Close

Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

The Fine and Elusive Art of Managing Change Effectively

Matt Kelly | December 14, 2015

A large part of success for compliance programs at hinges on the chief compliance officer’s ability to shepherd change through the organization. And let’s be honest: managing change is not something many big businesses do well.

I’ve been thinking about that lately because for the last year or so, once a semester I give a guest lecture at a New York University class about change management. Technically that subject falls under the discipline of human resources, but every chief compliance officer I meet cares about organizational behavior quite deeply. You can’t win over employees’ hearts, you can’t get them to like ethics and compliance programs, unless you have a well-designed plan to change how they all work. Otherwise you’re just running around in circles, spouting values from the mission statement and imposing more controls when employees ignore said values.

I asked the instructor for the class, Christyl Murray, why it exists at all. She hit the nail on the head with one sentence: “Many organizations are doing too much business change at once.” Hallelujah, Ms. Murray.

You can see that in any number of headlines in the business news today. DuPont and Dow Chemical are planning yet another giant merger, to be followed by breaking up that business into three smaller ones. Yahoo is under siege from shareholder activists tired of CEO Marissa Meyer’s serial reinvention of strategy, and now want Yahoo either to sell off its Internet search business, or sell itself, or merge with Verizon, or do lord knows what. These days a minor change is something like Newell-Rubbermaid’s acquisition of Jarden Corp. for $13 billion, although try telling that to employees at Newell or Jarden.

We have strategic change all over the place, as boards and CEOs everywhere try to find purchase in this perpetually low-growth economy. Compliance and internal audit leaders—already swamped with operational changes you might be implementing for cybersecurity, regulatory compliance, policy management, and so forth—must somehow accommodate those strategic changes, too, and the implications they bring to your program. And all the while, you must convince skeptical employees that, yes, all these marching orders from central command really are important to embrace. No wonder Murray teaches a class on this stuff.

Christyl Murray

The crucial step, Murray says, is to begin by describing your “desired end-state”—that is, what you want the organization to look like, or how you want it to behave, after the big change. That desired state could be higher revenue, faster product development, fewer weaknesses in internal control over financial reporting, better oversight of third parties, or anything else.

One of Murray’s students, an executive in the banking sector, is using the class to drive improvements in the student’s Know Your Customer program. Another is using the lessons to improve disclosure of conflicts of interest at her company. Regardless of the specific change you want to impose, Murray says, “There has to be some set of benefits the organization is looking to recoup.”

The crucial step is to begin by describing your “desired end-state”—that is, what you want the organization to look like. Still, many compliance officers get trapped in several issues.

That is common sense wisdom. Still, I fear that many compliance officers get trapped in several issues here. First, compliance officers themselves struggle to define what an effective ethics & compliance program looks like—yet an effective program is the end-state you want to achieve. So the easier path is to talk about improvements to process, rather than improvements to outcome. I am all for changing your polices or procedures if that is what brings your company to a higher standard of compliance, but let’s not delude ourselves. Those changes are not the same as improving your company’s overall commitment to ethical behavior, and that is the goal you really want.

Second, and more broadly, Corporate America seems to have larger inability to articulate an appropriate amount of change, or how all the changes your organization is making work together—because, as I see it, most of the changes your organization tries to implement aren’t intended to work together. They happen in the ever-dreaded silos.  

The banking industry is rife with this problem right now: on one hand you have CEOs warning all the time about “conduct risk” and the need to tighten ethical standards; and on the other they are slashing payrolls and injecting career insecurity into the workers who remain. Communicating new sets of compliance procedures or new efforts to adhere to a stronger code of conduct can be pretty difficult in that climate.

Or take a more internally driven example like the disastrous efforts to change JC Penney in 2012-13. Improving ethics & compliance did not have much to do with that trainwreck of a rebranding, but let’s not ignore the reality: once one bad idea infects the employee base with cynicism, a lot of good ideas get infected too. Ethics & compliance is always a good idea. Selling it while some hedge fund activist brings in a new CEO who tanks the stock price and lays off thousands—well, that’s hard.

When you try to impose too much change, without articulating that desired end state, employees stop asking why the company is changing—they only ask what they are supposed to do differently, which is a polite way of saying, “What do you want me to do now so I don’t lose my paycheck?” And then you’ve lost the culture. Then you’ve become vulnerable to employee cynicism, the single worst force a chief compliance officer can face. 

Comment on this post on LinkedIn.

Matt Kelly has been editor of Compliance Week for 10 years. He will step down from that role at the end of this year. You can find him on LinkedIn at www.LinkedIn.com/in/mkelly1971 or on GoogleTalk at MattCompliance@gmail.com