Executive Summary the Gartne 247514
-
Upload
mayur-malaviya -
Category
Documents
-
view
17 -
download
1
description
Transcript of Executive Summary the Gartne 247514
-
5/27/2018 Executive Summary the Gartne 247514
1/16
G00247514
Executive Summary: The Gartner Business Risk
ModelPublished: 20 March 2013
Analyst(s): Paul E. Proctor, Michael Smith
Leading riskindicators provide insight to factors that may negatively impact
success andcomplement leading performance indicators to provide a more
completepicture supporting the attainment of desired business outcomes.
Key Findings Companies that use leading indicators outperform their competitors in terms of return on equity
and return on assets.
Leading risk indicators (LRIs) measure factors the business can control and manage.
Risk-adjusted leading performance indicators (LPIs) accommodate both value creation and
factors that can negatively impact value creation.
Recommendations When developing metrics, remember that less is more. Limit the number of metrics to five to
nine at any single managerial level.
Use the LRI catalog to create organization-specific metrics that can be mapped into LPIs.
Table of Contents
Analysis..................................................................................................................................................2
Introduction......................................................................................................................................2
Risk-Adjusted Value Management....................................................................................................3
The Business Risk Model Overview.................................................................................................. 3
Target Audience and Positioning...................................................................................................... 6
Guiding Principles for LRI Development............................................................................................ 6
Risk-Adjusted Leading Performance Indicators.................................................................................7
Advanced Metrics.............................................................................................................................8
-
5/27/2018 Executive Summary the Gartne 247514
2/16
Applying the Business Risk Model.................................................................................................... 8
Leading Risk Indicators Catalog....................................................................................................... 9
Recommended Reading.......................................................................................................................12
List of Figures
Figure 1. Business Risk Model Outcomes...............................................................................................4
Figure 2. The Gartner Business Risk Model............................................................................................ 5
Figure 3. Simple Principles for LRI and LPI Development........................................................................7
Figure 4. Full LRI Example: Marketing Failure Index.............................................................................. 10
Figure 5. Full LRI Example: IT Production Availability Loss Index...........................................................11
Figure 6. Full LRI Example: Poor Online Sentiment Index......................................................................12
AnalysisThis is an executive summary of the Gartner Business Value Model. It includes the full text of "The
Gartner Business Risk Model: A Framework for Integrating Risk and Performance," but only select
examples of the leading risk indicator catalog. For a full version of the catalog, see "The Gartner
Business Risk Model: A Framework for Integrating Risk and Performance" and "Toolkit: The Gartner
Business Risk Model."
Introduction
Good risk management influences business decisions. Executive management teams struggle to
make effective use of risk management because they fail to understand the relationship between
business processes and the risks. Instead, they focus time and resources on operational data,
which is not directly associated with the achievement of desired business outcomes. This
disconnect results in wasted risk management efforts that deliver no value and perpetuates the idea
that risk management is a waste of time. The Business Risk Model is designed to address this
disconnect.
Leading indicators extend the value of lagging indicators and provide a mechanism for gaining
competitive advantage. LRIs provide insight to factors that may negatively impact success and
complement leading performance indicators to provide a more complete picture supporting theattainment of desired business outcomes.
Clearly, risk management efforts benefit from business context, but it is also true that business
decision making benefits from risk context. This concept is the foundation of Risk-Adjusted Value
Management (RVM), a methodology designed to address an even broader disconnect between
strategy setting and strategy execution (see "Using Risk-Adjusted Value Management to Close the
Strategy Gap and Gain Competitive Advantage"). RVM is a top-level methodology that integrates
Page 2 of 16 Gartner, Inc. | G00247
-
5/27/2018 Executive Summary the Gartne 247514
3/16
the Gartner Business Value Model with the Gartner Business Risk Model to produce a small, but
critical, list of risk-adjusted leading indicators of business performance.
