10 Attributes that Made ERM Successful at the LEGO Group

LEGO is a timeless, classic toy line popular among kids and the young-at-heart, including here in our home. Building LEGO sets either as a themed set (e.g., Star Wars, fire station, airport) or creative imagination is something my son and I have enjoyed doing together for several years now. Just recently, he expressed his desire to one day visit the brand’s theme park here in Florida (LEGOLAND), so I suspect we’ll be making a trip there sometime in the next year or two.

About 7 years ago, I discovered that the LEGO Group is a true pioneer in the real-world application and practice of ERM to inform strategic decisions. At the time, it was an intellectual curiosity about how they did it.

But you can imagine my personal delight when I connected with longtime LEGO employee and ERM thought leader Hans Læssøe, who spearheaded the ERM activities at LEGO. Hans, as you may know, is someone I refer to often here on the blog.

I’ve been honored to get to know and learn from Hans over the last few years.

After retiring from LEGO following a diverse 25-year career at the company, Hans authored two books (Prepare to Dare and Decide to Succeed) and established his own consulting firm AKTUS, which is the merger of two Danish words that translate to “active uncertainty.” The name reflects Hans’ approach to risk management, which he explains as…

…risks are a part of life. So instead of worrying about them and trying to avoid them and trying to minimize them, you might as well leverage them, see them as a good thing, and work actively with them to make them a part of your competitive advantage.

A while back, I had the privilege of speaking one-on-one with Hans on his time at LEGO and what made the company’s risk management efforts so successful. You can learn more about Hans’ background and when and why LEGO began its ERM journey by watching the interview here.

For today, I want to focus on 10 attributes or factors from our discussion that made ERM, or strategic risk management at LEGO, so successful and a valuable tool for ensuring the company’s success.  These attributes were scattered throughout our discussion, but they appear below in order of importance (in my opinion).

  1. Understand why the company wants ERM and what it wants to achieve.

Companies who wander aimlessly in the ERM wilderness with no direction or end goal in mind are destined to go nowhere. If the risk manager simply says “this is what everyone is doing,” everyone from executives down to middle managers and support staff will quickly lose interest.

If regulators are requiring ERM, try to understand why they think it’s a best practice and what benefit (e.g., more profitability, faster growth, etc.) your company can get out of it. Being clear on the motive and benefit of ERM will provide the leadership support needed to sustain a successful effort.

When Hans and the LEGO Group embarked on ERM (…or strategic risk management) back in 2006, the company was coming out of a slump and knew it needed to radically shake things up to stay relevant.

For Further Reading:

3 Easy to Use Tips to Understanding Why Executives Want ERM

Explaining the Why of Enterprise Risk Management

8 Possible Consequences of Not Being Proactive in Risk Management

2 Simple Steps to Knowing if Your Organization Needs Enterprise Risk Management

  1. Deep understanding of the business and industry

One thing I’ve noticed in my ERM career is that the vast majority of us did not set out to work in this field, we just happened upon it. My background, for example, is in accounting and insurance while Hans was educated to be an engineer. In his case, he worked in several roles at LEGO before being asked to lead the company’s new risk management initiative, something for which he had zero knowledge or experience.

What he did have, though, was extensive knowledge of the ins and outs of the company and knew who to speak with to get things started quickly. Short of this, specific industry experience can be valuable too. Although my consulting firm works with organizations from a variety of industries, my main target is property & casualty insurance companies due to my extensive experience in this area.

For Further Reading:

Finding the Right Talent for Understanding Uncertainty

Should I Pursue an ERM Certification?

Expanding your Abilities with the Growth Mindset

What Qualities Does an Effective ERM Professional Have?

Prove your Value to the CEO: Focus More on Big Picture Issues, Less on Process

  1. Consistent networking both internally and externally

Any profession requires at least some networking. After all, we can’t expect to achieve success by locking ourselves in a room and never speaking with anyone. Also, without networking, Hans and I would never have met!

One can’t underestimate the value of external networking as it connects us with our peers and thought leaders. However, the real value, when it comes to ERM, is found with internal networking since you will need the support and engagement of these individuals and more to make your efforts work.

For Further Reading:

Building a Risk Intelligence Network

5 Key Personas of an Effective ERM Professional

Listening and Reading People – Two Underappreciated Skills Crucial to ERM Success

Relationships: A Common but Fatal Mistake of Risk Management

Ignoring Implementers of Strategic Decisions – Why It’s Risk and How to Fix It

  1. Executive buy-in, support, and trust

When Hans was tapped to lead the strategic risk management initiative at LEGO, he had the full backing of the company’s executive committee; everyone from the CEO down was fully vested in seeing this effort succeed. They trusted Hans to develop something that would work and were willing to commit the necessary resources, including him on a full-time basis. In other companies, someone has ERM as a “side desk” role, leading it to be pushed to the back burner.

