Putting the fun back into risk

My career at LEGO Group has given me some insight into the direction in which the world is moving and the role of risk management within that. 

Thirty years ago it was all about ‘dominate or die’. If you weren’t the biggest in your industry you needed to bail out because you knew you would need to comply with the rules set by those who were the biggest. Then it became about cost control and outsourcing. But you cannot build a strategic advantage based on outsourcing anymore.

Strategic risk management has become a matter of survival of the fittest. Risk managers need to team up with business leaders they see as champions. And then support those leaders so that they are more successful than their peers. Success breeds success, and just like Darwinism, survival and prosperity will come to the businesses that are most manoeuvrable.

I am a strong believer that the new phase of strategic leverage over the next decade will be all about manoeuvrability. And it will be the risk management tools and information that enable organisations to achieve this.

If you really want to make an impact you need to talk to the people who are making the decisions. You need to get into their minds and discuss risks them when they are making decisions. You need to understand the strategic issues your company is facing.

A rapidly changing world
I believe the next generation of risk managers – the millennials and post-millennials - will inject a bit more fun into the profession, and that is a function of how the world is changing.

It no longer costs millions of dollars to create a new billion-dollar product. You have teenagers making apps in their bedrooms and thinking about the world in a totally different way than was the case in the past.

Take the process of auditing a company. The Millennial generation will probably make that into a software game that is fun to do. I think a lot of jobs will move in that direction. The world has always been changing at a relative speed, however the absolute speed has increased (and will continue to do so).

The 4^th Industrial Revolution means that everything that can be standardised will be automated in the future. AI will be able to fathom a lot more details, facts and make precise decisions step-by-step – not in four steps but in 4,000 steps extremely rapidly, by being much more agile than any human being.

Consider Jack Ma’s [Alibaba chief executive] contention that the best CEOs will be robots in 30 years time. Four-year-olds today are using Google and will be processing more insight than any of us can ever fathom. When I did my Masters degree in 1981 I spent four months data-searching. I could probably now find the same amount of data on an app in hours.

The ability to master this agility and combine it with creativity – which you can’t teach computers – will be the way to move ahead.

Beyond a tick-box exercise
As a profession, we need to recognise that risk as a straightforward compliance exercise does not guarantee the future prosperity. 

Nokia and Kodak had strong risk management functions, but both of them failed because they missed the boat strategically. As the world changes and we see more and more disruptions, individual companies need to understand that. Strategic risk is not something you can simply feed into a mathematical formula. You have to have business acumen to succeed.

Rather than reporting into compliance boards as is the case in a lot of organisations, risk professionals need to strive for more influence at a senior level. In the US, it was the accounting scandals of the 1990s and regulation that following – in particular Sarbannes Oxley – that pushed risk into becoming too much of a tick-box exercise.

Companies have come to believe that if they are SOX-compliant then they are risk managed, but they are not. Yes it is understandable that risk management functions need to document they are safeguarding the risks the company has, but that’s not what is on to the board agenda.

The board is thinking strategically. It is asking: Should we move into this region or this industry? Should we come up with a new product group or merge with this company? Risk has to be a part of that discussion.

It is just like finance. No business manager would make a decision without considering what the costs and benefits are. In just the same way, the board should be discussing what the company is pursuing, what are the risks are and what they are going to do about it.

The problem with risk management being too tightly bound to compliance is the negative misconception that risk is about avoidance, rather than taking action. Taking informed risks is what will ensure survival in a world of disruption. Standing still is not an option.

You cannot comply yourself out of strategic risk, because it is not unethical to make a stupid decision. And if you make a decision without knowing what the risks are, it is not just stupid, it’s irresponsible. You can make poor decisions, but then again, why should you?