G00247514

Executive Summary: The Gartner Business Risk Model

Published: 20 March 2013 Analyst(s): Paul E. Proctor, Michael Smith

Leading risk indicators provide insight to factors that may negatively impact success and complement leading performance indicators to provide a more complete picture supporting the attainment of desired business outcomes.

Key Findings

Companies that use leading indicators outperform their competitors in terms of return on equity and return on assets. Leading risk indicators (LRIs) measure factors the business can control and manage. Risk-adjusted leading performance indicators (LPIs) accommodate both value creation and factors that can negatively impact value creation.

Recommendations

When developing metrics, remember that less is more. Limit the number of metrics to five to nine at any single managerial level. Use the LRI catalog to create organization-specific metrics that can be mapped into LPIs.

Table of Contents
Analysis.................................................................................................................................................. 2 Introduction...................................................................................................................................... 2 Risk-Adjusted Value Management.................................................................................................... 3 The Business Risk Model Overview.................................................................................................. 3 Target Audience and Positioning...................................................................................................... 6 Guiding Principles for LRI Development............................................................................................ 6 Risk-Adjusted Leading Performance Indicators.................................................................................7 Advanced Metrics.............................................................................................................................8

Applying the Business Risk Model.................................................................................................... 8 Leading Risk Indicators Catalog....................................................................................................... 9 Recommended Reading.......................................................................................................................12

List of Figures
Figure 1. Business Risk Model Outcomes...............................................................................................4 Figure 2. The Gartner Business Risk Model............................................................................................ 5 Figure 3. Simple Principles for LRI and LPI Development........................................................................ 7 Figure 4. Full LRI Example: Marketing Failure Index.............................................................................. 10 Figure 5. Full LRI Example: IT Production Availability Loss Index........................................................... 11 Figure 6. Full LRI Example: Poor Online Sentiment Index...................................................................... 12

Analysis
This is an executive summary of the Gartner Business Value Model. It includes the full text of "The Gartner Business Risk Model: A Framework for Integrating Risk and Performance," but only select examples of the leading risk indicator catalog. For a full version of the catalog, see "The Gartner Business Risk Model: A Framework for Integrating Risk and Performance" and "Toolkit: The Gartner Business Risk Model."

Introduction
Good risk management influences business decisions. Executive management teams struggle to make effective use of risk management because they fail to understand the relationship between business processes and the risks. Instead, they focus time and resources on operational data, which is not directly associated with the achievement of desired business outcomes. This disconnect results in wasted risk management efforts that deliver no value and perpetuates the idea that risk management is a waste of time. The Business Risk Model is designed to address this disconnect. Leading indicators extend the value of lagging indicators and provide a mechanism for gaining competitive advantage. LRIs provide insight to factors that may negatively impact success and complement leading performance indicators to provide a more complete picture supporting the attainment of desired business outcomes. Clearly, risk management efforts benefit from business context, but it is also true that business decision making benefits from risk context. This concept is the foundation of Risk-Adjusted Value Management (RVM), a methodology designed to address an even broader disconnect between strategy setting and strategy execution (see "Using Risk-Adjusted Value Management to Close the Strategy Gap and Gain Competitive Advantage"). RVM is a top-level methodology that integrates

Page 2 of 16

Gartner, Inc. | G00247514

the Gartner Business Value Model with the Gartner Business Risk Model to produce a small, but critical, list of risk-adjusted leading indicators of business performance.

Risk-Adjusted Value Management

Risk-Adjusted Value Management is a methodology that translates vision into action. It engages all the stakeholders of an enterprise to understand:

How they affect the chosen business strategy How to work collaboratively to effectively execute that strategy

RVM differs from previous efforts because it:

Integrates measurable risk with performance management Can be implemented top-down, bottom-up or anywhere along the value chain Can be fully implemented in four to six weeks

The key components of RVM are the Business Value Model, the Business Risk Model and the financial sensitivity calculations. The Business Value Model is used to select the LPIs, which measure opportunities for the enterprise (see "The Gartner Business Value Model: A Framework for Measuring Business Performance"). The Business Risk Model is used to select LRIs, which measure threats to the enterprise. LRIs are used to adjust LPIs: LPI LRI = risk-adjusted performance indicators. The financial sensitivity calculations are used to monetize changes in risk-adjusted performance indicators. These calculations tie the indicators back to the income statement or balance sheet (see "Toolkit: Monetizing the Outcomes in the Business Value Model").

