Q&A With VP Internal Audit, Ethics At $1.6b PETCO Animal Supplies

This profile is the latest in a series of weekly conversations with executives at U.S. public companies who are currently involved in establishing and developing compliance programs. An index of previous conversations is available here is available here.

So, have any pets yourself?

Oh yes. I have two rat terriers; they’re in the terrier dog group, but they aren’t as hyper and they look like rats ... I also have a few beta fighting fish, and an African fat-tailed gekko lizard. That’s my daughter’s.

Sounds like you have the right demeanor for your company.

[Laughing.] It’s an unusual environment—a lot of people have small pets in their cubicles. Lots of offices have aquariums. You can walk around and people will have tarantulas, snakes, scorpions. I can’t do that, but you’ll see the guinea pigs and the mice and stuff ... It’s pretty funny to see dogs walking around the office with name badges on their collars.

How did you land in your current position?

I started here in January 2003. I met Jim Myers, who at the time was the CFO, in the summer of the previous year. He hired me to do some internal audit consulting ... so I did some consulting for a three-month period, then I signed on full-time in January. At that time I was just VP of internal audit; the company had never had an internal audit function prior to me coming on board.

I was given the asset-protection job last October (our director of loss-prevention had left), and then Jim was promoted to CEO. At the time, as we were setting up our compliance program, Jim the CFO was also chief ethics officer. When he assumed the role of CEO, we agreed that we needed someone more day-to-day who could handle the problems with the ethics program, and that’s when I was named ethics officer.

How much of your time goes to the nuts-and-bolts of auditing, and how much to other areas?

If you look at the big picture on a monthly basis, we’re in a unique situation that not only is the internal audit department very young ... but the more I looked at the asset-protection front, the more I realized how young we were there as well. So we’re basically turning over every stone in that arena as well.

From a 404 perspective, internal audit is not driving that project; that’s really our finance and accounting group. I’m on the steering committee and my auditors assist on the project. From a personal standpoint, because of the number of initiatives underway in asset-protection, I spend more time in that area than normal (about half my time). The rest is spent primarily with internal audit duties and the ethics program. Most of the day-to-day ethics responsibilities are handled by an ethics coordinator.

How did you structure the internal audit function, considering you started from scratch?

I have two managers and three auditors right now. Originally, prior to my working here full time, I performed a risk-assessment to let management know what their risks were ... It was a high-level risk assessment. I’m involved with the Institute for Internal Auditors, and they have a lot of good resources and benchmarking information. And I had been in retail before, and sort of knew the route we’d be going. Originally they thought auditors would come in and audit stores. I told them that’s not going to happen — with close to 700 stores, you just can’t do that unless you have an army of auditors. So I told them we’d concentrate on the processes and not the stores.

I went through that. I wrote the charter. Structurally we’re very sound: We still report to the audit committee, but administratively I report to the CEO ... which is very good from a governance standpoint.

And what about your duties in ethics and in asset protection?

In asset protection, it’s a fairly typical structure. I have an overall director; he has three regional directors, and then 11 regional managers. I also have two shrink managers and a coordinator ... They’re really charged with safeguarding the assets of PETCO, whether its merchandise, money, or the welfare of customers and associates.

On ethics, probably in March or April last year, I did another assessment on the corporate compliance program using the federal sentencing guidelines. I went through the [guidelines’] seven elements, and just assessed where the company was relative to them ... That was the first step, to look at the code of ethics. I made it more user-friendly and concise. We had three internal hotlines, internally manned; we eliminated those three and now all calls go to one hotline managed by an external firm. It all really grew out of the seven elements of the corporate compliance program.

Treatment of animals is the first section in your code. How do enforce that code with vendors, considering that pets are so important to your customers.

You’re right: Our governance program really goes beyond the four walls of PETCO. We have two committees for that. One is internal, the companion animals strategic committee. I’m a member of that, and we meet monthly. Our chairman and our CEO both attend the meetings. As an internal committee, it does nothing but focus on animal care. Externally, we just implemented an animal care advisory council. There are four outside members on that council, all experts on animal care—they met for the first time two months ago.

That’s what we do from an advisory standpoint. The other thing we have is a vendor certification process. To your point, we actually audit our vendors. In some cases, we’ve terminated the contract and the agreements with our vendors—sometimes to our detriment, because we dried up that pipeline. But we did it for animal care.

How does an animal-care audit work?

It’s our companion animal group that actually goes out and does it, because they have the expertise and internal audit doesn’t have that animal-care experience. But they look at everything from shipping standards to feeding standards to how they raise the animals. It’s across the board.

You’d mentioned before that you audit processes rather stores. But PETCO does have hundreds of stores, so how do you police against misconduct?

That question co-mingles two thoughts, really ... Internal audit is key in the process improvement, and the asset-protection group is detecting fraud at the store level.

At that store level, we have a software package called XBR, a really neat software tool that looks at all the register transactions and produces exception reports. We investigate those, and we obviously get hotline calls as well funneled to the asset-protection group. And we have an open-door policy here, so a lot of investigations are started by a store manager calling the district manager to ask questions.

From a process standpoint, internal audit looks at any process at the store level: receiving, checkout, grooming, animal care. We look at it from beginning to end, and do a mini-risk assessment. We talk to the managers and directors responsible for that area, ask what their concerns are, and take it from there.

The audit committee: How often do you meet with them, and what is discussed?

It’s a strong audit committee ... We meet formally six times a year; twice face-to-face and four times by telephone at quarter’s end. Separately I meet with our chairman privately twice a year. It’s a good, open relationship. In my charter, nothing can really happen without their approval: my hiring, my firing, my pay, my appraisal and so forth. I report to the CEO, but they ratify my budget and all the decisions concerning me.

What can you tell me about the 404 project?

The team itself is led by the controller. The steering committee is me, the controller and the assistant controller. That’s really the core group ... The team is made of members from accounting, tax, information systems, audit, and some external resources as well—an external firm and a consultant.

When must you certify?

Our year-end is the end of January. PETCO is actually a bit of different beast, as far as 404 is concerned. We have a very simple structure. We have only domestic locations; all locations are company-owned, so we have no franchisees. All our store operating procedures are consistent. All of the accounting and financial reporting is centralized here. So we’re probably in better shape than a lot of global retail companies.

What about benchmarking PETCO’s compliance efforts against a peer group?

From an ethics standpoint, I feel that as long as you’re following the federal sentencing guidelines or we start following the OCEG guidelines, then we’ll be doing the best practices ... Just talking to other chief audit executives, I think we’re doing a really good job for this size of a company.

And your priorities for the next 12 months?

First and foremost in the ethics area, structuring our company along the Open Compliance and Ethics Group guidelines and integrating those guidelines; I see that happening for us next year. From an audit perspective, it’s really to continue the key operational store processes that either we know are critical or that the operations group wants us to look at. And in asset-protection, it’s that theme of turning over every stone. We’re looking at all the policies, procedures and even the structure of that entire department. We want to improve on what they now have and formalize the things we do.

Thanks, Doug.