Real-Life Example of Robust Enterprise Risk Management

Today we have a special guest – Hans Læssøe. As you may know, Hans’ perspective is something I reference often here on the blog. We finally got a chance to catch up!

In this interview, Hans and I discuss his background, what led his former company, LEGO, to adopt ERM, and a few factors key to the success of risk management at the company.

From there, Hans explains the one thing companies must have in order to be successful in their enterprise risk management efforts, along with some tips for those who are stuck or just starting out. 

A huge thank you to Hans for speaking with me…we hope you find this interview informative and engaging. You can either watch the video or read the transcript below. To share your thoughts, leave a comment below or join the conversation on LinkedIn.

Be on the lookout for additional discussions in the weeks ahead on using modeling to support decision-making, performance vs risk-centric practices, and a preview of Hans’ upcoming book, Decide to Succeed.

Interview Transcript

Carol Williams (00:02):

Well. Hello Hans, it is good to see you. For everyone, this is Han Laessoe, a well-known risk, professional and he has a company called Aktus based in Denmark. Hans, can you tell everyone what Aktus means?

Hans Laessoe (00:23):

Aktus is a merge of two words in Danish, the words (inaudible) Active Uncertainty. The point of the company, the point of my approach to risk management is that risk’s a part of life. So instead of worrying about them and trying to avoid them and trying to minimize them, you might as well leverage them, see them as a good thing and work actively with them to make them a part of your competitive advantage.

Carol Williams (00:51):

Fantastic. Well today I wanted to talk with you about a real life example of robust risk management and what insights that professional experience has provided for you so that people watching this can take that and apply it to the experiences that they are going through right now. So tell us about your background. Like what professionally led you to risk management?

Hans Laessoe (01:23):

Well, for the first thing, I’m an engineer by education. I actually specialized in nuclear power safety systems, but we don’t have nuclear power. So I needed to do something else. I started up at the Lego group more or less by coincidence and I was there for 25 years, doing manufacturing, planning, IT, financial controlling business support, stuff like that. And it was in my role as a strategic business controller where I was looking, doing benchmark analytics across the company that the CFO came to me and say, “Hans, we need some strategic risk management. Don’t you think?” I had no clue what the dude was talking about. Never heard the term before, but out of the words, it seemed fair enough. So, yeah, yeah, sure. Yeah. Fine. Yup. I’ve gotten a report from a consulting company and it sucks. We’re never going to do it that way.

Hans Laessoe (02:20):

It’s very cumbersome, very expensive. And I’m not even sure it hits the target. So I’m trying to figure an easy way we can do it. You can spend a day a week if you need more, just give me a holler. Yeah, no, no. Let me, let me look into this. Can I get the report with a consulting report? No. Nope. No means, it’s very bad. I don’t want you biased. Um, try the internet. There’s so much stuff out there. So I literally in 2006 started Googling strategic risk management before as a part of it, but it sounded like fun. So let’s go ahead. And that’s how I came into that and was asked strategic risk management. The company of course, had a lot of different risk management before, like a treasury, currency hedging, vendor assurance, and credit risk management all those kind of things. I was to look at the strategic part the business risks that were not catered for in any systematic way, leading up to an enterprise risk management system.

Carol Williams (03:23):

Fantastic. So you basically kind of fell into it accidentally like a lot of people do.

Hans Laessoe (03:29):


Carol Williams (03:30):

I think there’s this thought that you have to study risk management in order to be able to go into the background. And it’s been something that I always tell people is people bring a lot of different backgrounds to this. Studying risk management does not have to be one of those. Yeah.

Hans Laessoe (03:47):

To me the most, the two most important things you need is you need some basic statistic skills to be able to handle the data that you do have. And you need to understand how that works. But much more than the statistics that you get in any trade school is not needed. I mean, you don’t have to be a PhD in, game theory or anything like that, but you do need some that kind of skill. The second thing is that you need to understand your business. If it’s more important that you understand the mechanics and say, okay, water levels are rising, what does that mean to our supply chain? But you’re able to make those kind of, you can’t study that. And that’s just so I’ve been with the company for 25 years before I even started on this, which meant I knew the company inside out.

Carol Williams (04:41):

So people that are within an industry, they should really harness that industry experience, be able to bring that to the table of a company is really the value.