Risk-Adjusted Value Management
Risk-Adjusted Value Management is a methodology that translates vision into action. It engages all
the stakeholders of an enterprise to understand:
How they affect the chosen business strategy
How to work collaboratively to effectively execute that strategy
RVM differs from previous efforts because it:
Integrates measurable risk with performance management
Can be implemented top-down, bottom-up or anywhere along the value chain
Can be fully implemented in four to six weeks
The key components of RVM are the Business Value Model, the Business Risk Model and the
financial sensitivity calculations.
The Business Value Model is used to select the LPIs, which measure opportunities for the enterprise
(see "The Gartner Business Value Model: A Framework for Measuring Business Performance").
The Business Risk Model is used to select LRIs, which measure threats to the enterprise. LRIs are
used to adjust LPIs: LPI LRI = risk-adjusted performance indicators.
The financial sensitivity calculations are used to monetize changes in risk-adjusted performance
indicators. These calculations tie the indicators back to the income statement or balance sheet (see
"Toolkit: Monetizing the Outcomes in the Business Value Model").
The Business Risk Model Overview
At the heart of the Business Risk Model is an LRI catalog, which is a reference list of leading
indicators of business risk. It is not intended to be a set of recommended risks that organizations
should be addressing, nor is it intended to be an exhaustive list of everything that can go wrong in
an enterprise. Instead, it is a starting place for executives and risk managers to understand
business alignment and the influence risk should have on decision making.
As a starting place, the LRI catalog and the principles in the Business Risk Model provide guidancefor executives and risk managers to build their own organization-specific list of risk factors tied to
performance factors. Each entry addresses a broad area of risk and provides a sample LRI and an
example of a risk-adjusted LPI.
The catalog is organized by the same principles and categories introduced in the Business Value
Model. This is done to facilitate alignment and mapping, but also to reflect the business impact of
Gartner, Inc. | G00247514 Page 3 o
-
5/27/2018 Executive Summary the Gartne 247514
4/16
the various risks. The scope of the Gartner Business Risk Model covers all the controllable activities
performed within an organization by three broad categories:
Demand Management.All the actionable activities involved with generating demand for the
products and services offered by the organization.
Supply Management.All the actionable activities directly involved with supplying the products
and services offered by the organization.
Support Services.All other actionable activities involved with supporting the organization.
These services operate within organizations by providing services to internal clients. They
operate on business principles and provide internal services at a cost and quality that are
acceptable to their clients when assessed against alternatives.
Each high-level business aspect comprises three business outcomes; for example, in Figure 1,
Demand Management is made up of Market Responsiveness, Sales Effectiveness and Product
Development Effectiveness.
Figure 1. Business Risk Model Outcomes
Supply Chain
Information
Technology
Responsiveness
Finance and
Regulatory
Responsiveness
Human Resources
Responsiveness
Support
Services
Customer
Responsiveness
Supplier
Effectiveness
Operational
Efficiency
Supply
Management
Sales
Effectiveness
Product
Development
Effectiveness
MarketResponsiveness
DemandManagement
Source: Gartner (March 2013)
Each business outcome has a defined set of risk categories, and within each category, there are
suggested LRI metrics and alternative measures that can be considered. The Business Risk Model
is applicable to all industries. A high-level overview of the Business Risk Model is presented in
Figure 2.
