Enterprise & Risk management

CHAPTER 6  Strategic Risk Management at the LEGO Group  Integrating Strategy and Risk Management

MARK L. FRIGO

Director, Strategic Risk Management Lab, and Ledger & Quill Distinguished Professor of Strategy and Leadership, DePaul University

HANS LÆSSØE

Senior Director of Strategic Risk Management, LEGO Group

How can organizations manage strategic risks in a volatile and fast-paced business environment? Many have started focusing their enterprise risk management (ERM) programs on the critical strategic risks that can make or break a company. This effort is being driven by requests from boards and other stakeholders and by the realization that a systematic approach is needed and that it's highly valuable to include strategic risk management in ERM and to integrate risk management within the fabric of an organization.

In this case1 we describe strategic risk management at the LEGO Group, which is based on an initiative started in late 2006 and led by Hans Læssøe, senior director of strategic risk management at LEGO System A/S. It's also part of the continuing work of the Strategic Risk Management Lab at DePaul University, which is identifying and developing leading practices in integrating risk management with strategy development and strategy execution. This descriptive case provides a great example of integrating risk management into the strategy development and strategy execution.

ABOUT THE LEGO GROUP

Headquartered in Billund, Denmark, the family owned LEGO Group has 12,500 employees worldwide and is the second-largest toy manufacturer in the world in terms of sales. Its portfolio, which focuses on LEGO bricks, includes 25 product lines sold in more than 130 countries. The name of the company is an abbreviation of the two Danish words leg godt that mean “play well.” The LEGO Group began in 1932 in Denmark, when Ole Kirk Kristiansen founded a small factory for making wooden toys. Fifteen years later, he discovered that plastic was the ideal material for toy production and bought the first injection molding machine in Denmark.

In 1949, the brick adventure started. Over the years, the LEGO Group perfected the brick, which is still the basis of the entire game and building system. Though there have been small adjustments in shape, color, and design from time to time, today's LEGO bricks still fit bricks from 1958. The 2,400 different LEGO brick shapes are produced in plants in Denmark, the Czech Republic, Hungary, and Mexico with the greatest of precision and subjected to constant controls. There are more than 900 million different ways of combining six eight-stud bricks of the same color.

THE LEGO GROUP STRATEGY

To understand strategic risk management at the LEGO Group, you need to understand the company's strategy. This is consistent with the first step in developing strategic risk management in an organization: to understand the business strategy and the related risks as described in the strategic risk assessment process.2

The LEGO Group's mission is “Inspire and develop the builders of tomorrow.” Its vision is “Inventing the future of play.” To help accomplish them, the company uses a growth strategy and an innovation strategy.

· Growth strategy. The LEGO Group has chosen a strategy that's based on a number of growth drivers. One is to increase its market share in the United States. Many Americans may think they buy a lot of LEGO products, but they buy only about a third of what Germans buy, for example. Thus there are potential growth opportunities in the U.S. market.

The LEGO Group also wants to increase market share in Eastern Europe, where the toy market is growing very rapidly. In addition, it wants to invest in emerging markets, but cautiously. The toy industry isn't the first one to move into new, emerging markets, so the LEGO Group will invest at appropriate levels and be ready for when those markets do move. It will also expand direct-to-consumer activities (sales through LEGO-owned retail stores), online sales, and online activities (such as online games for children).

· Innovation strategy. On the product side, the LEGO Group focuses on creating innovative new products from concepts developed under the title “Obviously LEGO, never seen before.” The company plans to come up with such concepts every two to three years. One of the latest examples is LEGO Games System, which consists of family board games (a new way of playing with LEGO bricks) with a LEGO attitude of changeability (obviously LEGO). The company also intends to expand LEGO Education, its division that works with schools and kindergartens. And it will develop its digital business as the difference between the physical world and the digital world becomes more and more blurred and less and less relevant for children.

Now let's look at the development of LEGO strategic risk management.

