The blind spots that leave organizations exposed to risk

In the 1990s, LEGO appeared strong by any measure. Creativity defined the LEGO brand and demand for its iconic “brick system” was steady.

The company sought to expand, branching into IP-licensed toys, watches, clothing, books, and a chain of amusement parks. Product lines became more specialized and increasingly built around themes rather than a shared system of parts.

What received less attention was how far these choices pulled LEGO away from the discipline that had made it work. The brick system succeeded because it was modular, predictable, and scalable. As the portfolio expanded, those qualities became harder to maintain.

“When companies change direction, they tend to focus on what they’re gaining,” says Fenton Aylmer, Executive Director of KPMG. “They don’t always spend the same amount of time thinking about what could interfere with that plan.”

Aylmer has seen scenarios like these play out repeatedly throughout his career as a risk management specialist, often inside enterprises that believe they’re being careful.

That’s partly what drove Aylmer to design the John Molson Executive Centre’s Enterprise Risk Management program, which gives cross-functional decision-makers the knowledge to integrate a risk management mindset into everyday choices.

What risk means

“The definition of risk is a deviation from the expected,” Aylmer explains. “Risk starts with what you’re trying to achieve, and every objective has risks tied to it.”

When the bricks don’t fit

Too often, Aylmer asserts, decisions are not tested against what an enterprise is actually built to support. Existing strategies are viewed through rose-tinted lenses and little time is spent examining underlying assumptions, or how change could compromise existing capacity.

“Often what happens is that companies don’t spend the time to really understand what risks are implicated by the change they’re making,” he says.

For example, as new LEGO products were approved, strain surfaced in unexpected areas. Manufacturing had to support higher volumes of unique components, and supply chains became more complex. Forecasting grew less reliable and larger inventories tied up capital.

However, no single decision seemed unreasonable on its own. Development teams made presumably reasonable choices within their mandate. What was missing, Aylmer explains, was a pause to test the assumptions shaping these decisions. Blind spots were revealed when LEGO assumed its historic success would carry new ideas into the future. 

Bringing decisions back into alignment

LEGO’s situation was difficult to recognize early because nothing failed outright. The consequences appeared gradually, through unsold inventory, tightened cash flow, and operational stress that could not be traced to a single decision.

“There are always a few obvious, bigger things that can go wrong,” Aylmer says. “But then there are many smaller ones that can go wrong — and they tend to.”

Appointed CEO in 2004, Jørgen Vig Knudstorp, now executive chair of LEGO, refocused the company on its core product. Later expansions into film and video games succeeded because they were designed to support the brick system, and LEGO reclaimed its position as an industry leader.

What LEGO’s rebound illustrates is not that growth is dangerous or that risk can be eliminated, but that decisions that seem logical inside one function can create pressure elsewhere.

If risk management is treated as a checkpoint rather than part of the strategy itself, Aylmer says, those cross-functional impacts won’t show until the organization is already absorbing the consequences.

“That is why you need to have an enterprise-wide risk framework to get the collective opinions of internal stakeholders who are important to making those decisions,” he says, "instead of making those decisions in a vacuum.”