Page 4 of 16 Gartner, Inc. | G00247
-
5/27/2018 Executive Summary the Gartne 247514
5/16
Figure 2. The Gartner Business Risk Model
BusinessAspect
Outcomes Leading Risk Indicators
DemandManagement
MarketResponsiveness
Marketing Transparency Online Reputation Channel Cost
SalesEffectiveness
Customer Loss Sales Loss Forecast Inaccuracy
Product DevelopmentEffectiveness
Aging Products R&D Product Management
SupplyManagement
CustomerResponsiveness
Service Agreement Customer Care Delivery Material Quality Order Fill
Privacy Returns Service Accuracy Service Performance
SupplierEffectiveness
Sourcing Supply Chain Planning Vendor Risk
Management (IT) Supplier Agreement
Supplier CarePerformance
OperationalEfficiency
Manufacturing Facilities Management Facilities Security Enterprise Asset
ManagementBusiness Continuity
Management
Sustainabil ity Risk Management
Supply Chain
Low-Cost CountrySourcing
Natural Disaster Equipment Fai lure S ingle Sourc ing Emerging Market
Del ivery Capacity Uti lization Environmental
Compliance Fire Human Error
SupportServices
Human ResourcesResponsiveness
Workforce (IT) Skills Inventory Training Identity and Access
Management
InformationTechnology
Responsiveness
Availability (IT) Internal Audit (IT) Applications Change Management Public CloudInformat ion Securi ty Application Secur ity Data Secur ity Desktop Secur ity Infosec Governance
Network Securi ty Server Securi ty IT Investment
Finance andRegulatory
Responsiveness
Ethics Environment Health
and Safety Insurance Liquidity E-Discovery
Internal Audit (Financial) Legal Records Management Compliance Policy
Source: Gartner (March 2013)
Gartner, Inc. | G00247514 Page
-
5/27/2018 Executive Summary the Gartne 247514
6/16
Target Audience and Positioning
The Business Risk Model is designed to allow executives to discuss and agree on an appropriate
set of risk metrics tied directly to the performance of different operational areas and to understand
the impacts on different business aspects and, ultimately, financial performance. It can be used
alongside a number of risk methodologies. It can also be used at a departmental level to help ITmanagers integrate risk management in their daily activities, which will support alignment between
IT and the business, prioritize new initiatives, and effectively communicate IT's contribution to the
business.
The Gartner Business Risk Model sits between strategic activities, such as board-level reporting,
and siloed activities, such as operational risk assessments. The Business Risk Model complements
and enhances, rather than replaces, these other risk methodologies and practices.
Guiding Principles for LRI Development
The catalog will evolve over time, and individual entries will change as a part of this evolution.Ultimately, organizations should create their own organization-specific LRIs based on the entries in
the catalog, so this evolution should not impact individual implementations. The following guiding
principles were used to create the catalog, and they should also influence how organizations
develop their own LRIs from the catalog:
Leading indicators Each of these metrics is intended to be a leading indicator impacting a
business performance metric. Trailing indicators, such as financial loss or impact, are not
appropriate for this methodology.
Sources These measures and risk categories are derived from Gartner research spanning
every aspect of IT and the business operations that IT influences, which, in effect, is every
aspect of business operation. Dozens of Gartner subject matter experts, as well as the
experiences of hundreds of our clients, are used to identify and develop entries.
Factors within your control The risk categories and LRI metrics are intended to address
factors within your control. Risks such as natural disasters are not represented because you do
not control the occurrence of hurricanes, but you do control your readiness to handle them if
they do happen. Therefore, while natural disasters are not represented, business continuity is
represented.
Simple metrics For simplicity and consistency, the great majority of the metrics are defined
as simple measures, normalized as percentages that reflect more risk as they increase.
Conversely, LPIs should be defined as simple measures, normalized as percentages that reflectimproved performance as they increase. This relationship simplifies the ability to create risk-
adjusted LPIs (see Figure 3). More advanced metrics are described below.
Page 6 of 16 Gartner, Inc. | G00247
-
5/27/2018 Executive Summary the Gartne 247514
7/16
Figure 3. Simple Principles for LRI and LPI Development
LPI
Good
Bad
1
0
Maximized
LRI
Bad
Good
Minimized
Values are normalized
0 to 1
Source: Gartner (March 2013)
Risk-Adjusted Leading Performance Indicators
RVM integrates leading risk indicators, which completes the picture of value creation. The result is a
set of integrated measures (leading performance indicators and leading risk indicators) that can
influence decision making up and down the chain. One of the primary constructs of RVM is the risk-
adjusted LPI. It is the integration of a known leading indicator of risk with a known leading indicatorof business performance. LRIs in the catalog are specifically designed to be applied as discounting
factors to LPIs. For simple LPIs and LRIs, we can subtract the LRI from the LPI, resulting in a new
number that accommodates the risk:
Risk-adjusted LPI = original LPI - LRI
A simple example of this is a risk-adjusted on-time delivery LPI, which subtracts the percentage of
delivery vehicles without oil changes (a leading indicator of failure) from the percentage of packages
delivered on time (a leading indicator of business performance). For this to work, the LRI must be
measured such that it is desirable to maximize it, while the LRI must be constructed such that it is
desirable to minimize it, as previously described and as represented in Figure 3 (see "ImproveBusiness Decision Making With Risk-Adjusted Value Management: Creating Risk-Adjusted Key
Performance Indicators").