LEGO STRATEGIC RISK MANAGEMENT

The LEGO Group developed risk management in four steps (numbered in the order in which the steps were initiated) as shown in Exhibit 6.1:

· Step 1. Enterprise risk management was traditional ERM in which financial, operational, hazard, and other risks were later supplemented by explicit handling of strategic risks.

· Step 2. Monte Carlo simulations were added in 2008 to understand the financial performance volatility (which proved to be significant) and the drivers behind it to integrate risk management into the budgeting and reporting processes. During the past two years the use of Monte Carlo simulations was refined, as described later in this chapter.

Those two steps were seen mostly as damage control. To get ahead of the decision process and have risk awareness impact future decisions as well, LEGO risk management added:

· Step 3. Active risk and opportunity planning (AROP), where business projects go through a systematic risk and opportunity process as part of preparing the business case before final decisions about the projects are made.

· Step 4. Preparing for uncertainty, where management tries to ensure that long-term strategies are relevant for and resilient to future changes that may very well differ from those planned for. Scenarios help them envision a set of different yet plausible futures to test the strategy for resilience and relevance.

images

Exhibit 6.1  Four Elements of Risk Management at the LEGO Group

These last two steps were designed to move upstream—or get involved earlier in strategy development and the strategic planning and implementation process.

STRATEGIC RISK MANAGEMENT LAB COMMENTARY

This four-step approach is a good illustration of how organizations can develop their risk management capabilities and processes in incremental steps. It represents an example of how to evolve beyond traditional ERM and integrate risk management into the strategic decision making of an organization. This approach positions risk management as a value-creating element of the strategic decision-making process and the strategy-execution process.

In our research on high-performing companies, we've found that the LEGO Group, like those companies, achieves sustainable high performance and creates stakeholder value by consistently executing the strategic activities in the Return-Driven Strategy framework (for example, the focus on innovating its offerings toward changing customer needs) while co-creating value through its engagement platforms—that is, the online community, including its My LEGO Network, which engages more than 400 million people and helps its product development process; see Venkat Ramaswamy and Francis Gouillart, The Power of Co-Creation (Free Press 2010). Its strategic risk management processes incorporate distinct elements of co-creation by engaging its employees (internal stakeholders) throughout the strategic decision-making, planning, and execution processes, as well as engaging external stakeholders (suppliers, partners, customers). The LEGO Group's approach is a good example of how an organization can engage stakeholders in co-creating strategic risk/return management (see Mark L. Frigo and Venkat Ramaswamy, “Co-Creating Strategic Risk-Return Management,” Strategic Finance, May 2009).3

ENTERPRISE RISK MANAGEMENT (STEP 1)

The evolution of ERM toward strategic risk management is represented in Exhibit 6.2. Strategic risk was missing from the ERM portfolio until 2006.

images

Exhibit 6.2  The LEGO ERM Umbrella: Adding Strategic Risk

To fix this, based on his then 25 years of LEGO experience and a request from the CFO, Hans Læssøe started looking at strategic risk management. “I was a corporate strategic controller who had never heard the term until then,” he says. The company had embedded risk management in its processes. Operational risk—minor disruptions—was handled by planning and production. Employee health and safety was OHSAS 18001 certified. Hazards were managed through explicit insurance programs in close collaboration with the company's partners (insurance companies and brokers). Information technology (IT) security risk was a defined functional area. Financial risk covered currencies and energy hedging as well as credit risks. And legal was actively pursuing trademark violations as well as document and contract management. But strategic risks weren't handled explicitly or systematically, so the CFO charged Hans with ensuring they would be from then on. This became a full-time position in 2007, and Hans added one employee in 2009 and another in 2011.