The Business Risk Model Overview

At the heart of the Business Risk Model is an LRI catalog, which is a reference list of leading indicators of business risk. It is not intended to be a set of recommended risks that organizations should be addressing, nor is it intended to be an exhaustive list of everything that can go wrong in an enterprise. Instead, it is a starting place for executives and risk managers to understand business alignment and the influence risk should have on decision making. As a starting place, the LRI catalog and the principles in the Business Risk Model provide guidance for executives and risk managers to build their own organization-specific list of risk factors tied to performance factors. Each entry addresses a broad area of risk and provides a sample LRI and an example of a risk-adjusted LPI. The catalog is organized by the same principles and categories introduced in the Business Value Model. This is done to facilitate alignment and mapping, but also to reflect the business impact of

Gartner, Inc. | G00247514

Page 3 of 16

the various risks. The scope of the Gartner Business Risk Model covers all the controllable activities performed within an organization by three broad categories:

Demand Management. All the actionable activities involved with generating demand for the products and services offered by the organization. Supply Management. All the actionable activities directly involved with supplying the products and services offered by the organization. Support Services. All other actionable activities involved with supporting the organization. These services operate within organizations by providing services to internal clients. They operate on business principles and provide internal services at a cost and quality that are acceptable to their clients when assessed against alternatives.

Each high-level business aspect comprises three business outcomes; for example, in Figure 1, Demand Management is made up of Market Responsiveness, Sales Effectiveness and Product Development Effectiveness.
Figure 1. Business Risk Model Outcomes
Product Development Effectiveness

Demand Management

Market Responsiveness

Sales Effectiveness

Supply Management

Customer Responsiveness

Supplier Effectiveness

Operational Efficiency

Supply Chain

Support Services

Human Resources Responsiveness

Information Technology Responsiveness

Finance and Regulatory Responsiveness

Source: Gartner (March 2013)

Each business outcome has a defined set of risk categories, and within each category, there are suggested LRI metrics and alternative measures that can be considered. The Business Risk Model is applicable to all industries. A high-level overview of the Business Risk Model is presented in Figure 2.

Page 4 of 16

Gartner, Inc. | G00247514

Figure 2. The Gartner Business Risk Model

Business Aspect

Outcomes
Market Responsiveness Marketing Customer Loss Aging Products Service Agreement Privacy Sourcing Manufacturing Sustainability Low-Cost Country Sourcing Delivery Human Resources Responsiveness Information Technology Responsiveness Finance and Regulatory Responsiveness Workforce (IT) Availability (IT) Information Security Network Security Ethics Internal Audit (Financial) Transparency Sales Loss R&D Customer Care Returns Supply Chain Planning Facilities Management Risk Management Natural Disaster Capacity Utilization Skills Inventory Internal Audit (IT) Application Security Server Security Environment Health and Safety Legal

Leading Risk Indicators

Online Reputation Forecast Inaccuracy Product Management Delivery Service Accuracy Vendor Risk Management (IT) Facilities Security Material Quality Service Performance Supplier Agreement Enterprise Asset Management Supplier Care Performance Business Continuity Management Order Fill Channel Cost

Demand Management

Sales Effectiveness Product Development Effectiveness Customer Responsiveness Supplier Effectiveness

Supply Management

Operational Efficiency

Equipment Failure Environmental Compliance Training Applications Data Security IT Investment Insurance Records Management

Single Sourcing Fire Identity and Access Management Change Management Desktop Security

Emerging Market Human Error

Supply Chain

Public Cloud Infosec Governance

Support Services

Liquidity Compliance

E-Discovery Policy

Source: Gartner (March 2013)

Gartner, Inc. | G00247514

Page 5 of 16

Target Audience and Positioning

The Business Risk Model is designed to allow executives to discuss and agree on an appropriate set of risk metrics tied directly to the performance of different operational areas and to understand the impacts on different business aspects and, ultimately, financial performance. It can be used alongside a number of risk methodologies. It can also be used at a departmental level to help IT managers integrate risk management in their daily activities, which will support alignment between IT and the business, prioritize new initiatives, and effectively communicate IT's contribution to the business. The Gartner Business Risk Model sits between strategic activities, such as board-level reporting, and siloed activities, such as operational risk assessments. The Business Risk Model complements and enhances, rather than replaces, these other risk methodologies and practices.