Adjustment factors are used to "bound" the impact of an LRI on an LPI. Although it is desirable to
reduce complexity as much as possible, in the real world, the simple construct above is too simple.
Once there is agreement that a leading indicator of risk should be combined with a leading indicator
of business performance, it must be decided how much a risk should discount a performance
Gartner, Inc. | G00247514 Page 7 o
-
5/27/2018 Executive Summary the Gartne 247514
8/16
metric. The adjustment factor can be added to the simple construct above to bound the amount of
risk adjustment.
Risk-adjusted LPI = LPI - (adjustment factor x LRI)
Using this simple calculation, if the LPI and LRI are percentages, then this adjustment factor willcreate an upper bound for how much the LPI can be discounted by the LRI. Risk adjustment factors
are typically negotiated between the risk management leaders and business unit executives to
represent just how much risk is represented by the LRI.
This process is more fully explained in "Improve Business Decision Making With Risk-Adjusted
Value Management: Creating Risk-Adjusted Key Performance Indicators." A practical example of
this methodology is presented in "Achieve Desired Business Outcomes Through Risk Management:
A Practical Example of Risk-Adjusted Value Management."
Advanced Metrics
Most of the LRI metrics in the catalog have been specifically designed to be simple percentages,
but the real world may not be so straightforward. We recommend organizations keep
implementations as simple as possible, but there may be cause to use more sophisticated metrics.
The goal of this exercise remains to influence business decision makers who are not subject matter
experts. If an implementation gets too complicated, then you will lose them. The following are
suggested variations on more advanced metrics that may be baked into business reporting:
Trending.These are metrics where the actual value provides little insight, but a trend up or
down may be very important. For example, the aftermarket satisfaction index may only be
interesting if it shows a continued downward trend.
Composites.Many times, a single metric does not tell a story, but a collection of metrics canbe combined to provide desired insight. For example, information security may be a rollup of
metrics from different aspects, including network security, data security and privacy.
Program maturity.Another way to address circumstances where a single metric is not
sufficient is to measure the maturity of an entire program as a proxy for the level of risk. For
example, the maturity of the business continuity management program can be used as a
leading indicator of readiness to address natural disasters.
Applying the Business Risk Model
The Business Risk Model was designed as a part of RVM. However, it may also be used for avariety of management purposes, including the following:
Develop a risk dashboard for the board of directors
Develop a small set of high-value, risk-based metrics
Separate strategically relevant metrics from operational metrics
Link strategy to execution
Page 8 of 16 Gartner, Inc. | G00247
-
5/27/2018 Executive Summary the Gartne 247514
9/16
Link risk to desired business outcomes
Improve the relevance of risk and security-related activities
Align risk and security-related activities to business processes
Leading Risk Indicators Catalog
Users can regard these catalog entries as a pool from which they select the metrics most relevant
to their organizations. Each LRI entry in the catalog is composed of the following fields:
Risk Category:The broad area of risk that may have multiple LRI metrics.
Business Outcome:The mapping of the category into the Business Value Model.
Risk Description and Impact:A description of the risk category, the expected benefits of
effectively managing this risk and the possible impacts if it is not appropriately managed.
LRI Description:A description of the LRI metric.
LRI Metric:The LRI metric calculation.
LRI Example:A fictitious calculation example using the LRI metric.
