A day in the life of: a Senior Director, Strategic Risk Management
Hans Læssøe, IRM Technical Specialist
Senior Director, Strategic Risk Management
How did you get your job?
I was a Corporate Strategic Controller in 2006 (with 25 years of broad LEGO Group experience), when one of our executives came down and said “Hans, we need some strategic risk management, don’t you think”. I had no idea whatsoever, what he was talking about – I had never heard the term before, but from the words, it sounded reasonable enough. He then asked me to see, if I could find a simple way to do this well – I could spend a day a week, and if I needed more, I should just give him a call.
As such, I started reading, talking to our head of insurance and others, I could think of – to figure out, what this was all about. After a while, I got some idea and designed some kind of process – which I was ready to initiate later in 2006. We had an identification workshop with specialists (generalists are brilliant … generalists, they will never look for specific risks – but accept “reputation” as a risk). Then I was hinted to/found a way to get the assessments done as a first draft – and had a first risk register in a spreadsheet.
In the summer of 2007 if was found no longer to be a project, but a position, which I was asked to take … and from there we developed over these past nine years into what we have today.
What’s a typical day like as a Senior Risk Director in LEGO?
I do have some managerial/administrative and like e-mails etc. to get through – but then, I use my open eyes to look at which strategic risks may emerge … like
· Brexit and a potential weakening/collapse of the Euro/EU, including a Daxit (Denmark leaving after UK has done so)
· Potential changes in the competitive landscape
· What happened with our metric “X” declining
And evaluating whether these are strategic LEGO Group risks, and with whom I will have that verified.
At some point in time of the year (late 2nd and 4th quarter), I will be systematically asking for updates and validations of the Enterprise Risks we have – to be ready for the upcoming reporting.
Then I would be facilitating the risk and opportunity identification brainstorm of a new project, spar with risk owners on assessments and handling and/or follow-up with the project manager on the risk management of a running project.
What do you enjoy most about your job?
I love the bandwidth. I can do a product launch related thing in the morning and address a new factory building project in the afternoon – the next day I look at an I project, and subsequently discuss the LEGO Group exposure to a change of legislation. I get to use my long (now 34 year) experience almost everywhere in the company – from strategy to details.
What are the challenges?
In a company that performs extremely well, and has done so for more than a decade (we have grown a factor of 5) – it can be hard to have managers take risks seriously as even major mishaps (and we have had these) can be buried in a splendid sales and profit performance. No-one is truly measured on reducing their exposure, and growing as fast as we are, everybody is busy doing something else.
What would you say to others thinking about joining IRM as a member?
I recommend joining IRM as it provides a solid base for education, knowledge sharing and development – which enables you to grow in your role – much faster than you could do without this “backing”.
How has your role developed and what are your career ambitions? Has being linked to the IRM helped?
From the early start, my focus was the ERM, i.e. collecting data on, and reporting on risks, we already had taken upon ourselves by having the strategies we have in the market we are in, with the business system we have. I knew early on, this was too narrow for my taste. I was fortunately allowed to move upstream in the decision process, and are now using most of my time driving proactive risk and opportunity management on projects. Beyond that – I have established a scenario based challenge session for strategy development, which we also deploy when we adjust strategies or make very long projects.
My ambition is to get the concept of risk management so naturally embedded in management, that it essentially “disappears”. When you management something, you always focus on the uncertainties … and I firmly believe manoeuvrability will be a key level fo strategic advantage in an ever faster changing world. This may not be risk management as such, but it is applying all the tools of the risk management trade to deliver on this.
IRM help in terms of insights, inspiration and ideas to how others do elements of risk management. The concept is, when we move beyond operational, insurance, still rather new – and that means that a lot of organisations are in the forefront on something and lacking on others. This means that everybody can learn something from everybody. The network of IRM is a part of this.
My top hints to people moving into this sphere are:
· It is a business discipline, so know the business – preferably to the extent just a bit better than the generalists leading the business. Combine the breadth of talking to leaders with the depth of talking to specialists – i.e. stay curious
· Keep it simple. The people you talk to have plenty other issues in their heads, so simplicity can help you get some attention – and if it takes you 10 minutes to explain what you want to talk about, you have probably lost them already. I look at risk management as asking/addressing three questions – focusing on the endeavour of the person you talk to. So “Sir, with this initiative” …
o What can happen? – This can be good (opportunities) or bad (risks), and try to get people look holistically at this question
o How important is it? – This is impact and likelihood which are interlinked (complicating things). Again – try to get the almost extremes as they happen more often than we expect.
o What do you do about it? – this is tricky, because now you ask for resources, but it covers e.g. early warnings, mitigations of risks/pursuit of opportunities
· Be the driving supporter, you cannot own the risk (as you then get to own the strategy). We have stated it in the way that the mission of my team is to “drive conscious choices”. The actual choice is and must be that of the line of business – but ensuring they are aware of the risks they take, and push/pull/drive that they manage these risks will be your success.