Guiding Principles for LRI Development

The catalog will evolve over time, and individual entries will change as a part of this evolution. Ultimately, organizations should create their own organization-specific LRIs based on the entries in the catalog, so this evolution should not impact individual implementations. The following guiding principles were used to create the catalog, and they should also influence how organizations develop their own LRIs from the catalog:

Leading indicators Each of these metrics is intended to be a leading indicator impacting a business performance metric. Trailing indicators, such as financial loss or impact, are not appropriate for this methodology. Sources These measures and risk categories are derived from Gartner research spanning every aspect of IT and the business operations that IT influences, which, in effect, is every aspect of business operation. Dozens of Gartner subject matter experts, as well as the experiences of hundreds of our clients, are used to identify and develop entries. Factors within your control The risk categories and LRI metrics are intended to address factors within your control. Risks such as natural disasters are not represented because you do not control the occurrence of hurricanes, but you do control your readiness to handle them if they do happen. Therefore, while natural disasters are not represented, business continuity is represented. Simple metrics For simplicity and consistency, the great majority of the metrics are defined as simple measures, normalized as percentages that reflect more risk as they increase. Conversely, LPIs should be defined as simple measures, normalized as percentages that reflect improved performance as they increase. This relationship simplifies the ability to create riskadjusted LPIs (see Figure 3). More advanced metrics are described below.

Page 6 of 16

Gartner, Inc. | G00247514

Figure 3. Simple Principles for LRI and LPI Development

LPI

LRI

Good

Bad

Values are normalized 0 to 1

Bad Maximized
Source: Gartner (March 2013)

Good Minimized

Risk-Adjusted Leading Performance Indicators

RVM integrates leading risk indicators, which completes the picture of value creation. The result is a set of integrated measures (leading performance indicators and leading risk indicators) that can influence decision making up and down the chain. One of the primary constructs of RVM is the riskadjusted LPI. It is the integration of a known leading indicator of risk with a known leading indicator of business performance. LRIs in the catalog are specifically designed to be applied as discounting factors to LPIs. For simple LPIs and LRIs, we can subtract the LRI from the LPI, resulting in a new number that accommodates the risk: Risk-adjusted LPI = original LPI - LRI A simple example of this is a risk-adjusted on-time delivery LPI, which subtracts the percentage of delivery vehicles without oil changes (a leading indicator of failure) from the percentage of packages delivered on time (a leading indicator of business performance). For this to work, the LRI must be measured such that it is desirable to maximize it, while the LRI must be constructed such that it is desirable to minimize it, as previously described and as represented in Figure 3 (see "Improve Business Decision Making With Risk-Adjusted Value Management: Creating Risk-Adjusted Key Performance Indicators"). Adjustment factors are used to "bound" the impact of an LRI on an LPI. Although it is desirable to reduce complexity as much as possible, in the real world, the simple construct above is too simple. Once there is agreement that a leading indicator of risk should be combined with a leading indicator of business performance, it must be decided how much a risk should discount a performance

Gartner, Inc. | G00247514

Page 7 of 16

metric. The adjustment factor can be added to the simple construct above to bound the amount of risk adjustment. Risk-adjusted LPI = LPI - (adjustment factor x LRI) Using this simple calculation, if the LPI and LRI are percentages, then this adjustment factor will create an upper bound for how much the LPI can be discounted by the LRI. Risk adjustment factors are typically negotiated between the risk management leaders and business unit executives to represent just how much risk is represented by the LRI. This process is more fully explained in "Improve Business Decision Making With Risk-Adjusted Value Management: Creating Risk-Adjusted Key Performance Indicators." A practical example of this methodology is presented in "Achieve Desired Business Outcomes Through Risk Management: A Practical Example of Risk-Adjusted Value Management."