Risk-Adjusted LPI Example:A fictitious example mapping the LRI metric into a LPI from the
Business Value Model.
Alternative Metrics:The intent of the model is to provide a reference and starting point for
organizations to create their own metrics. The alternative metrics section provides suggestions
for other metrics aligned with the risk category that may be more applicable to the
implementing organization.This executive summary of the catalog does not present all the detail available in the full catalog.
Figures 4, 5, and 6 present examples of full entries with all the detail in the catalog. The full catalog
is available in "Toolkit: The Gartner Business Risk Model." See Note 1 for a full list of the entries in
the catalog.
Gartner, Inc. | G00247514 Page 9 o
-
5/27/2018 Executive Summary the Gartne 247514
10/16
Figure 4. Full LRI Example: Marketing Failure Index
Risk Description
Marketing establishes the image of an enterprise. It sets the expectation for prospects, customers or
constituents regarding how the enterprise can address their needs. If done poorly, marketing can inhibitor even prohibit the enterprise from meeting its mission.
Risk Impact
Poor marketing can set unachievable expectations among enterprise prospects, customers orconstituents. It can also exacerbate unexpected problems by not effectively communicating what theenterprise is doing to address the problems. The effects of poor marketing can be long lasting anddevastating to an enterprise.
LRIDescription
The Marketing Failure Index reflects the inability to communicate desiredenterprise attributes. Using surveys or focus group sessions, organizationscan test how many of the primary desired attributes are identified by theircustomers and prospects.
LRIMetric
Marketing Failure Index = the number of desired attributes that fail to be
identified by constituents* / the number of desired attributes beingcommunicated
* Using surveys or focus group sessions.
LRIExample
XYZ Company has been communicating five key attributes about theenterprise to the marketplace. Using a statistically significant sample size,XYZ Company analyzed the results of a recent survey in which prospects,customers or constituents identified only three of those attributes when askedabout the company.
Marketing Failure Index = 2 / 5 = 0.40 = 40%
Risk-AdjustedLPI
Example
The XYZ Company board of directors recognizes a causal relationshipbetween failed marketing and market share.
XYZ Company has a market share of 30%, and it has chosen an adjustmentfactor of 20%. With a Marketing Failure Index of 40%:
Risk-Adjusted Market Share = 0.30 - (0.2 x 0.4) = 0.22 or 22%
Alternate Measures Market sentiment analysis
Source: Gartner (March 2013)
Page 10 of 16 Gartner, Inc. | G00247
-
5/27/2018 Executive Summary the Gartne 247514
11/16
Figure 5. Full LRI Example: IT Production Availability Loss Index
Risk Description
IT availability is the time that IT is delivering service through applications, databases, desktops, control
systems and more to every business process dependent on IT services.
Risk Impact
IT failure impacts every business process dependent on IT services. In many businesses, withoutmanual processes to compensate for IT failure, it means that dependent business processes must stopuntil service is restored.
LRIDescription
The IT Production Availability Loss Index is a measure of lost production dueto IT failure.
LRIMetric
IT Production Availability Loss Index = number of production hours lost / totalnumber of production hours
LRIExample
The ABC Company has 160 production hours each month. Last month, ITavailability issues stopped the line for eight hours.
IT Production Availability Index = 8 / 160 = 5%
Risk-AdjustedLPI
Example
ABC is an automobile manufacturer. A new car rolls off the assembly lineevery 90 seconds. Every hour that IT is down costs ABC 40 units in lostinventory. The executives use a Risk-Adjusted Order Fill Rate as a leadingindicator of line performance.
ABC has an Order Fill Rate of 97%, and it has chosen an adjustment factor of30%. With an IT Production Availability Loss Index of 5%:
Risk-Adjusted Order Fill Rate = 0.97 - (0.3 x 0.05) = 0.955 or 95.5%
Alternate Measures Mean time between failure (MTBF), maintenance records
Source: Gartner (March 2013)
Gartner, Inc. | G00247514 Page 11 o
-
5/27/2018 Executive Summary the Gartne 247514
12/16
Figure 6. Full LRI Example: Poor Online Sentiment Index
Risk Description
Reputation is a social quality factor. It is the collected belief about the relative benefit or risk of interacting
with an organization. Organizations must know what is being said online about them. They also mustknow what can be acted on, acting on it where possible and even controlling what is being said. Theyshould understand reputation equity.