Hans Laessoe (04:52):


Carol Williams (04:53):

Okay, fantastic.

Carol Williams (04:55):

Was there a particular event or a trend that really prompted Lego to start looking at the strategic risk management?

Hans Laessoe (05:05):

Yeah, two things. One thing is that, 2006, the company had just come out of a slump, between 2002 and 2004, the company lost a third of its revenue. We were in dire straights and we got a new CEO and a new CFO. Coming out of a slump was one thing. The other thing was the CFO, who then came from a bank, came to the Lego group and he had used to have, enterprise risk management, or rather what the banks called operational risk management, the risk management that covers everything beyond money or cash handling and stuff like that. So that’s what he wanted. So he came, he was used to that from his background and the two put together say, okay, we need to find some dude who can do this and it fell on me. I’ve done other things from scratch before.

Carol Williams (06:01):

That actually sounds like, another expertise or experience that becomes very helpful is you’ve designed something for the company and from the ground up. So you know how the process of design and actually implementing something yes. Within the company and how much the culture of that company plays into what you do.

Hans Laessoe (06:27):

As a industry, as a business or a profession risk management is much younger than finance. In the early days, finance was done individually, company by company and there’s still huge differences. But when you get down to the nitty gritty of financial management, there are today best practices that people adhere to and they even regulated stuff like that. Risk management hasn’t gotten to that level of maturity where anyone has come up with proven best practices. So that’s why, everybody has to (inaudible).

Carol Williams (07:02):

And so much of that is because of the culture being so different at every company. Everybody kind of goes through the same thing, different things.

Hans Laessoe (07:10):

You will have companies with a culture that says don’t take risks for whatever. Whatever you do, don’t take risks. Hospitals would be good (inaudible) companies would be good. They don’t (inaudible) you on change taking risks and you forgot to the extreme opposite. Entrepreneurs like a Sir Richard Branson is risk statement is great, just do it. He will take huge risks. Not unknowingly, not unprepared, but he will take them.

Carol Williams (07:42):

Okay. Cause the reality is is that if you don’t take at least a little bit of risk, then are you really going to succeed as a business?

Hans Laessoe (07:50):

Sorry Carol. You’re going to have to take a lot of risks because everybody else is.

Carol Williams (07:54):

I agree. I’m thinking like the hospitals, the ones that are on the lower end, they’re going to have to even them. We’ll have to take some risk.

Hans Laessoe (08:01):

We’ll have to take some risk. One of my favorite quotes on risk management and the presenting the value is one of racing icon Mary Andretti who said, “that if everything is under control, you’re moving too slow.” A hospital is not about financial, have other values and other purposes than financial and financial gain. So they don’t have that, but companies, corporations that are listed companies that needs to prove themselves every quarter, they will need to take even rather huge chances in order to do so.

Carol Williams (08:39):

I agree. Agree. What elements or factors do you think were key to the success of the strategic risk management that you did at Lego?

Hans Laessoe (08:50):

Two things, one is me. Not me as such, but the 25 yearof seniority I had and the network I had around the company that helped me get started fast. I even knew whom to ask about what is this risk management thing and how do I approach it? Because we had, our head of risk management at that old corporate risk manager. He was the head of insurance. He knew a lot more than insurance and he helped me get started. So that’s one part. The other part is time. I was given all the time and all the focus allowed to do anything, attend any course just to get started. And I had the full backing of the, executive committee. When I look at colleagues asked to do ERM, they have one or two day jobs to begin with. They have to do the insurance. One I met even was responsible for the travel department, poor girl, which means that being strategic risk management, that was anytime between Friday and Monday. And if you’re in that position, I was given a day, a week and if I needed more, which I did after three or four months, I’ll say, how much do you need? Like half time. Okay. And it was a one minute decision. Okay, you get half time.

Hans Laessoe (10:05):

So the resources plus the insights were what drove that? It was done fast.

Carol Williams (10:13):

So really just having that all in executive buy in. Like they knew that based on your research it was going to be something valuable for them they should do. And they knew…

Hans Laessoe (10:23):

They trusted me to come up with something valuable.

Carol Williams (10:26):

Exactly. It’s the trust factor, right? The trust in you as well as the network and the relationships that you had within the company really drive that. I think that’s one element that a lot of, risk managers underestimate. Is the value of that working within your own company.

