In the latest of our weekly Q&As with governance and compliance executives, we talk to Linda Winter, director of compliance for $3.6 billion Armstrong World Industries. An index of previous conversations is available here.

DETAILS

Winter

Linda Winter is currently the director of compliance for Armstrong World Industries Inc., a $3.6 billion flooring manufacturer based in Lancaster, Pa. She is responsible for developing the strategy, processes, policies, and administration of Armstrong’s compliance program worldwide, including communications, training, investigations, and risk assessment.

Prior to assuming this role, Winter was a Six Sigma Black Belt with Armstrong’s building-products division. In that role, she focused on process-improvement initiatives for sales and marketing, and earned her certification as a Black Belt from the American Society for Quality.

Prior to her position as a Black Belt, Winter served as a manager for commercial eMarketing, where she was responsible for the strategy and development of Armstrong’s commercial flooring and building products Web presence. During this time, Armstrong’s commercial Web site was recognized as one of the top 10 business-to-business Web sites by BtoB Magazine.

In addition, Winter held a number of positions in Armstrong’s information-systems groups, managing logistics and supply chain systems for flooring, building products, and retail divisions.

Winter is a 1987 graduate of the Pennsylvania State University with a B.S. in Operations Management. She has won numerous awards from Armstrong, including three General Manager’s Awards for individual performance and four General Manager’s Awards for team performance.

COMPANY BASICS

Company

Armstrong Worldwide Industries, Inc.

Headquarters

Lancaster, Pa.

Employees

14,900

Industry

Flooring

'05 Revenue

$3.6 billion

More On Armstrong

Text From Armstrong’s Code Of Ethics For Financial Professionals

Armstrong’s Corporate Governance Principles

Tell us about your role and duties at Armstrong.

As director of compliance, I oversee the development, implementation, and monitoring of Armstrong’s worldwide compliance program. That primarily includes training, communications, investigations, and compliance risk assessment. I’ve been in this role for three years.

Who do you report to?

I report to the deputy general counsel and corporate secretary. I also have strong working relationships with our general counsel and a compliance council, which is comprised of five of our most senior executives.

How big is your team?

I’m dedicated full time to the compliance program. As I mentioned, I work with our global compliance council of senior executives, and I also have two regional compliance committees, one for Europe and one that covers Asia, Australia, and India. The regional committees are made up of the senior leadership for that area of the world, and I work with them to localize and implement the compliance program in their region.

What questions do the board and senior management ask you most often?

They’re interested in knowing the number and types of concerns reported, how many are substantiated, and what types of corrective action we’re taking based on substantiated concerns. We’ve also reported to them on major initiatives we are taking, such as training initiatives. I think at the most basic level, the board and senior management want to know you have an active compliance program that includes both preventive measures, such as raising awareness of laws and policies, and responsive tools to support employees when they raise concerns.

Why was your team established?

Armstrong has a long history and reputation of high standards. Our founder, Thomas Armstrong, had a motto, “Let the buyer have faith,” when he started the company in 1860; our company’s operating principles were set out in 1960. So we’ve had a culture of integrity and ethics for many years. We have had the current version of our Code of Business Conduct in place since 2001 and our Ethics Line installed shortly thereafter.

Even so, about three years ago, our board and senior leadership determined they wanted to see a more robust compliance program that was consistent around the world. As a result, when I moved into my current position, we re-established the role of the global compliance council, created the regional compliance committees, and began an aggressive plan to create or update our compliance processes.

How do you define “compliance,” anyway? For example, how do you distinguish yourself from internal audit or enterprise risk management?

We define it rather broadly, in that we want our compliance efforts to foster a culture of self-governance within the company, and our employees to apply that mindset to the law, company policy, and our operating principles. That’s not to say we want employees to make legal decisions completely on their own—but we want to arm them with information and resources to know what the right thing is to do, and when and where to go when they need help making a legal or ethical decision. My role is to create and maintain a program that drives that overall message and work with all the other business functions that have a piece in a specific part of compliance, such as human resources, safety, finance, and so forth.

What are the pillars of your compliance program?

We’ve used some Six Sigma process improvement tools to look at the idea that creating a culture of self-governance is a process. From that, we identified what we consider key sub-processes, such as training, enforcement of policies, and continuous communication about compliance activities.

How did you start developing the compliance program? What were the priorities you started with?

When I came into my current role, the global compliance council and my management had established some overall goals for what they wanted to see in the program. That was critical, because the buy-in and agreement was already there from senior management. Then we used process-improvement tools to further define our vision for the program, and then prioritized the places where we felt we had gaps. Initially, we wanted to make sure we had high awareness of our Code of Business Conduct around the world, that we had a well-defined, well-communicated investigation process, and that we were raising awareness about compliance across business units and geographies.

How do you educate your workforce about the compliance program, anyway?

We use both online and instructor led methods to deliver training, based on role and function within the company. For example, last year we implemented new training on our Code of Business Conduct and compliance program for all salaried employees. Because managers are so critical to creating the right culture and example for their employees, we implemented a second, additional course for them to reinforce their role and responsibilities with compliance. And there is also specific training led by subject-matter experts within the company, such as anti-trust training by our legal department for sales people, and safety training led by our environmental, health, and safety group.

How do you monitor the success of the program?

We have systems in place to monitor most processes, and where we don’t have the systems, we have accountability through our regional compliance committees, who assign resources to execute specific compliance projects.

For something like training, we have a system in place that lets us know who’s taking the training every month. We have a process to remind people to take the training. Where we don’t have a true computerized system, in some of our foreign offices, for example, we have assigned people who monitor and follow up on those processes.

How has the role of compliance managers and groups such as yours changed over time?

I think in the past, compliance managers came primarily from the legal ranks and were seen as needing to be the subject matter expert on legal issues, and perhaps not needing as many operational skills. The role has evolved into one where business management skills are very much needed, because compliance managers need to set strategies, create plans, operationalize them, and manage the ongoing programs they’ve put in place.

For example, as a compliance manager, you may be creating training plans on one day, working on an employee-awareness campaign the next, and then working with an investigator on an allegation of misconduct in a foreign country. The compliance manager needs to be comfortable in more of a matrix or relationship-based organizational structure where they are liaising with subject-matter experts from a variety of functions including legal, internal audit, finance, human resources, safety, public relations, et cetera. The compliance manager doesn’t need to be “the expert” on every legal or policy issue anymore as much as they need to know how to get the expertise and incorporate it into the compliance program.

What are the biggest compliance-related challenges facing companies today?

It’s probably the same challenge that a lot of business functions face: share of mind of employees. You’ve got to find ways to keep the idea of compliance and self-governance in people’s minds as they go about their daily work. We like to say at Armstrong that compliance is like safety; it’s not an initiative or a project, it’s part of how you do your job every day.

What are some best practices that you would recommend for companies?

I think what is most important is to find what works for your company—for its size, its culture, and its capabilities. The basic processes that support compliance are training, communications, risk assessment, and investigations, but the way you implement those processes are going to be determined by your infrastructure, organizational structure, resources, and beliefs.

Thanks Linda.