For Further Reading:

Why an Elevator Pitch is an Ineffective Tool for Selling ERM

What are Organizations’ True Barriers to Implementing ERM

ERM Implementation: What Risk Professionals Consider the #1 Challenge to Be

4 Easy Ways to Ensure Management is Supportive and Actively Engaged in your ERM Program

From Debbie Downer to Team Player: 4 Ways to Change Your Organization’s Perception of ERM

Handling Unrealistic Expectations of Enterprise Risk Management

5 Ways to Improve ERM’s Reputation with Executives

  1. Designed from the ground up to not just avoid but take risks too.

Even today, risk management is still a relatively new discipline where articulating “best practices” is very difficult if not impossible. This was especially true for LEGO when it began its ERM initiatives in 2006. While the COSO standard did technically exist, it was very cumbersome to use, probably because it was initially created for financial company compliance purposes. The ISO 31000 standard hadn’t even been created yet.

Irrespective of the different standards at our disposal today, every company is different in terms of needs, culture, and so on. Also, ERM should ultimately help the company develop a competitive advantage through intelligent risk-taking and not just risk aversion. In the end, companies who fail to take risks in an informed way will end up being eventually displaced by more agile competitors. As Hans explains in the interview:

To me, ERM is a toolbox for the risk manager. It’s not a process that leads to an enterprise risk management report in its own right.

I love this quote, because Hans is absolutely right – it is not about the report itself. It Is about the insights and knowledge gained as a result of utilizing the tool known as ERM.

For Further Reading:

Why Following ERM Best Practices Can Do More Harm than Good

An Enterprise Risk Management Program is Not One-Size-Fits-All

Fewer Companies Realize Strategic Benefit from Risk Management Activities

Coronavirus Response Not Always About Minimizing Harm

Why a Strong Governance Foundation is Vital to Successful ERM

How Regulators Perpetuate Enterprise “List” Management

The Hazards of Implementing ERM without a Plan

3 Key Infrastructure Elements for a Successful ERM Program

Experimentation and ERM: How ERM is Like Manufacturing a Product

How Scarcity Mindset Can Cripple your Company’s Future

Multi-Decade High Inflation Creates Both Risks and Opportunities

ERM Strategic Planning: Ensuring Long-Term Company Needs are Met

  1. Collaborative through asking questions and challenging assumptions

One of the risk manager’s primary roles is to gather information throughout the organization. However, a truly effective ERM professional also asks questions and challenges assumptions. Take risk identification as an example. By asking “why do you do things that way?” you’re opening up the door to improving that process, especially when the answer is “that’s the way we’ve always done it.”  One interesting point from Hans was the fact that when he assumed the strategic risk management role at LEGO, he quickly learned that he would no longer be answering questions, just asking them.

For Further Reading:

3 Simple Steps to Be Invited to Strategic Planning Sessions

Improve ERM Engagement with This One Subtle Shift

Disjointed vs. Embedding in Culture and Mindset:  A Key Difference Between Traditional Risk Management and ERM

Make your Words Count: Translate Risk Terminology to Fit the Business

Being Included vs. Being Engaged – One Key to ERM Success

5 Critical Steps to Cultivating a Positive Risk Culture

Asserting the Answer – A Common Pitfall of Effective Problem Solving

Avoid the Gotcha Reputation with Executives by Using One Simple Step

The Importance of the First Five Minutes of Any Risk and Strategy Conversation

  1. Success-metrics – knowing your efforts are paying off

Developing an ERM process from the ground up is a big undertaking that requires a lot of trial and error. If you don’t know what to look for in terms of success though, how will you know if your efforts are on the right track? Companies who do not have any metrics for knowing if their ERM efforts are successful won’t know if they need to make adjustments.

It’s not necessary to setup any sort separate system for this, at least in the beginning. If a risk is linked to a goal or objective, then any metrics associated with the goal can easily be used to determine if ERM is successful too. Another possibility is a goal statement with a timeline. Achieving a goal before the allotted time can also be an indicator that your ERM efforts are working.