Hans Laessoe (10:44):


Carol Williams (10:46):

They focus on, Oh, I need a network with my peers and other companies to see what they’re doing. And it’s like, but you need to know the people in your own company to know who to be able to go to on certain topics.

Hans Laessoe (10:57):

When I talk to colleagues and I rarely rapidly went into different networks to learn from others, one of the risks that most companies were worried about were liquidity risks. Because if you, if your liquidity sucks, then you’re in trouble no matter how much money you make, it doesn’t matter. You can’t pay next month’s bill. And the labor group is a privately owned from the wealthiest family in the country by far. And liquidity was never an issue. You want money, you get money. So I didn’t have liquidity risk. Sorry guys. But I didn’t. When, I asked, actually I had a talk with one of the treasury guys. So let’s find a scenario that could give us a liquidity risk. We spent an hour and a half, we couldn’t come up with one. It was totally impossible. Not liquidity. Anything else? Profitability. Yeah, sustainability. Yeah. Deliverability. Yes. Market development. True equated to actually being hampered by lack of liquidity. Not possible.

Carol Williams (12:01):

That is not a bad situation to be in.

Hans Laessoe (12:03):

Oh no, no, no, no, no. Very nice.

Carol Williams (12:07):

So it was nice to, but that actually gives you a challenge because then you know that you cannot necessarily compare Lego to other companies.

Hans Laessoe (12:16):


Carol Williams (12:17):

You know that there are certain elements and I think that is something that other risk managers forget about is they say, here’s these top lists that are coming out. We need to make sure that all of these are on ours. No, not necessarily do they fit the company and your situation. Right.

Carol Williams (12:41):

What is the one thing, if you had to pick one thing that organizations need in order to be successful with enterprise risk management, what would you say that is?

Speaker 4 (12:50):

Want to do it. They have to be dead. Sure. They want, they know what they want to achieve because if they know this is what I want to achieve, this is a value it’s going to give me, this is the benefit it’s going to give me to do this, then everybody will be able to support it and sustain whatever efforts is needed to do so. If you say, I want an ERM, because everybody says I have to have an ERM. What are you going to get out of it? I have no clue. It will take a CFO 15 minutes to lose interest and then you lose funding and then you lose the liaison and then you lose contacts and then you’re just sitting in the corner over by yourself

Carol Williams (13:26):

And you’ve wasted the last two years of your life.

Hans Laessoe (13:29):


Carol Williams (13:30):

Yeah. Yeah. So I completely agree. The want to make such a big difference as opposed to the I have to do it because the regulators are telling me or,

Hans Laessoe (13:41):

But if the regulators are telling you you want it, try look at it and say, okay, they want it because they think it’s best practice. Why do they think it’s best practice? What is the benefit that we can get out of it? Will we be more profitable and more sustainably profitable if we actually do this? Will we be able to grow faster, take better decisions? Okay, let’s go for that. And let’s set up a metric of knowing when, how do we know we succeed?

Carol Williams (14:06):

Right. It’s that success metric, right? I think a lot of companies look that part. Yes. And saying, how do we know that we’ve succeeded in reaching the goal that we wanted to achieve for having ERM and um, how do we know we’ve gotten there? How do we know that we’ve one met the threshold of what the regulators want but not necessarily the value that we want to get. So let’s go beyond that to reach that threshold that we want to happen.

Hans Laessoe (14:35):

We have different purposes. I mean read the read the regulators and the auditor’s, their focus is that you basically do not cheat or lie on the public statements that you make and get your company to have another look appear to having another value with that is really there. That’s their purpose and it’s a perfectly legitimate purpose. I’m not belittling that to any extent. The enterprise risk manager and the executive committee, they’re more worried or worried about the sustainability and the profitability and the development and the growth of the company, whether they’re purporting the rate or not has to be done. But it’s not important.

Carol Williams (15:14):

Yeah. Too many times. Um, even the ERM and professionals tend to focus on what what’s getting reported out, but is the report outs aren’t the valuable, aren’t the value add? It’s the conversations and the insights that you’re getting as part of the discussions and the questions that are getting asked as part of the whole process itself,

Hans Laessoe (15:36):

To a high extent, Risk Management is a planning process, and as planners, know plans are nothing. Planning is everything.

