Having read you white paper on "aligning risk appetite and exposure", I see a lot of value in this - possibly because a lot of it is rather closely linked to what we are currently implementing. A few more detailed comments:

It is stated in the introduction, that the financial crisis was caused by a lack of processes , technology etc. Alas, I am getting increasingly ascertained that it was a mere matter of "neglect". As long as everything looked well - no-one listed to the boy who "cried wolf", and it is commonly known, that the biggest risk of any organization is the incident, where someone makes management aware of the second biggest risk, and gets ignored (multiple whistleblowers faced that, some got laid off on that exact note).

To me/us, risk appetite comes in multiple parts. There is one definition on the portfolio of risks we are undertaking as a company. This is based on combining what you call key risks (we call them priority 1 risks), and an Earnings @ Risk value which we define as the 5% worst case loss of expected earnings. On single project base, this is currently being drafted, but is expected to be based on "limiting" the 5% worst case outcome of the project/strategy.

I very much agree with the prospects of getting stronger in times of crisis. You win "Tour de France" when you outpace your components going up-hill (not down-hill). If and when you can do that, you essentially create your own "blue ocean", and can grow and profit from this until the competition catches up. At the LEGO Group, we had teh "good fortune" to have our crisis before eveyone else (2003/2004) - and are showing strong performance these days.

On the risk assessment, we are also looking at likelyhood and impact - but we are also begiing to take a close look at "speed". Some risks will impact the company gradually (e.g. changes of consumer preferences), and we have one set of mitigating strategies, that can deal with this as it "emerges". Others happens "suddenly" (e.g. loss of a major customer or a product safety issue), and here we need to have mitigating strategies and action plans well prepared and possibly rehearsed, in order to work "in time" to truly limit the impact of the risk materializing.

On the issue of risk & reward - one may see, that we in several instances do not take the risks we "may" according to our risk appetite. Hence we may wish to pursue our strategy even more aggressively - or we may simply "lean back", and agree, that "we are happy with the development we are making, and happy this is a safe journey". E.g. my car safely drives 100 MpH on a highway, but that doesn't mean, that I have to do that every time I drive - I prefer most often to start driving earlier to ensure a even safer drive at 60 MpH. Corporate Management teams may choose to do the same with the overall development and growth of the company.

Again, I find your white-paper interesting and inspiring, and hope you can use my comments.

Thank You

Best regards
Hans Læssøe
Strategic Risk Manager
The LEGO Group

The comment posted by Mr Hans Laessoe makes a number of interesting points and thank you for taking the time to add them.

Your point about neglect - a strong word to use in this context but having heard comments about organizations/management teams that decided to take a certain set of actions, even when "the risk dashboard was flashing red" one wonders if the highly technical reasons given for the current financial crisis mask the real problem.

I think your point about ‘speed’ is a very interesting one and strangely enough it is one that we have been looking at and talking with clients more about recently. Understand the velocity of risk adds to the level of insight management teams have about their business, and also we believe positions that team to more effectively exploit opportunities and manage threats …. Isn’t that what this is all about?

Thanks you once again for your comments and your "Tour de France" analogy!

Andrew Smart
Managing Director/Consultant
Manigent