ERM May Be Simple to Understand but It’s Not Easy

One name you see me refer to often is Hans Læssøe, author of the book Prepare to Dare, and former strategic risk manager for The LEGO Group. Hans is currently a consultant based in Denmark.

Not only do I admire LEGO for its stellar assortment of models that both my son and I enjoy building, the company is also considered a pioneer in embedding risk into the strategic decision-making process.

In the first chapter of his book, Hans explains three simple questions that form the basis for managing risks. These questions are:

  1. What can happen? (i.e. risk and opportunity identification)
  2. How important is it? (i.e. risk assessment and prioritization)
  3. What do you do about it? (i.e. risk response or risk and opportunity management)

The paragraph following these questions in the book makes a fascinating distinction. While these questions seem simple to ask, they are by no means easy to answer. Hans cautions the reader to:

…avoid confusing simple with easy. Just as a frame of reference: Running is easy – all you have to do is put one foot of the other so fast, that you at no point in time have both feet on the ground. This is simple, most anyone can do this. If you do it long enough, you will have run a marathon – now, despite the inherent simplicity, only a small share of the population is capable of doing this.

When you were first learning about ERM, it seemed simple, correct?

You identify risks and opportunities, determine which ones warrant your attention, and then take steps to either minimize the negative or maximize the positive. Much like running, this sounds simple and straightforward.

However, when put into practice, it is by no means easy. After all, if it were easy, every organization would be embedding this way of thinking into its strategic planning, daily decision-making process, day-to-day operations, and more.

Expanding on Hans’ point a bit, one thing risk professionals have to remember is that ERM needs to be unbiased.

Again, sounds simple enough right, but is it easy?

In my experience, the answer is an emphatic NO!!

I can attest to this personally…

Separating your own biases and becoming a neutral party is particularly difficult if you are an ERM professional within an organization.

For example, in my days as ERM manager and later ERM director, I would have my opinion on what the top 10 risks to the company were only to find out that the executives thought differently. Thinking back, that is completely understandable – they have more knowledge and exposure to what is going on than I did!

Understanding that I need to set my own biases aside was a big lesson to learn in the early years of my ERM career.

If asked by executives, any ERM “recommendations” should be based solely on information discovery, not any personal slant.

Sounds simple, right?


Not so much…

Have you thought ERM was simple just to later learn that application it isn’t easy?

How do you handle personal bias in your work as a risk professional?

I’m always eager to learn more about the experiences of other ERM professionals. Share your thoughts by leaving a comment below or join the conversation on LinkedIn.

And if you are struggling to set aside personal biases, an outside perspective can be helpful in ensuring executives receive the best information and most value possible. Click here to send me a message to discuss your specific situation…

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Receive Our Weekly Blog Updates

Meet Carol Williams, SDS Founder & Lead Strategist

To our readers:

This blog was launched to provide strategy and risk practitioners with a go-to resource to better guide their efforts within their companies. Thank you for bringing me and my team along to be part of your journey towards better risk management, strategic planning and execution, and overall decision-making. Happy reading!

Find more SDS Insights