Carol Williams (15:46):

Okay. And so many people don’t want to plan. That’s the hardest part, right?

Carol Williams (15:51):

Yeah. But I think it was Benjamin Franklin who 200 years ago said, by failing to prepare, you’re preparing to fail and you can opt to do that. I mean it’s legal. At the liberal group we had the quality function. They have a different perspective on that with a five P word saying proper preparation prevents poor performance. I was actually six. Proper preparation prevents poor performance and that goes for business decisions as well.

Carol Williams (16:21):

Great. I agree.

Carol Williams (16:27):

Based on the timeline that you told me of being 06, it sounds like, I know the answer to this question, but I’m going to guess. Was Lego the first to kind of navigate the ERM waters?

Hans Laessoe (16:39):

No. We were under forefront at 77. We were amongst the first, when I reached out and reached out and looked for network and, and other people who knew the bad, this, uh, I met with companies that had been doing this for years. Uh, one of them, a Danish company, a Nova Nordisk who’s a lot bigger than the legal group. They had been doing this for years and, their strategic risk manager was very willing to share her experiences and we had a great collaboration on that one. I was dumb and asked some stupid questions which helped her write from time to time, but, I learned from her. And then I was introduced to a European network of strategic risk management. And these were the big guys. These were shell oil. These were, Novartis there was a Volkswagen were in there and hold it of other companies that were way bigger than we were, had been doing this for years. Nestle, it was part (inaudible). So first or learned a lot from these guys and it was, everybody was experimenting. And that’s the fun thing about it is that nobody has all the golden keys. So if you’re in a network with other risk managers, you can cheat, you can show value, add value to their purpose, to any one of them with some of the things you are doing. And every one of them will be able to add value to you.

Carol Williams (18:04):

And sometimes just the question to ask prompted them to start thinking in a, maybe even question some of the assumptions that they’ve made with their processes and practices. Right? Because they’re like, Oh, well that’s the way we did it, but we started doing that five years ago. Maybe we need to go back and take a look at that and see if it’s still working as well as we as well as it was when we first started. The thing that’s an element that gets forgotten about is the continuous improvement and [inaudible] of processes, right?

Hans Laessoe (18:38):

Yeah. I had one guy who was talking to at this European network and they were explaining how they were doing the identification process. I didn’t, get it. I mean I, I didn’t get the value of that, so I asked why you’re doing that way. We’ve always done it that way. Does it work for you? It has always worked. Oh, okay. Well then we, the meeting that stopped and all that and we went back and a couple of weeks later he wrote me back and said, that was a damn good question. It appears we can do it better by doing it another way. So we actually changed the way we’re doing it because it wasn’t the best possible way. We just never thought about changing it. New people, can ask very intelligently stupid questions.

Carol Williams (19:24):

Yeah. That’s why I have the motto. There are no dumb questions.

Hans Laessoe (19:28):

Oh, that was actually work-wise, mentally the biggest change for me coming into risk management. I’ve been executive staff, I’ve been planning capacity planning, I’ve been doing financial controlling for 20 years, 20 odd years. I’ve been the go to guy to [inaudible] responses. How do we do this? What’s the price of that and so forth. Um, and suddenly it dawned upon me, I was told by our insurance head, you’re never going to answer another question again. You’re going to ask questions. So it was a complete change and it was a one thing that was a change for me. It was a learning exercise to start asking questions you can tell him instead of instead of telling people how to do their business. But the effect it had or the a perception it had in the organization who had known me for years and suddenly I won’t answer anything. Hey, what’s, what’s going on here? So in this job I can’t answer because if I start telling you how to manage this risk, I own the risk. And as an enterprise risk manager, I cannot own the risk without being the CEO. And the only CEO I know has, that is Warren Buffett who says as CEO of the company and the risk manager,

Carol Williams (20:55):

ultimately he makes feel and we are not Warren buffet. No by any stretch of the imagination. So I think that’s a really great point. I’m one of the kind of mantras that I try to encourage when it comes to enterprise risk management is to say you ask questions and you challenge assumptions because the, the assumptions are what get companies in trouble all the time.

