Anyone who knows me well knows how much I enjoy murder mystery TV shows and books.
And IF I’m able to manage some TV time, something that is getting more difficult all of the time it seems, shows like Rizzoli & Isles, CSI, and Criminal Minds are some of my current faves. In years past, you could add Law & Order and The Closer to this list. Shows like this really grip me – I’ve caught myself saying I’ll only watch 15 minutes then I end up watching the whole episode!
So you can imagine I was intrigued when reading how Hans Læssøe, former strategic risk manager for LEGO, described one facet of risk identification in his book Prepare to Dare.
Hans explains how identifying risks and opportunities for projects and specific initiatives is pretty straightforward.
But this isn’t quite the case when it comes to business strategies as descriptions of these risks and opportunities tend to be rather vague. While this vagueness doesn’t necessarily mean these risk statements are useless, the statements do require further analysis.
To do this, the first step is to ask “what is the problem/benefit?” then “why is this a risk/opportunity?” to understand the context.
The next question from here is to ask “why/how could this materialize?” which in effect means conducting a root cause analysis to identify what will ultimately trigger the risk and thus what can actually be managed. Hans then explains:
As a frame of reference, a coroner often states that the cause of death is “cardiac arrest,” and true, if the heart stops beating, the person dies. To the criminal investigator, it is necessary to get more insights as to “why did the heart stop beating?” – to him, “cardiac arrest” is inadequate as cause of death.”
Simply saying a person’s heart stopped beating is inadequate and useless as a root cause. If I were a detective investigating someone’s death, I’m going to want to dig further to understand why the heart stopped beating.
To translate this for the purposes of risk identification, Hans describes a situation where a CEO may say the company has a reputational risk, but as he explains, simply saying something is a reputational risk is too broad and not helpful for decision-making.
As I discuss in this article, looking at reputation as a stand-alone risk comes with many drawbacks. (I highly recommend reading the reputation risk article to understand those drawbacks and more.) It can be difficult to explain to the executive team, audit committee, or board, and it’s likely any scenarios you develop will end up being duplicative of risks you’ve already identified.
Instead of lumping reputation into one big risk, you can instead examine risks and specific events or triggers and how they may impact the company’s reputation.
In a previous article comparing a toddler’s “why” to root cause analysis, there are several methods organizations can use to do this, including brainstorming, flowcharting, 5 whys, fishbone diagrams, and affinity diagrams.
Ultimately, getting to the root cause means asking “why” until you can go no further. Once you reach this point, you will then understand what needs to be done to address the risk.
Police investigators do this intuitively.
Not only are they interested in fully understanding the cause of someone’s death, they also want to fully understand the “why” or the motive. It’s with this information in hand that detectives can unravel a plot, find the person or persons responsible, and bring them to justice. Without this clear understanding, it’s highly likely the person(s) will just walk or the perpetrator(s) remain free.
In the case of risks and opportunities to achieving strategic objectives, not having a clear understanding of the “why” or root cause of a risk or opportunity will lead to confusion as to what the appropriate response should be. And by the way, if you don’t have the trigger, root cause, and potential consequence(s), you will not have the three necessary components of an effective risk statement.
I find it fascinating how seemingly unrelated concepts or ideas can be used to understand ERM concepts and processes, as well as how these concepts are actually tied together.
What concepts or analogies have you discovered to better understand risk and opportunity management?
Today’s article was a little bit on the lighthearted side. After all, ERM doesn’t have to be dry and difficult to read! Hans’ book is a great entry-level resource for learning how to build an effective, value-enhancing ERM process.
If you’re experiencing difficulty in identifying root cause or any other aspect of ERM, please reach out to me or schedule a meeting today to discuss your specific situation and a possible path forward.
Sign Up For Our Newsletter
Sign Up For Our Newsletter
Helping companies achieve their vision and strategy, and succeeding in today's turbulent world, is something I'm honored to be a part of. Whether you're an occasional blog visitor or a long-term client, thank you for letting us be a part of your journey.
Most Recent Posts
Without a doubt, one of my family’s favorite holidays is Christmas. Part of the fun, especially for our son, is seeing what “Santa” brought, but most importantly, we treasure the spirit of peace and goodwill the season brings. And after what seemed to be a never-ending warm spell, the weather is expected to be good…Read More
As the end of the year draws near, I think we’d all agree that while it wasn’t without its challenges, this year also wasn’t quite as turbulent as the previous two. While a lot of people are juggling company parties, shopping for friends and family, and special activities for the kids, most companies are putting…Read More
Strategic planning is a challenge – of all people, I understand… After all the meetings, risk and data analysis, and brainstorming of the preceding months, it’s tempting to think this is the end of the road and you can relax. Contrary to this common perception though, this is exactly not the time to relax, but…Read More
Be honest – have you ever done something that you soon realized was a real rookie mistake? Me raising my hand… Considering the nature of ERM’s role to ask questions and challenge assumptions (often during conversations with executives), it can be argued that, in at least some cases, the expectations bar for risk professionals is…Read More
On occasion, I like to take some of the concepts we risk professionals think about in our jobs and apply them to different personal situations…take some of the same concepts we use when working with executives to develop corporate strategy and manage risks or uncertainty around that strategy. It’s Thanksgiving week in the U.S. –…Read More
Periodically, I have the pleasure of speaking one-on-one with Hans Læssøe on a variety of topics around ERM, strategic risk, and other issues and trends. As you know from my previous conversations (here, here) and posts featuring his work, Hans was formerly a practitioner at the iconic LEGO Company, but even more notably, is a…Read More
Everyone likes a clear-cut template that offers an easy way to create or manage something…I mean what’s not to like about a step-by-step process for accomplishing what you want? Sometimes this can work without any issues, such as the case with the Project Management Book of Knowledge (PMBOK), ISO 9001 standard, or a new cooking…Read More
One thing I was taught to appreciate from a young age was the value of education and knowledge. It didn’t necessarily matter what the subject was, just that I always maintain a learning or growth mindset regardless of my current status in life. This mindset has served me well over the years, and it’s a…Read More
It’s amazing how technology has developed and changed our working world over time. Imagine trying to run my risk and strategy consulting firm without tools like Zoom, Box, Slack, and other ERM-specific technology tools. There is no way we would be able to serve our clients the way that we do. Just consider how the…Read More
If you’ve been handed the task of creating an ERM program for your organization, let me first offer my congratulations quickly followed by my empathy for the task ahead of you. I don’t say that to scare you but to provide a small dose of reality. Building, launching, and refining an ERM program that is…Read More