Responsibility at IBM

2012 Corporate Responsibility Report

Section Downloads

Download report sections


In this section, Chairman, President and Chief Executive Officer Ginni Rometty’s letter describes how IBM’s goal to unite its business and citizenship strategies is taking shape. We take a thoughtful, comprehensive approach to corporate responsibility and corporate citizenship at IBM, and we integrate that approach into many aspects of our company. In this section you will also find a high-level overview of some of our major activities.


It’s not enough to develop world-class technology, services and expertise—at IBM we realize we must directly apply these things to the communities in which we live and work in order to have a positive impact. In this section, you will find examples of the ways we practiced this approach over the course of 2012 and into 2013.

The IBMer

A great company is forever evolving and growing. At IBM, we make it a top priority to hire, support and retain the people who make us a great company. In this section, you will find examples of the ways we support both the personal and professional development of our employees.


IBM’s unwavering commitment to environmental protection is evidenced across all of our business activities, from our research, development, products and services to the solutions we provide our clients that help them be more protective of the environment. In this section of IBM’s Corporate Responsibility Report, you will find information on our environmental programs, performance and solutions during 2012.

Supply Chain

Social and environmental responsibility is an important part of our business relationships with our suppliers. We work closely with them to encourage sustained improvement throughout our global supply chain and across various aspects of corporate responsibility. In this section you will find examples of how we set requirements for the companies we do business with, grow the global diversity of our supply base and collaborate with industry groups and stakeholders.


IBM’s culture of ethics and integrity is guided by a rigorous system of corporate governance. In this section, you will find examples of the many ways we govern the conduct of the company, manage risk and contribute our expertise to public discourse.

Awards & Metrics

Many of our corporate responsibility efforts received recognition from others in 2012. The most significant of these are listed in “Awards and Recognition.” We rely on a number of metrics to measure our corporate responsibility efforts. Our Key Performance Indicators and other significant metrics can be found in “Performance Summary.”

Enterprise Risk Management

At IBM, we believe that innovation and leadership are impossible to achieve and maintain without taking risks. Since almost all business decisions contain elements of both risk and opportunity, they must be managed prudently.

IBM’s business decisions affect our key stakeholders—shareholders, clients, business partners and employees – and thus by extension affect society and the communities where we do business. Senior management is responsible for assessing and managing the company’s various exposures to risk on a day-to-day basis, including the creation of appropriate risk-management programs and policies. IBM has developed a consistent, systemic and integrated approach to risk management to help determine how best to identify, manage and mitigate significant risks throughout the company. This approach continues to be refined and various enhancements were introduced to the framework in 2012.


Senior management continued its collaborative process of identifying, evaluating and managing enterprise-level risks in 2012. This included periodic reviews and interaction with the Audit Committee and Board, which oversees the company’s enterprise risk management framework, program and associated processes. A key aspect of senior management leadership in risk management is to identify and deploy a governance model and management system that fosters collaboration and transparency in managing risk across the entire enterprise. This enterprise purview enables risk-mitigating actions that are taken in one part of the business to be standardized and applied globally, across other units. Risk management is also an element of executive compensation plans, designed to motivate our leaders to deliver superior business performance without encouraging excessive risk-taking.

Programs and practices

Throughout the company, the approach to identify and manage risk is based on the ISO 31000 Enterprise Risk Management (ERM) standard. In deploying this standard, IBM considers and assesses potential financial, operational, regulatory and other risks to our business, which could be driven by various factors such as where we do business, how we do business and the nature of our offerings.

IBM continued to enhance its risk identification process in 2012 by reviewing risk information sources, including our peers’ 10K filings with the Securities and Exchange Commission and external industry surveys. We also conducted in-depth discussions with leading consultants on emerging risks and conducted a robust internal study that included extensive interviews with key executives. As a result, we updated our enterprise-level risk map and increased senior management focus in early 2013. Benchmarks have shown that IBM’s risk management practices exceed typical standards, including more emphasis on collaboration and consideration of risk interdependencies.


One of the most effective ways to manage risk in a global enterprise is to consistently promote a culture of risk awareness, identification, analysis and mitigation. IBM continued to expand its risk education and training in 2012; for example, we held risk workshops with teams in Africa designed to improve local practices. IBM is also focused on applying technology, tools and analytics to support risk management. One example is the Country Financial Risk Scorecard, which combines big-data automation to monitor trends and develop intelligent and actionable insights. By leveraging IBM’s analytics solutions, such as Cognos and SPSS, we were able to integrate over 100 internal and external inputs to produce an integrated view of country-level risk on a near-real time basis for over 160 countries. IBM was recognized by CIO Magazine with an award for the Country Financial Risk Scorecard’s innovation and leadership. Additional internal capabilities have been developed to assist in managing other areas of risk using IBM’s advanced risk solutions, such as OpenPages for IT risk and Algorithmics for treasury risk.


A risk management framework is most effective when it provides transparency, facilitates communication and monitoring of risks, and demonstrates success in mitigating enterprise-level risks. This level of effectiveness should ultimately lead to improved business performance and help the company protect its reputation while delivering on its social responsibilities. To measure the effectiveness of risk mitigation actions, IBM continued to enhance the way it defines and communicates its key risk indicator metrics across the risk lifecycle in 2012, including leading indicators, and action, effectiveness and outcome metrics.

External community engagement

IBM has engaged with academia, external risk-management thought leaders and community organizations to advance the risk management acumen of current and future business leaders. For example, we worked with a US university to enhance curricula in risk analytics, in order to help students develop advanced skills in the use of technology to solve complex business and financial risk problems. In another example, IBM hosted a program for CFOs of nonprofit organizations to coach and demonstrate how to leverage commercial risk management practices to address their community challenges.