Hans Laessoe (21:25):


Carol Williams (21:25):

Because they take an assumption and make it fact.

Hans Laessoe (21:29):


Carol Williams (21:31):

When that is two distinct things

Hans Laessoe (21:34):

You ask a sales guy about a market, a market related risk. They did take his response and go to a marketing specialist or a product developer and feed him that information and say, okay, what do you think about that? And they will have a different perspective. And then you’ll take their perspective and go back to the sales guy so that you use the insights of different people because you don’t have it all yourself and you never will by the way. And start leveraging that and challenge the different ones. Also a great way to get people to think about it as what kind of man used to call an assistant to thinking, actually thinking about what their responses are instead of returning to a system one, this is what we’ve always thought and it’s a no brainer, so let’s go ahead and say that. Then we challenge that and you’ll get some some mitigation on biases.

Carol Williams (22:27):

Yeah, and and sometimes the, you don’t want to have them in the same room. I think that sometimes a lot of times we do try to bring people to the table to be part of that conversation, but bringing people to the table, doesn’t have to be a literal table. It can be, we’re going to talk about the same topic, but as ERM, we will facilitate that conversation with individuals across the, across the company.

Hans Laessoe (22:54):

Right. Plus if you want to have a discussion around market risks and you’d five or six people around the table, senior specialists trying to find a date anywhere within the next two or three months where you can get five senior directors to meet at the same time for an hour, forget it. It’s going to slow you down. So take the ball, run with it.

Carol Williams (23:19):

Yeah. Great point. Great point. So how would you describe the risk processes? You know, we were just talking about like the, the identification process. So what, how do you think of those different steps in your mind?

Hans Laessoe (23:37):

Collaborative first and foremost, this is about gathering information that is in the organizand that said, the worst process I’ve ever seen was a company that presented the idea that you, the executive is important. You have to have that buy in. So we ask all of the executives what their key risks are. You put them in report and you feed them a report of what their key risks are. I go a step below also because most executives all except for executives are generalists and not specialists anymore. They may have been, but they’re not now their purpose, their job is to look across and be generalists, which means they know next to nothing about everything. What you need other specialists that can go a step deeper? Yes, there’s an oral price increase. The head of operations can be worried because we buy a lot of things in order like plastics. Okay. But the procurement guys knows how much of an effect would that have on the plastic price. He’s the guy to talk to. So it’s very collaborative and it’s talking to the senior manager, director, senior director level across the company, gather their information, distill it into an easy to understand form and feed back to management and say, by the way, these are the key risks and what you should be aware of is we have one, two, three issues that we actually need you to address. Another benefit that you get from that is a lot of the specialists have something they actually worry about and they have told their boss more than once and nothing has happened. Now you can be, are their a spokesperson person for saying this is actually wrong. We need to do something about that. We don’t have necessarily to stop it or anything, but we need to address it in a different way. Safeguard ourselves in a different way because they’re really risks here.

Carol Williams (25:42):

Yeah. ERM becomes the voice sometimes business that that true channel of communication to the executives,

Hans Laessoe (25:51):

To me, ERM is a toolbox for the risk manager. It’s not a process that leads to an enterprise risk management report in its own right. It’s like the general ledger of which management, this is where I keep my data. This is where I have the overview. Based on that I can do analytics, I can do reporting and I can tell the company executives what the heck, what the state of the union is from a (inaudible). Where are we vulnerable and where are we not.

Carol Williams (26:21):

And not just that, but if the business already has ideas about how we can address those risks even better. It’s not just bringing a problem to the table. It’s bringing a potential solution to the table. Yeah.

Hans Laessoe (26:34):

Oh yeah. I mean, in most cases, uh, in certain, some cases I’ll say, okay, these are the key risks as they are, we have accepted these, say these are acceptable. We will not do anything further to them right now because the likelihood is too small that it would really hamper us and we have other priorities so we will not do anything for it on that. On this particular issue, we found we need to do something and we can actually gain a lot of benefit from relatively reasonable effort if we do this and this and that. And by the way, I’ve talked to those guys over here or those guys are over here, those guys are over here and we have a plan that we would like to present to you as a mitigation of this risk where we get a lot of value out of a reasonable amount of effort.

Carol Williams (27:22):

Yeah. There’s nothing executives like more than having a problem and then a solution provided to them. Right.