Risk Impact
Reputation is complex because organizations don't have direct control over it, but they can't ignore it. Ifan organization's reputation fails, then it can result in loss of brand equity, fewer sales, legal liability,denial of reputation (when a criminal creates false information and causes it to show up first in the searchengine), and market capitalization lost over leaked information to social media sites.
LRIDescription
The Poor Online Sentiment Index is a reflection of a poor online reputation.
LRI
Metric
Poor Online Sentiment Index = negative comments / total comments*
* Measured through auditable social listening platform in the past 12 months.
LRIExample
ABC Computers tracks its online reputation through a social listeningplatform. In the past 12 months, it has been mentioned 1,200 times, and 300of those comments were classified as negative.
Poor Online Sentiment Index = 300 / 1,200 = 25%
Risk-AdjustedLPI
Example
ABC has a Sales Opportunity Index of 88%, and it has chosen an adjustmentfactor of 20%. With a Poor Online Sentiment Index of 25%:
Risk-Adjusted Sales Opportunity Index = 0.88 - (0.25 x 0.20) = 0.83 = 83%
Alternate Measures
Employee training around online engagement, the first page of search engineresults for your company name, influence analysis (trending up or downbased on impact of controls), effectiveness of crises response when there is areputation incident (12 hours or less).
Source: Gartner (March 2013)
Recommended ReadingSome documents may not be available as part of your current Gartner subscription.
"The Gartner Business Risk Model: A Framework for Integrating Risk and Performance"
"Toolkit: The Gartner Business Risk Model"
"The Gartner Business Value Model: A Framework for Measuring Business Performance"
"Toolkit: The Gartner Business Value Model"
"Toolkit: Monetizing the Outcomes in the Business Value Model"
"Definition: Risk-Adjusted Value Management"
"Improve Business Decision Making With Risk-Adjusted Value Management: Creating Risk-
Adjusted Key Performance Indicators"
Page 12 of 16 Gartner, Inc. | G00247
-
5/27/2018 Executive Summary the Gartne 247514
13/16
"Achieve Desired Business Outcomes Through Risk Management: A Practical Example of Risk-
Adjusted Value Management"
"Using Risk-Adjusted Value Management to Close the Strategy Gap and Gain Competitive
Advantage"
"The Gartner Supply Chain Risk Model: Integrating Supply Chain Risk and Performance"
"Toolkit: The Gartner Supply Chain Risk Model"
Note 1 Risks and Metrics Available in the Full Catalog
The following is a list of the risks and metrics available in the full catalog:
Marketing Risk: Marketing Failure Index
Transparency Risk: Inadequate Transparency Index
Online Reputation Risk: Poor Online Sentiment Index
Channel Cost Risk: Channel Cost Index
Customer Loss: Customer Loss Index
Sales Loss Risk: Sales Loss Index
Forecast Inaccuracy Risk: Forecast Inaccuracy Index
Aging Products Risk: Aging Products Index
R&D Risk: R&D Failure Index
Product Management Risk: Product Management Failure Index
Service Agreement Risk: Agreement Ineffectiveness Index
Customer Care Risk: Customer Care Failure Index
Delivery Risk: Late Delivery Index
Material Quality Risk: Material Quality Failure Index
Order Fill Risk: Order Fill Failure Index
Privacy Risk: Privacy Failure Index Returns Risk: Aftermarket Dissatisfaction Index
Service Accuracy Risk: Service Inaccuracy Index
Service Performance Risk: Service Performance Failure Index
Sourcing Risk: Sourcing Management Failure Index
Gartner, Inc. | G00247514 Page 13 o
-
5/27/2018 Executive Summary the Gartne 247514
14/16
Supply Chain Planning Risk: Supply Chain Planning Failure Index
Vendor Risk Management (IT) Risk: Poor Vendor Management Index
Supplier Agreement Risk: Supplier Agreement Ineffectiveness Index
Supplier Care Performance Risk: Supplier Care Failure Index
