My “This Week in FCPA” colleague, Howard Sklar and I often call the News Corp matter the case that keeps on giving. However, the same might be said about the ongoing issues surrounding Hewlett-Packard (HP). From a bribery and corruption scandal centered in Germany, the announcement of which was broken by the Wall Street Journal and has mushroomed into a wider geographic investigation; to the less than one year tenure of its [now] former Chief Executive Officer (CEO) Léo Apotheker; to a Board of Directors, some of whom never even met Mr. Apotheker before he was hired because, as one Board member who was quoted in the New York Times said, “we were just too exhausted from all the infighting” from the decision to separate from the prior CEO Mark Hurd.
In a foreword by Noel Tichy, to the article by author A.G. Lafley, in the October issue Harvard Business Review, entitled “The Art and Science of Finding the Right CEO”, Tichy focuses on HP’s lack of succession planning as one of its key shortcomings. Lafley’s article discusses the issue of succession planning during his tenure as the CEO of Procter & Gamble (P&G). Many of the concepts and issues that Lafley discusses within the context of succession planning in general are applicable to the concern of compliance within this area.
Lafley’s article makes clear that succession planning requires the same “coherence, discipline and thoroughness as governance, enterprise risk and strategic oversight.” In other words, it is just as important. Sadly, many companies fail to give it the attention it requires. Indeed, in a PricewaterhouseCoopers survey, cited in the foreword, nearly one-half of the more than 1,000 directors gauged reported dissatisfaction with their companies’ succession plans. Imagine what that number would be if they took into account the compliance aspect of succession planning.
Borrowing from Lafley, I have adapted his box for an analysis of some of the characteristics that should be considered in succession planning from the compliance perspective.
|People||Personal judgments about overall compliance goals||Judgments regarding your team members regarding compliance||Judgments on organizational systems for assessing compliance with the organization||Judgments about how to engage stakeholders regarding compliance|
|Strategy||Personal judgments regarding compliance in your career||Judgments about how your team evolves in its compliance approaches are new compliance challenges arise||Judgments about how to engage and align all organization levels in compliance||Judgments in leading stakeholders to execute compliance strategies|
|Crisis||Personal judgments regarding compliance in times of crisis||Judgments in how your team operates regarding compliance in times of crisis||Judgments about how to work with your overall organization in compliance in times of crisis||Judgments about dealing with key stakeholders regarding compliance in times of crisis|
Lafley makes clear that succession planning does not begin at the time a CEO decides to retire. It should being at the time that a CEO is hired. This is to prevent a decision at the last minute or, worse yet, “to be left with effectively no decision.” As well as the process being started at the time of the hiring a new CEO it must also fully engage the Board of Directors. Lafley provides several key points, all of which are applicable to the compliance component of succession.
Compliance is a Continuous and Evolving Process
Lafley defines the criteria that the evaluation process is an ongoing, not episodic process. In addition to a “broad and deep pipeline of qualified leaders” the candidates should be put through a variety of roles. In the compliance context, this would provide an opportunity to review the initiatives and responses in several different areas. In addition to running large and small business units, such candidates should oversee several different functions, as broadly as the Chief Financial Officer (CFO) to Human Resources (HR).
Define the Compliance Criteria and Measure People against It
In many ways, evaluating a compliance criterion is as much an art as it is science. However, Lafley states that a specific list of “must-haves” is appropriate. It is not as simple as whether there was a violation or not. It is broader than that calculus. I often write about Paul McNulty’s three ‘maxims” which are (1) what did you do to prevent it; (2) what did you do to detect it; and (3) what did you do when you found out about it? Compliance for the CEO candidate is more than the third prong. How did you inculcate compliance into the business unit that you are managing? What controls did you put in place? And then what did you do when you found out about it?
Explore Multiple Compliance Scenarios
Lafley defines this as “how the future might look”. You might explore a new geographic market with a candidate or a new product line, either of which might bring new compliance challenges. Being a part of a team to perform a risk assessment might indicate that new or different compliance safeguards need to be considered. Should monitoring, through continuous controls monitoring or other more sophisticated tools, be utilized as the compliance program evolves be considered?
Remain Flexible but Focused on Compliance
Lafley points out that the choice of “a successor isn’t a done deal until the votes are cast and the announcement is made.” He advocates continuing to provide challenging projects, which would include those in the compliance arena, which can continue to provide feedback and guidance from the compliance perspective. As one division President told me “You are always being evaluated.” And so it should be. The selection of a new CEO is a substantial investment by a large company. Having the right person in the position from the compliance perspective is an important element in an overall evaluation. Remember – it all starts with the “Tone from the Top”.
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at firstname.lastname@example.org.
© Thomas R. Fox, 2011