Risk 360

Case Study: Using Lego To Implement Enterprise Risk Management

The risk management team in the Benelux region at the German life sciences multinational, Bayer, has spent the last year devising and piloting a new technique for risk assessments using a surprising product usually associated with children’s toys. The team has been using the LEGO® SERIOUS PLAY® (LSP) approach, which applies bricks specially developed by the Lego Company for the business environment. The team believes it is among the first risk managers to use the LSP method in risk assessments. The function wanted to move away from traditional ways of identifying and analysing risk where information collated during the exercise is typically only provided by a minority of the participants. David Lannoy, risk and process manager in the Benelux, says that the old style of risk assessments usually entailed 20% of the participants delivering 80% of the comments on risk. Lannoy and Helene Peters, head of risk and process management in the Benelux, say LSP now ensures that 100% of participants in its risk assessments contribute from their perspectives.

Source: IRM’s Enterprise Risk Magazine, Summer, 2018

  1. Methodology: Lannoy and Peters put the rise in participation down to LSP’s methodology. It comprises three steps: building an individual model that represents an employee’s contribution to the organisation’s objectives; joining that same Lego model to other models to create the overall business environment, a ‘shared model’; and identifying the factors, ‘agents’, that could impact on the business model. If that sounds daunting, participants in the project team are asked to play with the blocks to build a simple model. This puts everyone at their ease and ensures people feel comfortable building with Lego bricks. Lannoy, who is visiting the IRM’s London offices with Peters, presents me and Peters with some blocks. We both receive the instruction to building ducks and while both finished models look vaguely like ducks, they have been constructed differently. Lannoy says that the demonstration illustrates an important point – the individual contribution each team member brings to the process; the same instructions were interpreted and worked out differently, made visible through the ‘ducks’. The next task participants are asked to carry out is to construct a more sophisticated model, such as creating their ideal holiday location from bricks. This helps develop confidence and sophistication with the blocks.
  2. Assessment: Once the team is satisfied with their Lego building techniques, it’s time to move on to the risk assessment. This starts with each member being asked to build a model representing how their work activities contribute to the objectives of the company, their division or their department. At the moment, Lannoy and Peters are focusing on the short-term objectives – spanning one to two years – in their exercises, though they hope eventually to build a construct around longer-term objectives. Once these models are built, each member presents it to the rest of the team and explains how it contributes to the company’s objectives. As well as having the added value of performing a team-building exercise, members become aware of each other’s perspectives and the way their roles contribute to the team’s overall performance. “Yes, it’s experienced as a teambuilding exercise but you are performing a risk assessment exercise throughout the whole day,” Lannoy says. “You learn a lot about people around the table, how they perceive their job and their work environment.” These perspectives are often missing from more traditional approaches. In addition, participants perform the Lego building exercises with a very positive frame of mind, focusing on what each of them does to make the organisation’s objectives happen.
  3. Questioning: While explaining their models to the team, other members of the group are encouraged to ask questions. For a sales function model, for example, the questions could revolve around what is driving the model: the quality of the product, or the customer relationship. Such questions and the chance to reflect on the answers are critical to the success of the exercise, says Lannoy. The team does not move to the next stage of the process until it is clear they all understand and accept the results, which underlines the fact that the full engagement of the whole team is key to the approach’s success. The second phase of the risk assessment requires the team to work together to build a single shared Lego model by linking their creations together. The aim is to create a physical summary of the team’s activities and objectives. Peters emphasises that by joining the individual parts together, the team presents a common, shared model where everyone in the project team feels represented and aligned on the objectives. It also captures all the key drivers of the business activities at the same time. In this shared view, key business drivers, such as customer focus, product quality or compliance, become clear. When the model is finished, each team member is asked to inspect it, reflect on whether everyone is represented and consider if it adequately explains the business model. Changes can be made with the agreement of each team member in a very hands-on experience. Peters says that the process is extremely valuable when the team is comprised of different staff functions who are less aware of each other’s contributions to the business’s operations or even have differing priorities; it creates a common ground and understanding, also for each other.
  4. Identifying risks: The third phase of the process is to ask the team to identify the risks and opportunities in the business environment. However, Peters and Lannoy are careful not to use the terms’ risks and opportunities in their sessions but to call them agents, according to the LSP methodology, or factors. This ensures that the process is kept neutral with no positive or negative connotations interfering with the creative process at this stage. When the team has identified the factors that affect their work they are asked to position them around the shared model depending on their frequency and potential impact on the business environment. Agents that occur frequently are placed near the Lego business model. Factors occurring infrequently are placed further away. As a final step, the team flags all the agents that according to them have a negative or potential positive impact on the business environment by applying red or green flags. Peters and Lannoy agree from their experiences with LSP that this part of the process is particularly successful at identifying business opportunities, which the traditional risk assessment methods often fail to do. This, they say, is also true for risks, with the LSP team builders identifying new risks of which they were previously unaware. A further advantage is an ease with which risk managers can prioritise the risks and opportunities simply by examining where the team has placed the factors on the business model landscape.
  5. Creating relationships: So why have Peters and Lannoy taken a big leap of faith and asked colleagues working in the traditional roles of life sciences, legal and finance functions to spend a full day working with Lego bricks? Apart from the advantages already mentioned, they say Bayer actively encourages innovation in all spheres of the work. They say the activity brings out consensus-based decision-making and reinforces ownership of the business activities, risks and opportunities. There’s also another factor – the move away from risk management being perceived as a controlling function and towards being considered a business partner or “coach”. Lannoy says, “There’s a trend in the profession with people not wanting to see the risk manager as a controller. They want to perceive the added value in the contribution and by doing this type of exercise, we create that relationship with the business”. Peters and Lannoy were provided with the trust and resources from Bayer Benelux to devise the programme and pilot the first exercise last year. The initial project team to take part was a rather critical but open-minded group from the pharma division. Surprisingly, it has become their best promoter within the rest of the company. “They were positively surprised about the entire workshop and the outcome of the day,” Peters says. “Throughout the whole day, the risk wasn’t mentioned once, as it can be intimidating, but we still identified risks and opportunities related to their business objectives.” Lannoy posted his experience with the pilot project on his LinkedIn site and was surprised to see what a stir it caused. As well as the praise for using such an innovative method, there was equal criticism. Lannoy says he was at pains to point out that the method is only for risk and opportunity identification and prioritisation. An evaluation of the risks and opportunities will still need to be done through an investigation of the impacts following research. This concluding bit is still part of the traditional risk assessment processes.
  6. Improvements: So how can the programme be improved? Peters and Lannoy say getting a project team to commit to a whole day for the exercise is still a sticking point. But the pilot project was so successful that curiosity about the exercise has become infectious. They also say that the beauty of the method is its flexibility, which allows them to adjust their service to the participating project team’s requirements. This serves to ensure the team feel they are actively choosing to sign up for a day’s risk assessment with LSP rather than having it imposed on them. Further ahead, Peters and Lannoy are looking to adapt the programme to consider longer-term risks and opportunities. At present, it only focuses on the narrower range of one to two years. The ability to use this model for strategic risks and opportunities is very attractive. “Bayer has created an ecosystem where colleagues can learn from each other,” says Peters. “We can cross-fertilise our risk management process and see where else it can benefit the company.

This article was originally featured in IRM’s Enterprise Risk Magazine. Get the latest print edition today (India only)


You may also like

Leave a reply

Your email address will not be published. Required fields are marked *

More in Risk 360