STRATEGIC RISK MANAGEMENT LAB COMMENTARY

The 2006 situation is common. Even though strategic risks need to be integrated with risk management, many organizations don't explicitly assess and manage strategic risks within strategic decision-making processes and strategy execution. A recent study by the Corporate Executive Board found that strategic risks have the greatest negative impact on enterprise value: “strategic risk caused 68 percent of severe market capitalization declines.”4 But the LEGO Group's approach shows how strategic risk management can be a key to increasing the value of ERM within an organization. It also shows how executive leadership from the CFO played an important role in the evolution of ERM as a valuable management process. Finally, Hans came from the business side and had the attributes necessary to lead the initiative: broad knowledge of the business and its core strategies, strong relationships with directors and executive management, strong communication and facilitation skills, knowledge of the organization's risks, and broad acceptance and credibility across the organization. (For more, see Mark L. Frigo and Richard J. Anderson, Embracing ERM: Practical Approaches for Getting Started, at www.coso.org/guidance.htm, p. 4.)

Also, the risk owner concept at LEGO provides a good example of the importance of understanding who owns the risks as well as defining the role of risk management in the organization. The idea of “risk owners” was important to ensure action and accountability. Hans's charge was to develop strategic risk management and make sure the LEGO Group had processes and capabilities in place to do this. But as senior director of strategic risk management, Hans doesn't own the risk. He can't own the risk, because this essentially would mean he would own the strategy, and each line of business owns the pertinent strategic risks. Hans trains, leads, and drives line management to apply a systematic process to deal with risk. The mission of Hans's strategic risk management team is to “drive conscious choices.” This is just like budgeting functions: They don't earn the money or spend the money, but they support management to deliver on the budget or compare performance against the budget.

MONTE CARLO SIMULATION (STEP 2)

In 2008, Hans introduced Monte Carlo simulation into the process. A mathematician by education (MSc in engineering), he started defining how Monte Carlo simulation could be used in risk management. Now it's being used for three areas:

1. Budget simulation. The business controllers were asked for their input about volatility, which is combined with analyses based on past performance of budget accuracy. Managers said this helped them understand the financial volatility, so it was part of the financial and budget reporting in 2012. In fact, the first analyses directed top management's attention to a sales volatility that was known but that proved to be much more significant than everyone intuitively believed. During the past two years, this approach has been refined as described by Hans: “We actually stopped this. It was found that the volatility of the business is so significant that we have stopped budgeting altogether, as the process took a lot of effort—too little value as conditions changed. Today (2014) we use an estimate process where a small team of lead controllers defines a preliminary estimate for board of directors discussions. In March (each year) we do a detailed estimate on which we base KPIs, targets, bonus criteria, et cetera. Monthly, we then update the estimate, and hence our financial planning process is more dynamic … and we do not need the budget simulation anymore.”

2. Credit risk portfolio. The LEGO Group uses a similar approach to look at its credit risk portfolio so it can have a more professional conversation with a credit risk insurance partner.

3. Consolidation of risk exposure. You could multiply the probability and impact of each risk and add the whole thing up. Risk management isn't about averages (if it were, no one would take out an insurance policy on anything). With a Monte Carlo simulation, the LEGO Group can calculate the 3 percent worst-case loss compared to budget and use that to define risk appetite and risk report exposure vis-à-vis this risk appetite, as shown in Exhibit 6.3.

images

Exhibit 6.3  Monte Carlo Simulations and Risk Appetite at the LEGO Group

RISK TOLERANCE

As a privately held company, the LEGO Group can't look at stock values, so it looks at the amount of earnings the company is likely to lose compared to budget if the worst-case combined scenarios happen. Not all risks will materialize in any one year, because some of them are mutually exclusive; but a huge number may happen in any one year, as we have seen during the global financial crisis. Hans computes a net earnings at risk (EaR), and corporate management and later the board of directors use that net earnings at risk to define their risk tolerance. They have said that the 3 percent worst-case loss may not exceed a certain percentage of the planned earnings (the percentage is not 100). That guides management toward understanding and sizing the risk exposure. This process has helped the LEGO Group take more risks and be more aggressive than it otherwise would have dared to be, and to grow faster than it otherwise could have done.

