilization Index

Environmental Compliance Risk: Environmental Noncompliance Index

Fire Risk: Fire Readiness Failure Index

Human Error Risk: Human Error Index



16/16

GARTNER HEADQUARTERS

Corporate Headquarters

56 Top Gallant RoadStamford, CT 06902-7700

USA+1 203 964 0096

Regional Headquarters

AUSTRALIABRAZILJAPANUNITED KINGDOM

For a complete list of worldwide locations,visit http://www.gartner.com/technology/about.jsp

2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This

publication may not be reproduced or distributed in any form without Gartners prior written permission. If you are authorized to accessthis publication, your use of it is subject to the Usage Guidelines for Gartner Servicesposted on gartner.com. The information contained

in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy,

completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Thispublication consists of the opinions of Gartners research organization and should not be construed as statements of fact. The opinions

expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues,

Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company,and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartners Board of

Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization

without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartnerresearch, see Guiding Principles on Independence and Objectivity.

http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsphttp://www.gartner.com/technology/about/ombudsman/omb_guide2.jsphttp://www.gartner.com/technology/about/policies/usage_guidelines.jsphttp://www.gartner.com/technology/about.jsp

executive summary the gartne 247514

Documents

leading indicators

business risk model

gartner business risk

business risk model

lri example

lri development

lri catalog

number of metrics