Hans Laessoe (27:28):

But we can also go the other way. I mean we, I mean the Lego group is global and we’re working a lot with the UK and Danish and we have offices and UK and stuff like that. So when the Brexit was announced, actually when David Cameron put out the voting date, I started talking to people like our head of corporate affairs, the lobby office or takes care of legislation and EU collaborations, stuff like that and say, I think we should discuss this because they may actually vote out. Now, at that point in time, nobody thought they would. But nevertheless they may vote out. Let’s see what it takes, what happens just to get prepared. And we agreed to collect a couple of specialists, like eight or 10, HR, logistics, sales, marketing, stuff like that and say, what could we see if the UK actually leaves the EU? What will happen to our sales, our flow of goods? So the, this and that. What would happen to the organization? And for each of these, what would have to be true if we were to change the way we did business? And we came up with three or four scenarios that could enforce us to change. It changed the way we do business. How much time do we need to have to prepare? We need two years. Okay. Once the article 50, the exit paragraph is launched, there’s two year period before they actually out. So we don’t have to do anything now we can think it through and stuff like that. But we don’t have to do anything now until they vote out do say to say now we saying we are on the way out. So, but we have that plan and by the end of the day we could make up the head of corporate, governmental affairs, and myself, we made a joint report to the CFO and say Brexit may happen, which was a strange one because our CFO at that point in time was you, it was English. And he said, it’s not going to happen. Say you don’t know that, but it could happen, but we have considered these and these and those things, there are no issues. This may be an issue and that may be an issue. And we expect that we will be able to address this issue within the two year period we have between the announce and actually leave. So, don’t worry about it. And he went through the report with the rest of the executive committee and they came back and say, great, now we don’t have to worry about it. We were prepared for years before they actually left.

Carol Williams (29:59):

Wow, and that was all because of the analysis and the effort, the planning and the preparation

Hans Laessoe (30:06):

Enormous effort of spending two hours with six guys in an office.

Carol Williams (30:10):

It’s amazing the difference that just a couple hours can make

Hans Laessoe (30:13):

Yes. Just a couple of hours to think it through because we could have gotten into other things like, Oh, we have a factory in UK. We have to move that because we can’t get parched in and I have or whatever. If you can’t do that in two years, what’s supposed to be then? And how are you going to do that? You can’t do that. And a lot of the risk managers I’ve talked to, they started looking at what do we do about Brexit after it was decided after the button was pushed and potentially had a year and a half to deal with the whole thing. So, yeah, get, get moving, get the discussion going in due time to avoid starting a tsunami, just sailing smooth waters instead.

Carol Williams (30:53):

Well, and there was a great point that I want to make in that and that is that it does not have to be a long involved conversation to get something that could potentially be big to be able to say it could be big, but here is the information that we know as just a simple two hour conversation with a few people. You were able to get all that information. I think a lot of risk managers say, Oh my gosh, there’s this big thing. We’ve got to get 10 people in the room and it’s going to be a five hour conversation. And it kind of gets blown out of proportion from the very beginning. Instead of just saying, we just need to gather some information. Let’s just, let’s just figure this out.

Hans Laessoe (31:38):

I was talking to another risk manager who said he was worried about, or one of the big issues they had was, the Trump presidency because they found that he was very, unpredictable. What he was doing was unpredictable and that was harmful for them because they didn’t know what to plan for. And, we were like three or four discussing this and one of my colleagues from another company said unpredictable. What do you mean the guy is doing exactly what he said he would take what he stated before he, before he got elected, take all of those points and say what will happen to us if he actually did do that? And he goes out and do it. Trade war, War against Mexico, differences here, the demise of the Obamacare and all those kinds of things. He said he would do it. He’s actually doing it so unpredictable no. Not, unless you think it’s unpredictable that a politician actually does what he says he would.

Carol Williams (32:38):

[laughter] and that’s worldwide, right?

Hans Laessoe (32:42):

Yeah. That’s worldwide, that’s both for any country.

Carol Williams (32:46):

So when it comes to Lego, how was ERM governed? Like, who did you report to? You know, where did it exist in the company?