STRATEGIC RISK MANAGEMENT LAB COMMENTARY

Risk tolerance is a difficult area for organizations to address. The approach used at the LEGO Group provides a good example of deriving risk tolerance (the term LEGO uses rather than risk appetite) in an actionable and systematic way. It also shows an approach that fosters intelligent risk taking and that avoids being too risk averse while maintaining discipline on the amount of risk undertaken. Hans has actually had cases where he recommended taking on more risks to meet elusive targets. He uses an analogy to communicate the idea of taking risks and not being too risk averse: “I used the (very normal) traffic picture … ‘Guys, you are getting late for the party, yet you are still cruising at 40 mph on the highway. Why not speed up to the 70 mph you are allowed to drive—if that will more likely take you to the party in time?’”

What we've discussed so far is more or less damage control because it's about managing risks already taken by approving strategies and initiating business projects. Hans decided he wanted to move beyond damage control and be more proactive so he could create real value as a risk manager. He came up with a process he calls active risk and opportunity planning (AROP) for business projects.

AROP: ACTIVE RISK ASSESSMENT OF BUSINESS PROJECTS (STEP 3)

When the LEGO organization implements business projects of a defined minimum size or level of complexity, it's mandatory that the business case includes an explicit definition and method of handling both risks and opportunities. Hans says that the LEGO Group has created a supporting tool (a spreadsheet) with which to do this, and it differs from the former approach to project risk management in several areas. Hans has the following to say on each:

· Identification, “where we call upon more stakeholders, look at opportunities as well as risks, and look at risks both to the project and from the project (i.e., potential project impact on the entire business system).”

· Assessment, “where we define explicit scales and agree what ‘high’ means to avoid different people agreeing on an impact being high without having a shared understanding of the exposure.”

· Handling, “where we systematically assign risk owners to ensure action and accountability and include the use of early warning indicators, where these are relevant.”

· Reassessment, “where we explicitly define the net risk exposure to ensure that we have an exposure we know we can accept, the reason being that we have seen people ignore this step, and hence do too much or too little to a particular risk; here, we ask them to deliberately address whether or not they can and will accept the residual risk—and know what it is they accept. From time to time we see the individual risks being accepted, but then, when we do the Monte Carlo simulation on the project (yes, we use it here as well), we see that the likelihood of meeting the target is still too low—and more risk mitigation or opportunity pursuit is called for and included in the project.”

· Follow-up, “where we keep the risk portfolio of the project updated for gate and milestone sessions.”

· Reporting, “which is done automatically and fully standardized based on the data.”

COMMON LANGUAGE AND COMMON FRAMEWORK

The most important point is that the people who address and work with risks get a systematic approach so they can use the same approach from Project A for Project B. The one element that project managers really like is having the data in a database. They don't receive just a spreadsheet model. Data are entered into the spreadsheet as a database, and all the required reporting on risk management is collected from that data, so project managers don't have to develop a report—they can just cut and paste from one of the three reporting sheets that are embedded in the tool. All the reports are standardized. That's good for the project managers, but it's also good for the people on the steering committees because they now receive a standardized report on risks. They don't have a change between layouts of probability/impact risk maps or somebody comes up with severity or whatever from project to project. Everyone has the same kind of formula, the same way of doing it.

STRATEGIC RISK MANAGEMENT LAB COMMENTARY

The AROP process is a great example of integrating risk assessment in terms of upside and downside risks in the strategic decision-making process. This balanced approach to strategic risk management allows organizations to create more stakeholder value while intelligently managing risk.

PREPARING FOR UNCERTAINTY: DEFINING AND TESTING STRATEGIES (STEP 4)

To get further ahead in the decision process, the LEGO Group has added a systematic approach to defining and testing strategies. As Hans notes, “We are going one step further upstream in the decision process with what we call ‘Prepare for Uncertainty.’ This is a strategy process, and we're looking at the trends of the world. The industry is moving; the world is moving quite rapidly. I just saw a presentation that indicated that the changes the world will see between 2010 and 2020 will be somewhere between 10 and 80 times the changes the world saw in the twentieth century, compressed into a decade.”

He offers the following story to illustrate the forces of change the company is facing: “My seven-year-old granddaughter came to me and asked, ‘Granddad, why do you have a wire on your phone?’ She didn't understand that. She'd never seen a wire on a phone before. We need to address that level of change and do it proactively.”