For Further Reading:

An Easier Way to Understand the Effectiveness of Risk Controls

Questions for Gauging to Value of your Organization’s Risk & Performance Management

3 Easy Steps to Ensure an Optimal Outcome for Enterprise Risk Management

3 Steps to Building an Effective KRI System

5 Simple Questions for Assessing the Effectiveness of ERM Processes

  1. Start small and build from there

We all have to start somewhere. Knowing where to start is one of the biggest challenges risk managers, especially novice ones, face. Once you understand the reasons for ERM, start by looking at where you can get the most bang for your buck.

Let’s say the overarching goal of ERM is to improve decision-making, so seek out areas of the company where lots of decisions are being made and see how you can be involved. See if you can go and observe a particular area to understand how they deal with uncertainties and how you can help improve those processes. If there’s a small win you can deliver, and another, and another, coworkers and managers will begin to take notice and see the value of ERM.

For Further Reading:

Practicing ERM without a Formal ERM Program

ERM on a Budget – It is Possible! – 7 Key Considerations

3 Ways to Mature your ERM Program and Why They are All Bad

6 Ways to Improve your ERM Program’s Scalability

6 Steps to Building a Vibrant Performance-Focused Risk Culture

  1. Be proactive even if the risk initially seems unlikely to materialize.

Being proactive instead of reactive is a core difference between traditional risk management and ERM. Many companies though still only look at known risks (typically these are really issues, not risks) that are right in front of them and not consider possible future scenarios, especially when it comes to external events.

Take the Brexit vote in the UK as an example. When the date for the referendum was announced, risk managers and even many executives assumed it wasn’t going to pass. Since LEGO had operations in the UK, they needed to be prepared in the event Brexit did become a reality. By making a proactive effort to understand how Brexit would impact LEGO, the company was prepared several years before the UK actually left. Other companies who assumed Brexit would not happen and did nothing were caught flat footed.

For Further Reading:

Why Reactive Decision-Making Can Be Devastating and How to Improve It

The Future of ERM – Grooming the Next Generation

Peak Car – Can ERM Help Automakers Adapt to a Growing Trend?

Ford Supplier Explosion: Why Being Prepared for a Supplier Outage is Crucial to your Company’s Survival

3 Threats Leave Long-Standing Food Brands Struggling

Techniques Used by One of the World’s Largest Automakers for Identifying Future Risks

Can We Trust the Experts During Risk Assessments?

  1. Don’t focus on something just because that’s what everyone else is doing.

It’s totally okay to go out and see how other companies are approaching ERM and what risks they’re focusing on. However, if you think copying their tactics will work, you will soon learn otherwise. It’s tempting to reach for the latest top risk reports, but many risk managers forget that not every one of those risks will apply to their organization. Also, as we stated earlier in #5, each company is unique, so what works for a peer company will not necessarily work for yours.

One example Hans shares is how liquidity was a big risk for many companies, but not LEGO because it’s owned by the wealthiest family in Denmark. Both Hans and LEGO’s treasury team spent nearly two hours coming up with scenarios for liquidity risk but couldn’t. If they had simply ran with what others were doing, they would have wasted valuable time and resources on a non-problem at the expense of other issues more relevant to the company.

For Further Reading:

Are Top Risk Reports Really Helpful to Organizations?

3 Ways to Avoid the Check-the-Box Trap in Risk Review

Avoiding to Dreaded “Bureaucracy” in your ERM Efforts

4 Possible Paths Your ERM Program Can Take

4 Critical Things Organizations Must Do to Ensure an ERM Program’s Success

Taking a Growth Pause: Preparing for Long-Term Success

As mentioned earlier, LEGO has been at the forefront of harnessing uncertainty to build a competitive advantage for many years. These factors or attributes played a major role in making that happen. Thank you again to Hans for being willing to share his experiences and insights.

How has your company leveraged risk and uncertainty in pursuit of strategic objectives?

If you have any experiences or tactics that helped your company build a more robust ERM process for managing risks and taking advantage of opportunities, please don’t hesitate to leave a comment below or join the conversation on LinkedIn.

And if your company is struggling to transform ERM from a check-the-box compliance exercise to a valuable partner for improving strategic decisions, feel free to reach out today to discuss your particular situation and potential options.

Featured image courtesy of Headway via Unsplash.com



Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Receive Our Weekly Blog Updates

Meet Carol Williams, SDS Founder & Lead Strategist

To our readers:

This blog was launched to provide strategy and risk practitioners with a go-to resource to better guide their efforts within their companies. Thank you for bringing me and my team along to be part of your journey towards better risk management, strategic planning and execution, and overall decision-making. Happy reading!

Find more SDS Insights