Hans Laessoe (32:58):

It, was all resulted in finance, within the finance organization. Um, at first I was as a corporate strategic controller. My reporting was the, head of finance. We had a small team, like four or five of us, and the head of that team was my boss and the first year it was a project and he continued to be my boss at that point in time. Then when it was formalized as a team, I reported to the CFO. Then that CFO, the organization changed that CFO left and the head of finance was elevated into a senior vice president management level that they formed. And I was reporting to him and then they changed it again. And I became part of internal audit and due diligence and credit risk management a couple of other things in a functional teams. I was pushed down twice, uh, from, from uh, being reporting to the CFO. But I still had access to the executive committee if I needed it.

Carol Williams (34:04):

Right. So I think there’s a couple key elements pull out of that. One is don’t that risk managers should not expect that the way that it’s set up at the very beginning means that that’s the way it’s always going to be.

Hans Laessoe (34:17):


Carol Williams (34:18):

Because there is a difference from being a project where you’re designing and implementing and then post implementation and now it’s a thing that exists and it’s going to be there day in and day out. Part of the living breathing elements of an organization.

Hans Laessoe (34:35):

Today it reports to, after I left, it’s reporting to strategic planning.

Carol Williams (34:43):

See, I mean the changes just continue to happen, right? So

Hans Laessoe (34:47):

Changes all the time makes managers, makes executives feel good.

Carol Williams (34:53):

Well, you know, I think it’s because they like change. They like the not having the same thing day in and day out. How was it with ERM being part of the audit team? How did that go? Cause sometimes there’s some, tension between those two groups.

Hans Laessoe (35:15):

We never had that, we never had that as a tension. For one thing, the audit team knew that they could never get anywhere near the strategic risks identification and management that I did and I had no clue about what auditing actually was. So we were not stepping on each other toes and we were in the same department reporting to the same boss for half a year, a year. The head of audit and myself started talking about couldn’t we leverage this in some way? And we came up with a solution where we sat when they do audits or when they do the audit planning, we have a talk between ourselves. So one of the things they do audit or include in their audit reporting and stuff like that is adherence to the mitigating actions that we were taking. We had a database and saying, these are the risks, these are the mitigating actions. And due to some external things that came on about the quality of that, I had developed a quality system where we had a one to five scale on how mature the mitigation was based son how certain are, you know, what you’re doing, how certain are you, who’s doing it and how certain are you, it will actually work. And I had skills on that and we had to find that. So we had a five step, range on maturity. And we simply took, these are the top risks, these are the highly mature in the mitigations. Here we say we know exactly who’s doing it exactly what we are doing and exactly why it works that can be audited. And we fed to the audit team and together with them, they were never just them and took one of my team members along and then they started discussing with people, this is what we’re saying we’re doing. Prove it, please. The pain of doing what you’re doing was easy because processes and legal group are documented or processes are documented in one system. So, if you wanted level of five on what you’re doing, you had to refer to which process in the process document repository are you actually, doing this. Is so we have the entire description of everything in Telford. Uh, so that was easy part and it [inaudible] who was doing it. But the difficult part was why do you think it works? Sales is going down. What are we doing about it? Are we increasing marketing spending? Our decision makers, eight years old, if he doesn’t want the toy, he doesn’t want the toy. You can market, spend your button real bottom line out. It doesn’t help.

Carol Williams (38:11):

Oh great. And I can speak for my child when it comes to that decision making. He see something, he goes, I like that one. I don’t like that one done. There’s a decision, no marketing meetings.

Hans Laessoe (38:25):

Being in the toy industry where decision makers are anywhere between four and nine and they don’t know the concept of brand loyalty or anything, they just need, what is fun. Children analysis I’ve seen shows that children have 50% impact on what toys they get when they’re old enough to decide what they like and what they don’t like. That is at the age of three.

Hans Laessoe (38:53):

When they’re eight years old, second graders and have friends, they have 90% impact on what they get because you know what their wishlist are, you know what they want and you’re not going to give them a Christmas present they don’t want. So that’s a waste of money and you’ll have a five-year-old five, six years from now start worrying because tweens are the best consumers in the world.