FOUR STRATEGIC SCENARIOS

A group of insightful staff people (Hans and a few from the Consumer Insight function) defined a set of four strategic scenarios based on the well-documented megatrends defined by the World Economic Forum in 2008 for the Davos meetings. Hans commented:

“We presented and discussed these with senior management in 2009, prior to their definition of 2015 strategies, to support that they would look at the potential world of 2015 when defining strategies and not just extrapolate present-day conditions.

“Having done that, we then prepared to revisit each key strategy vis-à-vis all four scenarios to identify issues (i.e., risks and opportunities) for that particular strategy if the world looks like this particular scenario.

“This list of issues is then addressed via a PAPA model whereby a strategic response is defined and embedded in the strategy.

“This way, we believe that we have reasonably ensured our strategies will be relevant if/when the world changes in other ways than we originally planned for.”

During the past two years, LEGO refined the process and used it actively, the reason being that the original scenarios did in fact not lead to much explicit action. Today a scenario session is a five-hour workshop where participants focus on one particular strategy (e.g., market entry in China). The workshop is with the management team that owns the strategy and its implementation.

· The first hour they discuss and agree on two key drivers of uncertainty to their strategy (the axes of the 2 × 2 scenarios). Hans's team comes with a battery of potential drivers—and they (after some discussion) end up with two—leading to four quadrants of a 2 × 2 matrix.

· The next two hours the team describes the four quadrants one at a time. First, they individually use Post-it notes to write down descriptive elements or key success factors for the scenario (the Post-it session is to avoid groupthink). Then they share their descriptions and discuss their way into a reasonably consistent image of that scenario, before they move on to the next.

· The fourth hour is used to define strategic issues—again Post-it notes and sharing. Here they are diligently coached to be aware that any issue may be an opportunity (if they choose to pursue this in time). If they do not pursue this, it may become a risk, and if they still don't do anything and the risk materializes, it becomes a problem. The sharing process includes a prioritization discussion in LEGO's PAPA model (see later in this chapter).

· The last hour focuses first and foremost on actions to be taken. The team discusses and agrees on explicitly “who is doing what by when” to ensure action on the issues that the team members have themselves decided are important, likely, and fast moving.

The role of Hans's team is to coach the process, including asking provocative questions and ensuring that team members get out of their comfort zone (where the real world is). The process is mandatory for business planning and strategy definition, and in 2013 Hans's team was involved with doing 25 of these workshop sessions as the company business plans were to be updated. Subsequently it was documented that 75 percent of these business plans had taken on explicit actions on issues they had not seen prior to the session—hence the value.

Hans explains, “Once we have decided on the strategy and defined what we're going to do, we test the strategy for resilience. We very simply take that particular strategy and, together with the strategy owner, discuss: If this scenario happens, what will happen to the strategy? Some of these issues will be highly probable, and some of them will be less probable. Some of them will happen very fast; some others will happen very slowly. This is where the PAPA model comes in.”

THE PAPA MODEL

When looking at the issues inspired by the scenarios, the LEGO Group uses what it calls a Park, Adapt, Prepare, Act (PAPA) model, as shown in Exhibit 6.4. Hans explains:

· Park: “The slow things that have a low probability of happening, we park. We do not forget about them.”

· Adapt: “The slow things that we know will happen or are highly likely to happen, we adapt to those trends. In our case, this is a lot around demographics. We know children's play is changing, we know demographics are changing, and we know the buying power between the different realms or the different parts of the world is changing. Although we know children's play is changing, we also know it does not happen fast. So we adjust, systematically monitoring what direction it's moving in and following that trend.”

· Prepare: “The things that have a low probability of happening, but, if they do, they materialize fast, we need to be prepared for this. In fact, this is where we identify most of the risks that we need to put into our ERM risk database, make sure that we have contingency plans for them, and apply early warnings and whatever mitigation we can put in place to make sure that we can cover these should they materialize, but they are not expected to.”