Manufacturing Risk: Poor Manufacturing Index
Facilities Management Risk: Facilities Planning Failure Index
Facilities Security Risk: Facilities Security Incident Index
Enterprise Asset Management Risk: Unplanned Asset Cost Index
Business Continuity Management Risk: BCM Readiness Index
Sustainability Risk: Excessive Energy Cost Index
Risk Management: Risk Assessment Failure Index
Workforce (IT) Risk: IT Workforce Planning Index
Skills Inventory Risk: Skills Risk Index
Training Risk: Inadequate Training Index
Identity and Access Management Risk: Role Inefficiency Index
Availability (IT) Risk: IT Production Availability Loss Index
Internal Audit (IT) Risk: Audit Inefficiency Index
Application Risk: Application Failure Index
Change Management Risk: IT Change Variance
Public Cloud Risk: Cloud Rogue Index
Information Security: Infosec Program Maturity Index
Application Security Risk: AppDev Noncompliance Index
Data Security Risk: Competitive Intelligence Loss Index
Desktop Security Risk: Desktop Security Failure Index
Infosec Governance Risk: Security Governance Decision Index
Network Security Risk: Incident Management Maturity Index
Server Security Risk: Patch Failure Index
IT Investment Risk: IT Investment Waste Index
Ethics Risk: Unethical Behavior Index
Page 14 of 16 Gartner, Inc. | G00247
-
5/27/2018 Executive Summary the Gartne 247514
15/16
Environment Health and Safety Risk: EHS Regulatory Actions Index
Insurance Risk: Mismanaged Insurance Index
Liquidity Risk: Excessive Cost of Capital Index
E-Discovery Risk: E-Discovery Delay Index
Internal Audit (Financial) Risk: Ineffective Internal Financial Audit Index
Legal Risk: Legal Awareness Index
Records Management Risk: Storage Growth Index
Compliance Risk: Audit Exception Index
Policy Risk: Policy Management Risk Index
Low-Cost Country Sourcing (LCCS) Risk: LCCS Index
Natural Disaster Risk: Natural Disaster Index
Equipment Failure Risk: Equipment Failure Index
Single Sourcing Risk: Single Sourcing Index
Emerging Market Risk: Emerging Market Expansion Index
Delivery Risk: Late Delivery Index
Capacity Utilization Risk: Maximum Capacity Utilization Index
Environmental Compliance Risk: Environmental Noncompliance Index
Fire Risk: Fire Readiness Failure Index
Human Error Risk: Human Error Index
Gartner, Inc. | G00247514 Page 15 o
-
5/27/2018 Executive Summary the Gartne 247514
16/16
GARTNER HEADQUARTERS
Corporate Headquarters
56 Top Gallant RoadStamford, CT 06902-7700
USA+1 203 964 0096
Regional Headquarters
AUSTRALIABRAZILJAPANUNITED KINGDOM
For a complete list of worldwide locations,visit http://www.gartner.com/technology/about.jsp
2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This
publication may not be reproduced or distributed in any form without Gartners prior written permission. If you are authorized to accessthis publication, your use of it is subject to the Usage Guidelines for Gartner Servicesposted on gartner.com. The information contained
in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy,
completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. Thispublication consists of the opinions of Gartners research organization and should not be construed as statements of fact. The opinions
expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues,
Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company,and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartners Board of
Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization
without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartnerresearch, see Guiding Principles on Independence and Objectivity.
Page 16 of 16 Gartner, Inc. | G00247
http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsphttp://www.gartner.com/technology/about/ombudsman/omb_guide2.jsphttp://www.gartner.com/technology/about/policies/usage_guidelines.jsphttp://www.gartner.com/technology/about.jsp