Advanced Metrics
Most of the LRI metrics in the catalog have been specifically designed to be simple percentages, but the real world may not be so straightforward. We recommend organizations keep implementations as simple as possible, but there may be cause to use more sophisticated metrics. The goal of this exercise remains to influence business decision makers who are not subject matter experts. If an implementation gets too complicated, then you will lose them. The following are suggested variations on more advanced metrics that may be baked into business reporting:

Trending. These are metrics where the actual value provides little insight, but a trend up or down may be very important. For example, the aftermarket satisfaction index may only be interesting if it shows a continued downward trend. Composites. Many times, a single metric does not tell a story, but a collection of metrics can be combined to provide desired insight. For example, information security may be a rollup of metrics from different aspects, including network security, data security and privacy. Program maturity. Another way to address circumstances where a single metric is not sufficient is to measure the maturity of an entire program as a proxy for the level of risk. For example, the maturity of the business continuity management program can be used as a leading indicator of readiness to address natural disasters.

Applying the Business Risk Model

The Business Risk Model was designed as a part of RVM. However, it may also be used for a variety of management purposes, including the following:

Develop a risk dashboard for the board of directors Develop a small set of high-value, risk-based metrics Separate strategically relevant metrics from operational metrics Link strategy to execution

Page 8 of 16

Gartner, Inc. | G00247514

Link risk to desired business outcomes Improve the relevance of risk and security-related activities Align risk and security-related activities to business processes

Leading Risk Indicators Catalog

Users can regard these catalog entries as a pool from which they select the metrics most relevant to their organizations. Each LRI entry in the catalog is composed of the following fields:

Risk Category: The broad area of risk that may have multiple LRI metrics. Business Outcome: The mapping of the category into the Business Value Model. Risk Description and Impact: A description of the risk category, the expected benefits of effectively managing this risk and the possible impacts if it is not appropriately managed. LRI Description: A description of the LRI metric. LRI Metric: The LRI metric calculation. LRI Example: A fictitious calculation example using the LRI metric. Risk-Adjusted LPI Example: A fictitious example mapping the LRI metric into a LPI from the Business Value Model. Alternative Metrics: The intent of the model is to provide a reference and starting point for organizations to create their own metrics. The alternative metrics section provides suggestions for other metrics aligned with the risk category that may be more applicable to the implementing organization.

This executive summary of the catalog does not present all the detail available in the full catalog. Figures 4, 5, and 6 present examples of full entries with all the detail in the catalog. The full catalog is available in "Toolkit: The Gartner Business Risk Model." See Note 1 for a full list of the entries in the catalog.

Gartner, Inc. | G00247514

Page 9 of 16

Figure 4. Full LRI Example: Marketing Failure Index

Risk Description
Marketing establishes the image of an enterprise. It sets the expectation for prospects, customers or constituents regarding how the enterprise can address their needs. If done poorly, marketing can inhibit or even prohibit the enterprise from meeting its mission.

Risk Impact
Poor marketing can set unachievable expectations among enterprise prospects, customers or constituents. It can also exacerbate unexpected problems by not effectively communicating what the enterprise is doing to address the problems. The effects of poor marketing can be long lasting and devastating to an enterprise.

LRI Description

The Marketing Failure Index reflects the inability to communicate desired enterprise attributes. Using surveys or focus group sessions, organizations can test how many of the primary desired attributes are identified by their customers and prospects. Marketing Failure Index = the number of desired attributes that fail to be identified by constituents* / the number of desired attributes being communicated * Using surveys or focus group sessions. XYZ Company has been communicating five key attributes about the enterprise to the marketplace. Using a statistically significant sample size, XYZ Company analyzed the results of a recent survey in which prospects, customers or constituents identified only three of those attributes when asked about the company. Marketing Failure Index = 2 / 5 = 0.40 = 40% The XYZ Company board of directors recognizes a causal relationship between failed marketing and market share. XYZ Company has a market share of 30%, and it has chosen an adjustment factor of 20%. With a Marketing Failure Index of 40%: Risk-Adjusted Market Share = 0.30 - (0.2 x 0.4) = 0.22 or 22% Market sentiment analysis

LRI Metric

LRI Example

Risk-Adjusted LPI Example Alternate Measures

Source: Gartner (March 2013)

Page 10 of 16

Gartner, Inc. | G00247514

Figure 5. Full LRI Example: IT Production Availability Loss Index

Risk Description
IT availability is the time that IT is delivering service through applications, databases, desktops, control systems and more to every business process dependent on IT services.