· Act: “Finally, we have the high-probability and fast-moving things that we need to act on now in order to make sure the strategy will be relevant. In our case, anything that has to do with the concept of connectivity (i.e., mobile phones, Internet, that world)—if we can see it, we move on it. We know that it is changing so fast, and it's changing the way kids play. It's changing their concepts and their view of the world.”

images

Exhibit 6.4  LEGO's PAPA Model

Hans concludes, “This way, we have a kind of model of what we do, because we shouldn't, of course, be betting on every horse in the race. That's not profitable, and it isn't even doable.”

STRATEGIC RISK MANAGEMENT LAB COMMENTARY

One of the challenges of risk management is to find ways to prioritize risks that make business sense. The PAPA model provides a good example of a framework that can prioritize risks and set the stage for the appropriate actions. Our research on high-performance companies (see Mark L. Frigo, “Return Driven: Lessons from High Performance Companies,” and the book Driven: Business Strategy, Human Actions, and the Creation of Wealth by Mark L. Frigo and Joel Litman) found that companies that demonstrate sustainable high performance exhibit a “vigilance to forces of change” that allows them to manage the threats and opportunities in the uncertainties and changes better than other companies do.5 The approach used at LEGO is a great example of embedding this vigilance to forces of change in its strategy development and strategy execution processes. The scenario analysis approach used at LEGO provides an engagement platform for engaging stakeholders in the risk management process.6

STATEGIC RISK MANAGEMENT RETURN ON INVESTMENT

A great deal has happened in the LEGO Group's approach to risk management based on strong support from top management (always needed to develop processes and methodologies) and a strong focus. They have demonstrated value from the efforts they've made. They also have explicitly embedded risk management in most of the key planning processes used to run the company:

· The Strategic Scenarios used in business planning

· The LEGO Development Process—includes Monte Carlo simulation of overall project risk/opportunity exposure

· The Customer Business Planning Process—AROP in collaboration

· The Sales and Operations Planning Process—tactical scenarios

· The Performance Management Process—bonuses based on results, not efforts

“All of this has worked,” Hans says. “Based on actual data, we have had a 20 percent average growth from the period between 2006 and 2010 in a market that barely grows 2 percent and 3 percent a year. It has continued so 2006 to 2012 has a cumulative annual growth rate of 20 percent, leading to a tripling of the size of the company based on official public data. Beyond that, our profitability has developed quite significantly as well. We've grown from a 17 percent return on sales in 2006 to 34 percent return on sales in 2012. And it goes beyond that. If you go back a couple more years, in 2004 we were in dire straits and had a negative return on sales of 15 percent. We changed a number of strategies.

“Risk management is not the driver of these changes,” Hans continues. “I'm not even sure it's a big part. But it's one part. It's a part that has allowed us to take bigger risks and make bigger investments than we otherwise would have seen. The Monte Carlo simulation has shown us what the uncertainty is and was a key element of changing the financial planning process to a more dynamic estimation approach. The risk tolerance has shown us how much risk we are prepared to take, between the board of directors and the corporate management team. This has meant that we have been prepared to make bigger supply chain investments than we otherwise would have done and have been able to achieve bigger growth than we ever imagined we could have.”

STRATEGIC RISK MANAGEMENT LAB COMMENTARY

The development of strategic risk management at the LEGO Group provides a great example of how organizations can develop their ERM programs to incorporate strategic risk and make strategic risk management a discipline and core competency within. One of the key elements was integration. During discussions with LEGO management, when Hans was asked about the ongoing development of risk management at the LEGO Group, he replied that it was “naturally integrated.” It is this integration of risk management in strategy and strategy execution, and the integration of strategy in risk management, that can elevate the value of ERM in an organization.

CONCLUSION

We want to emphasize that risk management is not about risk aversion. If, or rather when, you want or need to take bigger chances than your competitors—and get away with it (succeed)—you need to be better prepared. The fastest race cars in the world have the best brakes and the best steering to enable them to be driven faster, not slower. Risk management should enable organizations to take the risks necessary to grow and create value. To quote racing legend Mario Andretti: “If everything's under control, you're going too slow.” The approach and philosophy described in this case are reflected in the mission of the strategic risk management team at the LEGO Group to “drive conscious choices.”

