The OKR framework is a popular goal-setting and strategy execution tool that uses goal setting through "Objectives" and measuring performance using "Key Results" on a periodic basis to measure and drive performance. The OKR framework has been adopted and practiced at companies such as Intel, Google, LinkedIn, Twitter, Netflix among hundreds of others ranging from start-ups to large businesses. Users have found it to be a powerful performance management and goal setting tool as it focuses on near-term measurable goals without losing the aspirational aspect of an organization's unique mission or purpose. This primer aims to explain fundamental OKR concepts, summarize implementation best practices, discuss OKR mistakes to avoid, and compare OKR with other common management goal setting tools.

On the morning of May 7, 2021, Colonial Pipeline Company became aware that the company had been the victim of a malicious ransomware attack that had stolen and locked up company data. The extortionists demanded 75 bitcoins (worth about $4.4 million at the time) in exchange for the decryption tool needed to unlock the data. To contain the system infection, the control room promptly shut down all company pipelines that transported nearly half of all refined oil products consumed in the East Coast of the United States. Within hours, external experts and governmental authorities were assembled to help but information was still limited on how to manage the cyberattack. As the passing of every minute threatened the oil supply to 13 states and the nation's capital, CEO of Colonial Pipeline, Joseph Blount had to make one crucial decision: whether to pay the ransom or not. The case discusses Colonial Pipeline's cybersecurity practices, ransomware trends, detail of the ransomware attack at Colonial, impact of the attack, Colonial's response to the attack, and post-attack repercussion. Overall, the case prompts readers to contemplate how organizations should prevent and respond to the ever-increasing threat of cyber breaches.

In July, 2019, Springhill Medical Center ("SMC") in Mobile, Alabama fell prey to a malicious ransomware attack that crippled the hospital's internal network systems and public-facing web page. While the hospital rushed to securely restore the network, medical personnel scrambled workarounds to continue medical services. Amidst the chaos, a baby was born in the hospital with umbilical cord wrapped around her neck that had resulted in severe brain injury and died nine months later. The mother and family sued SMC, alleging the hospital failed to inform her of the cyber incident, which she believed had compromised the quality of care and led to an otherwise preventable tragedy. The case discusses the important questions of how SMC had responded to the ransomware attack and how hospitals and other organizations should treat the ever-increasing threat of cyber breaches.

The case discusses the ESG strategy of Dollar Tree Inc., a U.S. Fortune 500 company in the deep discount retail industry and the shareholder pressure faced by the company. In 2022, the company faced a shareholder resolution from renowned shareholder advocacy group As You Sow for the company to better mitigate and report on the climate risks faced by the business. The resolution challenged the company to intensify its climate transition plans and adopt a "net-zero" emission goal. A 2020 shareholder resolution at the company by a different shareholder received record-breaking support that had already caused the company to revamp its sustainability initiatives. This case provides an overview of Dollar Tree's business, the recent landscape of sustainability reporting and shareholder ESG resolutions in the U.S., and the narrative of management opposition to the resolutions. Overall, the case captures the interactions between environmental shareholder activism, corporate management and those charged with governance, especially the board of directors. This case is useful for students to discuss recent trends of ESG-related shareholder activism, sustainability reporting especially related to environmental issues, climate governance and how companies are reacting to them.

In 2020, AmerisourceBergen Corporation, a Fortune 50 company in the drug distribution industry, agreed to settle thousands of lawsuits filed nationwide against the company for its opioid distribution practices that critics alleged had contributed to the nationwide opioid crisis. The $6.6 billion global settlement, had caused a net loss larger than the cumulative net income earned under the current CEO since he took the helm in 2011. The legal troubles had been accompanied by initiatives by shareholder activists who had become increasingly successful in driving corporate governance changes in companies in the opioid supply chain, including AmerisourceBergen. Determined to hold the leadership accountable, these shareholders launched a campaign in early 2021 to reject the pay packages of the Company's executives. They were protesting the increase in pay in 2020 to $13.3 million, up from $11.3 million in 2019. The result of the Vote NO campaign was almost split down the middle, with 48% voting with the activists and 52% with the company. The case describes the drug distribution industry, internal controls at Amerisource, shareholder demands on corporate governance, and the events related to the opioid crisis and Amerisource's role in it. The case can be used for a wide range of teaching purposes to discuss issues relating to governance, compliance, executive compensation, and shareholder activism in the context of the one of the biggest social challenges of the past two decades-the opioid crisis.

The two vignettes within "Vignettes on Professional Service Firm Governance" (HBS No. 122-024) present various issues relating to governance in professional service firms ("PSFs"). In the first, the Managing Director of a U.S. consulting firm contemplates whether to bring on outsiders to sit on the firm's Executive Leadership Board and the potential implications of doing so. In the second, a U.S.-headquartered Private Equity firm's Managing Partner of India was excited about the opportunity to acquire another Indian firm but worries about the potential resistance from the firm's Global Management Committee. This vignette has deliberately been written as a PE firm so as to allow participants from PSF firms to step away from their immediate organizations and reflect on the broader issues that are involved. This vignette attempts to explore the meaning of being a global firm in the context of PSF and the methods to realize a PSF's global ambitions. The vignettes allow students to discuss a breadth of issues related to the governance and strategy of PSFs.