This profile is the latest in a series of weekly conversations with executives at U.S. public companies who are currently involved in establishing and developing compliance programs. An index of previous conversations is available here.
You’re director of compliance at Home Depot. Tell us what that entails.
It entails quite a bit, actually. I manage our compliance department and our overall corporate compliance programs. I have a staff of 16 people: a group of compliance specialists, each responsible for certain policy areas; and an analyst group of a compliance manager and two analysts, charged with our data and metrics that we report and ensuring data integrity. I’m also responsible for the standard operating procedures of the company, so we have an SOP group here. We’re also just beginning to build up a document-retention program, so we also manage enterprise document retention.
More broadly speaking, we have 16 different compliance policies, the base of which is our Business Code of Conduct and Ethics. From that comes much more specific policies on advertising, environmental, security and so forth. Each of those areas is assigned to a compliance specialist; their purpose is to work with a legal partner responsible for that particular subject area, and then the business partner for the area where an issue arises—maybe an incident related to advertising, say … It’s the compliance specialist’s job to maintain and monitor the policy in that area to ensure we have proper procedures and training in place.
What compliance areas does a major retailer worry about? From our prior conversations with compliance officers, issues like "advertising compliance" hasn't come up.
You might think retail is retail, but it really is much more complex than that. A variety of laws affect us. What we’ve done to find those out … is to identify particular risks for each of the policy areas we have. For example, advertising: insuring that we provide fair and accurate information to consumers, or that we don’t infringe on any other competitor’s trademarks. We also have safety requirements from OSHA, environmental regulations as we store fertilizers and pesticides, disclosure requirements for securities regulations, training on prohibitions against insider training … We look at all those things. The specialist isn’t just sitting there waiting for an incident to happen; his role is to facilitate implementation of process improvements and training.
How does that ‘pre-emptive strike’ approach work?
On an annual basis we conduct our corporate-compliance review. Our different functional areas come in and our division presidents come in, and they all report on the status of compliance within the organization. They report on very specific things; our divisional presidents primarily talk about the areas most applicable to them in the field: environmental, labor issues, safety, state and local regulatory issues …
From those reports, issues are raised and new risks presented. We develop process improvements to try to eliminate the risk from how we do business. Essentially, can we change our operating structure so that we’re complying with the law and we don’t have to worry about it as much? If not, we conduct training to mitigate the risks.
You have more than 1,700 stores. How do you monitor all that at the ground level?
We don’t have regional folks with direct lines to me; we have “compliance coordinators” out in the field. Those are people who, by their position, it makes sense for them to support compliance out in their division or particular business. For example, the HR vice president for the eastern division would be the compliance coordinator for the labor and employment policy. Similarly, for environmental and safety, our director of safety for the division would be that compliance coordinator. That’s how we can quickly and efficiently touch the field. It allows us to coordinate any training or process-improvements rolling out from an enterprise standpoint, and it allows us to customize our program on a regional perspective … We rely on them a great deal.
Most people consider compliance jobs to be about financial reporting. Home Depot sounds like it has a much broader interpretation.
It does. Certainly the financial reporting and controls are important, and we work closely with our VP of internal audit and our controller, who really drive our Section 404 project. But what they do is reported to the Compliance Council, in addition to reporting to the audit committee … It’s my job to put together a comprehensive program and process to facilitate overall compliance within the organization. My role is to be a manager of many different areas and to ensure that each area gets the attention it deserves.
Your Compliance Council—what’s that?
I’m not a member of the council, but I’m their liaison with the entire company. The council is comprised of the executive vice presidents and is chaired by our general counsel. On a quarterly basis they meet, and it’s an opportunity for me to update them on changes in the law or new things that may affect us. We talk about any issues that arise about compliance, and it lets us have all the decision-makers in the room at one time to effectuate change.
What’s an example of a compliance issue they decided?
A good one arose some time ago as an environmental issue, when we had a program that was “less than robust” regarding how we managed environmental compliance in the stores. It was an issue that would require a significant amount of store-hour training and a significant investment in the development of processes and procedures. It was a big deal, not easy for the company to undertake. But the council undertook it; they understood the issue, they were presented with all the financial issues surrounding this, and they approved it and said, “Move on this.” That’s ultimately all that a lot of people need to make things change.
What can you tell us about Home Depot’s compliance efforts around Sarbanes-Oxley and Section 404?
I can’t honestly talk much about Section 404. All I can say is that certainly none of the standards that came out were anything Home Depot was afraid of; the company has always been proud of its governance standards and its financial reporting … The team went right to work on Section 404, and they continue to maintain and monitor all the issues that go along with that.
As to the other aspects of Sarbanes, we have a disclosure committee now which I’m a part of. We have anonymous hotlines. But things like that were all available long before Sarbanes came out—so it’s obviously a very important area and we continue to look at everything, but we had a lot processes in place before the law came out.
What role do you play in writing Home Depot’s code of conduct and overseeing other ethics issues?
We have a Business Code of Conduct and Ethics (Editor's note: see box at right), which is inclusive of a code for our senior financial officers. That’s published out of the compliance department. As conflict-of-interest issues come up the compliance department assists in resolving them. We do an annual compliance certification, where we ask a series of questions to associates, to help determine whether any conflicts exist and how to resolve those. We’re as active as we can be in that area.
Tell us more about efforts like your annual certification. How do you get input from so many employees?
We’re in the stores a lot. We don’t hold compliance sessions per se in the field, but my folks and myself—we’re out in the stores and talking with associates often. Home Depot has a long tradition of town hall meetings, where our leaders go to the stores and have open forums with our associates. The open line of communication is very much there … The associates know we have a compliance department, what we were and what we stood for. Associates receive a block of time during orientation dedicated to learning more about what compliance is and what to report.
You mentioned analysts who track compliance data. What do you track? Do you benchmark your compliance efforts?
We talk to a lot of different companies, and we do look forward to benchmarking with different groups and sharing how we and they do things. It’s certainly not easy to compare yourself to another company when you’re the size that we are … but we do learn a lot from different companies. That’s one thing our analysts do, look at best-in-class processes that other companies have. We’ll adopt those things that work well elsewhere. It’s not as formal or systematic as it could be, but we do a lot of benchmarking with our friends in the Atlanta area.
What is something your analysts measure?
One of the biggest things our analysts do is monitor training numbers. They try to get as granular as they can on the different numbers by division, by area, and by job classification to ensure we meet our goals in training people, whatever the area may be. That may be respect training, or advertising training—whatever it may be, they take numbers from our HR department and roll those into meaning numbers for us, that we can say, “We’re doing a good job here, but need more effort over there.”
What are your compliance resolutions for 2005?
One of the big areas that’s a constant challenge is integration of our compliance program into newly acquired companies. As Home Depot acquires smaller companies to support service businesses or whatnot, getting our program fully rolled out into their environment … is always tough. With limited resources and limited time, ensuring we do that on a consistent basis is a big priority for us.
Thanks, Bryan.
Click here for upcoming Webcasts with compliance officers.
No comments yet