QUESTIONS

1. What are the advantages of integrating ERM with strategy and strategy execution as described in this case?

2. How does scenario analysis as described in this case help an organization to prepare for uncertainties?

3. What are the advantages of using the PAPA model to categorize risks?

4. How would you describe the “Strategic Risk Management Return on Investment” at LEGO?

5. The mission of the strategic risk management team is to “Drive conscious choice.” How does the Active Risk and Opportunity Planning (AROP) element of strategic risk management at LEGO help to drive conscious choice?

NOTES

1 This chapter was adapted from Mark L. Frigo and Hans Læssøe,"Strategic Risk Management at the LEGO Group," Strategic Finance (February 2012) with the permission of Strategic Finance and the Institute of Management Accountants. An earlier version of this case was presented at the Risk and Insurance Management Society (RIMS) Conference, where Mark and Hans serve as members of the RIMS Strategic Risk Management Development Council.2 M. L. Frigo and R. J. Anderson, “Strategic Risk Assessment: A First Step for Improving Governance and Risk Management,” Strategic Finance 12 (2009), 25–35.3 Also see Hans Læssøe, Venkat Ramaswamy, and Mark L. Frigo,"Strategic Risk Management in the Co-Creative Enterprise," Working Paper, Strategic Risk Management Lab, DePaul University, 2014.4 See “Using ERM to Improve Strategic Decisions,” CEB Risk Management Leadership Council, Corporate Executive Board, 2013.5 Also see Mark L. Frigo, Driven Strategy: Creating and Sustaining Superior Performance (Palo Alto, CA: Stanford University Press, forthcoming 2015).6 A. Mikes and D. Hamel, “The LEGO Group: Envisioning Risks in Asia,” Harvard Business School Case 113-054, November 2012.

REFERENCES

1. Frigo, M. L. 2008. “Return Driven: Lessons from High Performance Companies.” Strategic Finance 7, 24–30.

2. Frigo, Mark L. 2015. Driven Strategy: Creating and Sustaining Superior Performance. Palo Alto, CA: Stanford University Press, forthcoming.

3. Frigo, M. L., and R. J. Anderson. 2009. “Strategic Risk Assessment: A First Step for Improving Governance and Risk Management.” Strategic Finance 12, 25–35.

4. Frigo, M. L., and R. J. Anderson. 2011. “Embracing ERM: Practical Approaches for Getting Started.” Committee of Sponsoring Organizations of the Treadway Commission (COSO). www.coso.org/guidance.htm.

5. Frigo, Mark L., and Mark Beasley. 2010. “ERM and Its Role in Strategic Planning and Strategy Execution.” In John Fraser and Betty J. Simkins, eds. Enterprise Risk Management. Hoboken, NJ: John Wiley & Sons.

6. Frigo, Mark L., and Hans Læssøe. 2012. “Strategic Risk Management at the LEGO Group.” Strategic Finance 2, 27–35.

7. Frigo, Mark L., and Joel Litman. 2007. Driven: Business Strategy, Human Actions, and the Creation of Wealth. Chicago: Strategy & Execution, LLC.

8. Frigo, M. L., and V. Ramaswamy. 2009. “Co-Creating Strategic Risk-Return Management.” Strategic Finance 5, 25–33.

9. Læssøe, Hans, Venkat Ramaswamy, and Mark L. Frigo. 2014. “Strategic Risk Management in the Co-Creative Enterprise.” Working Paper, Strategic Risk Management Lab, DePaul University.

10. Mikes, A., and D. Hamel. 2012. “The LEGO Group: Envisioning Risks in Asia.” Harvard Business School Case 113-054, November.

11. Ramaswamy, V., and F. Gouillart. 2010. The Power of Co-Creation. New York: Free Press.

12. Ramaswamy, V., and K. Ozcan. 2014. The Co-Creation Paradigm. Palo Alto, CA: Stanford University Press, forthcoming.