Carol Williams (39:20):


Hans Laessoe (39:21):

Fantastic. In families with tweens, betweens decide 60% of family car purchases and 40% of occasion locations. If you want to go hiking in Vermont for the summer holiday and your kid wants to go to Legoland, you might as well book the table because you’re not. You have one week in a can destroy it before you get out of the door. And if you’ve got a new car and the sunsets, Oh that new Ford is awesome and cool. He will push you until you buy it because okay, it’s gonna to probably using that (inaudible) anyway. Okay we’ll buy that one.

Carol Williams (39:59):

That one I’m going to push back on cause I’m a Honda all the way so he won’t be able to convince me otherwise on that one. But I see

Hans Laessoe (40:06):

I’m not going to bet you, but I am inclined to.

Carol Williams (40:11):

The last thing is for organizations that are struggling or just starting out with ERM, where would you recommend that they start?

Hans Laessoe (40:24):

Well, it’s easiest. Pick the easy fruit first. So, once you have figured out what do you want to achieve, what’s a benefit you are going to get if you don’t know that you lost. But once you have that, okay, where can I get the biggest bang for my buck? We want to have better decisions. Okay, where are we making a lot of decisions? Sales, not region planning. Can I invite myself into watching what these guys are doing, how they are working? Can I see how they’re working with uncertainties and I impact how they are working with uncertainties? Can I analyze my way into thinking that they’re working with rangers and scenarios, that’s fine, but the scenarios are way, way, way too narrow that your world is more diverse than what they are thinking they’re doing and that is why they’re missing it.

Hans Laessoe (41:14):

Start pushing like I think a small, it doesn’t have to be big process, just a small process. Create a small success and then another and another and then make it bigger success. Your coworkers, the middle management level will start hearing about it. Ask them to do so talk about what you’ve achieved with some of these things, how things have changed and then you go ahead. The ERM report is not the end goal. It’s not the result of all of your efforts. Better decision making is better performances. So go in that direction. Find if you want, if you need to work with an executive, you have a team of them. Is there anybody you have a to rapport with? Is there anybody you actually talk well with and you find easy to communicate to to whom you whom you can persuade is can actually benefit me. This can actually make my me do my job better. Okay, let’s figure out what does it take and help the guy push the guy, support the guy and he will start talking about it.

Carol Williams (42:17):

Yeah. I get that advocate on your side to be able to push…

Hans Laessoe (42:24):

There is no marketing better than group party advocacy.

Carol Williams (42:27):

Yeah, I totally agree. Um, so quick wins. That’s what I’m hearing. So find some quick wins. Even if there’s fresh…

Hans Laessoe (42:34):

Target first. So many people Forget that. Target first. What? How do you know you’ve been successful? And then the quick wins and build on the wins.

Carol Williams (42:47):

and find and find that cheerleader. Yes. Or two or three or four. However many,

Hans Laessoe (42:54):

they won’t be there. I mean they all want to succeed. They will never say that it was your exercise or your efforts that drove them to make the right decision. They were always just claim it or make the right decision. But if they have a discussion about a tricky decision, they will say, that guy actually quite helpful. You should start listening to them more. Try give him a call and see what he thinks about this because he has some good perspectives.

Carol Williams (43:23):

Yeah. He has some really interesting questions there in the conversation and got us thinking about things in a different light. Those are the kinds of comments that you’ll start hearing. Not, I really liked having ERM in the room. That’s not what they’re going to say.

Hans Laessoe (43:38):

It’s, I really want to have, ERM in the room is just like going to your bank and say, I really like a mortgage. No you don’t, you would like a house. You need the bloody mortgage to get the house, but you don’t need, you don’t want a mortgage.

Carol Williams (43:53):

Who wants to be in debt? I know I don’t. Well, Hans, thank you so much. This has been very enlightening and I have enjoyed our conversation. So I know we’re going to have some more topics we’ll talk about, but thank you very much for talking about us, about your experiences and, in those heads that you can give to other risk management professionals.

Hans Laessoe (44:16):

Okay. Thank you.

Featured image courtesy of Jonathan Velasquez via

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Receive Our Weekly Blog Updates

Meet Carol Williams, SDS Founder & Lead Strategist

To our readers:

This blog was launched to provide strategy and risk practitioners with a go-to resource to better guide their efforts within their companies. Thank you for bringing me and my team along to be part of your journey towards better risk management, strategic planning and execution, and overall decision-making. Happy reading!

Find more SDS Insights