Risk Impact
IT failure impacts every business process dependent on IT services. In many businesses, without manual processes to compensate for IT failure, it means that dependent business processes must stop until service is restored.

LRI Description LRI Metric LRI Example

The IT Production Availability Loss Index is a measure of lost production due to IT failure. IT Production Availability Loss Index = number of production hours lost / total number of production hours The ABC Company has 160 production hours each month. Last month, IT availability issues stopped the line for eight hours. IT Production Availability Index = 8 / 160 = 5% ABC is an automobile manufacturer. A new car rolls off the assembly line every 90 seconds. Every hour that IT is down costs ABC 40 units in lost inventory. The executives use a Risk-Adjusted Order Fill Rate as a leading indicator of line performance. ABC has an Order Fill Rate of 97%, and it has chosen an adjustment factor of 30%. With an IT Production Availability Loss Index of 5%: Risk-Adjusted Order Fill Rate = 0.97 - (0.3 x 0.05) = 0.955 or 95.5% Mean time between failure (MTBF), maintenance records

Risk-Adjusted LPI Example

Alternate Measures
Source: Gartner (March 2013)

Gartner, Inc. | G00247514

Page 11 of 16

Figure 6. Full LRI Example: Poor Online Sentiment Index

Risk Description
Reputation is a social quality factor. It is the collected belief about the relative benefit or risk of interacting with an organization. Organizations must know what is being said online about them. They also must know what can be acted on, acting on it where possible and even controlling what is being said. They should understand reputation equity.

Risk Impact
Reputation is complex because organizations don't have direct control over it, but they can't ignore it. If an organization's reputation fails, then it can result in loss of brand equity, fewer sales, legal liability, denial of reputation (when a criminal creates false information and causes it to show up first in the search engine), and market capitalization lost over leaked information to social media sites.

LRI Description LRI Metric LRI Example Risk-Adjusted LPI Example Alternate Measures

The Poor Online Sentiment Index is a reflection of a poor online reputation. Poor Online Sentiment Index = negative comments / total comments* * Measured through auditable social listening platform in the past 12 months. ABC Computers tracks its online reputation through a social listening platform. In the past 12 months, it has been mentioned 1,200 times, and 300 of those comments were classified as negative. Poor Online Sentiment Index = 300 / 1,200 = 25% ABC has a Sales Opportunity Index of 88%, and it has chosen an adjustment factor of 20%. With a Poor Online Sentiment Index of 25%: Risk-Adjusted Sales Opportunity Index = 0.88 - (0.25 x 0.20) = 0.83 = 83% Employee training around online engagement, the first page of search engine results for your company name, influence analysis (trending up or down based on impact of controls), effectiveness of crises response when there is a reputation incident (12 hours or less).

Source: Gartner (March 2013)

Recommended Reading
Some documents may not be available as part of your current Gartner subscription. "The Gartner Business Risk Model: A Framework for Integrating Risk and Performance" "Toolkit: The Gartner Business Risk Model" "The Gartner Business Value Model: A Framework for Measuring Business Performance" "Toolkit: The Gartner Business Value Model" "Toolkit: Monetizing the Outcomes in the Business Value Model" "Definition: Risk-Adjusted Value Management" "Improve Business Decision Making With Risk-Adjusted Value Management: Creating RiskAdjusted Key Performance Indicators"
Page 12 of 16
Gartner, Inc. | G00247514

"Achieve Desired Business Outcomes Through Risk Management: A Practical Example of RiskAdjusted Value Management" "Using Risk-Adjusted Value Management to Close the Strategy Gap and Gain Competitive Advantage" "The Gartner Supply Chain Risk Model: Integrating Supply Chain Risk and Performance" "Toolkit: The Gartner Supply Chain Risk Model" Note 1 Risks and Metrics Available in the Full Catalog The following is a list of the risks and metrics available in the full catalog:

Marketing Risk: Marketing Failure Index Transparency Risk: Inadequate Transparency Index Online Reputation Risk: Poor Online Sentiment Index Channel Cost Risk: Channel Cost Index Customer Loss: Customer Loss Index Sales Loss Risk: Sales Loss Index Forecast Inaccuracy Risk: Forecast Inaccuracy Index Aging Products Risk: Aging Products Index R&D Risk: R&D Failure Index Product Management Risk: Product Management Failure Index Service Agreement Risk: Agreement Ineffectiveness Index Customer Care Risk: Customer Care Failure Index Delivery Risk: Late Delivery Index Material Quality Risk: Material Quality Failure Index Order Fill Risk: Order Fill Failure Index Privacy Risk: Privacy Failure Index Returns Risk: Aftermarket Dissatisfaction Index Service Accuracy Risk: Service Inaccuracy Index Service Performance Risk: Service Performance Failure Index Sourcing Risk: Sourcing Management Failure Index

Gartner, Inc. | G00247514

Page 13 of 16

Supply Chain Planning Risk: Supply Chain Planning Failure Index Vendor Risk Management (IT) Risk: Poor Vendor Management Index Supplier Agreement Risk: Supplier Agreement Ineffectiveness Index Supplier Care Performance Risk: Supplier Care Failure Index Manufacturing Risk: Poor Manufacturing Index Facilities Management Risk: Facilities Planning Failure Index Facilities Security Risk: Facilities Security Incident Index Enterprise Asset Management Risk: Unplanned Asset Cost Index Business Continuity Management Risk: BCM Readiness Index Sustainability Risk: Excessive Energy Cost Index Risk Management: Risk Assessment Failure Index Workforce (IT) Risk: IT Workforce Planning Index Skills Inventory Risk: Skills Risk Index Training Risk: Inadequate Training Index Identity and Access Management Risk: Role Inefficiency Index Availability (IT) Risk: IT Production Availability Loss Index Internal Audit (IT) Risk: Audit Inefficiency Index Application Risk: Application Failure Index Change Management Risk: IT Change Variance Public Cloud Risk: Cloud Rogue Index Information Security: Infosec Program Maturity Index Application Security Risk: AppDev Noncompliance Index Data Security Risk: Competitive Intelligence Loss Index Desktop Security Risk: Desktop Security Failure Index Infosec Governance Risk: Security Governance Decision Index Network Security Risk: Incident Management Maturity Index Server Security Risk: Patch Failure Index IT Investment Risk: IT Investment Waste Index Ethics Risk: Unethical Behavior Index

Page 14 of 16

Gartner, Inc. | G00247514

Environment Health and Safety Risk: EHS Regulatory Actions Index Insurance Risk: Mismanaged Insurance Index Liquidity Risk: Excessive Cost of Capital Index E-Discovery Risk: E-Discovery Delay Index Internal Audit (Financial) Risk: Ineffective Internal Financial Audit Index Legal Risk: Legal Awareness Index Records Management Risk: Storage Growth Index Compliance Risk: Audit Exception Index Policy Risk: Policy Management Risk Index Low-Cost Country Sourcing (LCCS) Risk: LCCS Index Natural Disaster Risk: Natural Disaster Index Equipment Failure Risk: Equipment Failure Index Single Sourcing Risk: Single Sourcing Index Emerging Market Risk: Emerging Market Expansion Index Delivery Risk: Late Delivery Index Capacity Utilization Risk: Maximum Capacity Utilization Index Environmental Compliance Risk: Environmental Noncompliance Index Fire Risk: Fire Readiness Failure Index Human Error Risk: Human Error Index

Gartner, Inc. | G00247514

Page 15 of 16

GARTNER HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 USA +1 203 964 0096 Regional Headquarters AUSTRALIA BRAZIL JAPAN UNITED KINGDOM

For a complete list of worldwide locations, visit http://www.gartner.com/technology/about.jsp

2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartners prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartners research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartners Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity.

Page 16 of 16

Gartner, Inc. | G00247514