Manage the Change, Don’t Let the Change Manage You

In a 2015 study, Gallup’s David Leonard and Claude Coltea asserted that 70 percent of all change initiatives fail. Anyone who has overseen a transformation knows that leading change is not easy. It’s complicated and commitment is required at multiple levels. Just as all organizations are different, no two change initiatives are the same. A change leader must consider the nuances and uniqueness of the organization – taking into account the needs of the business, the interdependencies between departments, and the impact to employees. While it isn’t easy, the following seven guiding principles will greatly increase your chances of successfully implementing your initiative.

1. Build a stable foundation for managing the change initiative and articulate your vision.

A strong foundation starts with a vision for the change that is aligned to the business strategy. Simply put, solid planning, competent leadership, and systemic thinking. Identify a change management team that the initiative deserves and who share in the vision. In addition to a sponsor (usually a senior leader), identify a change agent who is responsible for leading a broader change management team. This person must demonstrate strong influence skills and have broad organizational perspective. This team will be responsible for creating the road-map for the transformation.

2. Give the change agent and the change management team free reign to execute their plan.

In order to drive the change forward, the team must be given the opportunity and authority to plan, execute, and make decisions. This is not to say there cannot be oversight, but if the team believes that their ideas and recommendations will be corralled, they will instinctually confine their recommendations to only what they think will be accepted.  

3. Focus on the problems, not the symptoms.

Ground yourself using the question “what problem am I trying to solve”? Using this as your beacon will help assess the situation from an unbiased lens.  Using problem solving methods like the Five Whys, conducting a SWOT analysis to understand the internal and external factors, and other popular methods will ensure you are addressing the right issues.

4. Use a balanced and inclusive approach to gathering information. Look beyond the numbers.

Often, the first indication that a problem exists is the qualitative data – such as handle times in a call center or conversion rates in a marketing group. Equally important however, is qualitative data from the frontlines.  Involve frontline leadership and key team members to get a perspective from the trenches. Not only will you gain the “color commentary” around the numbers, you’ll reduce resistance by giving them a sense of inclusion.

5. Use the power of the people.

While leadership can limit resistance by creating excitement and anticipation for the changes, humans are wired to be suspicious of unfamiliar things. Successful change initiatives set the stage by articulating the business need; building momentum by engaging and soliciting input; giving employees needed tools and resources; and anchoring the changes by recognizing accomplishments and celebrating successes. Making the transition as easy as possible for the individuals who are tasked with execution, creates the least disruption to the operation and ensures long-term sustainability.

6. Communicate, communicate, and communicate.

Use storytelling and personalization to explain how the changes will improve things. Talking about a customer who had to spend hours on the phone trying to resolve a problem with their sick child’s prescription, or how “Mary in finance” won’t need to work 12 hour days at the end of the quarter to close out the books is much more powerful than “this change will make us more efficient and responsive to customer needs.” It is also most effective to use multiple mediums and venues to allow for employees to address concerns and ask questions. Senior leadership and/or HR should be represented in these venues and could include town halls and dedicated staff meetings.

7. Identify the metrics that will guide you to your end game.

Having clear and measurable goals that help define the path to a successful transformation is vitally important when executing a broader strategy and ensuring sustainability. Identify clear key performance indicators (KPIs) that provide everyone with consistent and measurable goals. The KPIs should be tied to the strategy and the reasons behind the transformation.

CPI’s unique approach to managing change is illustrated in our proprietary Change Navigation Model™. We help our clients and their leaders traverse the path to a successful transformation by recognizing the fundamental needs of both the organization and the employees.  This holistic approach anchors the process in three distinct phases: Creating a Vision which aligns the change plan to the broader business strategy; Planning and Building Momentum by considering the needs of the employees; and, Implementing and Sustaining the change by seeing the plan through and celebrating the successes.


Mark Saddic
Senior Talent Development Consultant
CPI Philadelphia

The post Manage the Change, Don’t Let the Change Manage You appeared first on CPIWorld.

Cyber-Risk Management for Directors Should Start at Home

Frederick Scholl

There are many posts on the NACD Board Leaders’ Blog discussing cybersecurity, but all of them deal with directors’ responsibilities toward the organizations where they are board members. In fact, corporate directors themselves may be targets for hacktivists or cybercriminals and need to make sure they have adequate protection. This protection should include both home and professional office.

Directors obviously will have access to sensitive insider information that many unauthorized parties would like get access to. Many directors will also be targets as high net worth individuals. Cyber criminals always target the weakest link, and as corporate information security improves, they increasingly will target the home networks of key executives and directors.

Breaches such as the one that occurred in the summer of 2017 at Equifax have put so much personal information into the hands of criminals that individuals increasingly will become targets. Directors represent a perfect demographic cross section to be attacked. Attack vectors may include phishing, ransomware, and social media.

Earlier this year, an employee of the National Security Agency was in the news as the hacker apparently stole government secrets from the comfort of his own home network. Directors with access to confidential strategic or financial information should make sure their home networks are protected above and beyond the usual consumer grade defenses.  Another attack path may be through tools and services used by directors. In 2010 attacks were reported against a prominent meeting portal for corporate boards. It is not clear if any sensitive information was stolen at that time.

What more should directors do?

First, make sure your home network is built to corporate standards. You need a commercial firewall, not just a consumer router. Most critically, any devices—especially firewalls and routers—should be set to auto-update their security firmware. Auto-update is now included in the Windows 10 operating system, in most smart phones, and in many home network devices, but not in devices more than a few years old. Anything you put on your network will be found to have vulnerabilities, so this software and firmware update feature is critical to keep hackers out.

Password strength and protection represent a second critical area. Many breaches result from theft of user credentials such as username and password. You should use two-factor authentication to log in to sites with your financial or personal information. Two-factor verification utilizes a second security barrier to verify with the application or website that the person logging in is, in fact, you. For instance, applications for your smart phone such as Google Authenticator and Duo Security generate one-time tokens that serve as a second factor. More familiar is the text messaging that many sites still use to send one time codes to users. This process has been deprecated by the Federal government because of potential eavesdropping attacks, so use the dedicated security apps, if possible. Still other financial sites do not yet have any two-factor authentication available. For these, make sure to use strong passwords that contain at least 12 characters, and that preferably can be pronounced. Such complex passwords should be managed using password vaults like LastPass or KeyPass.

The last factor to consider is encryption. Never store any sensitive data online without encrypting it and protecting it using a password known only to you. It is true that collaboration sites like Dropbox do encrypt the data saved there, but the companies still have the encryption keys and can view the data. These keys can be hacked or stolen by a disgruntled employee. That level of encryption is fine for 99 percent of the information you store online. But for the other, essential 1 percent of information—especially personal or corporate sensitive material—only you should have the encryption key. Applications like Boxcryptor integrate with Dropbox and enable you to further protect your information.

These three security precautions will help you keep your personal and professional information secure. Since threats and vulnerabilities are constantly changing, you should keep up to date using the NACD Cyber-Risk Resource Center and other sources of information on this topic. Also consider attending the NACD Global Cyber Forum in Geneva, Switzerland, April 17–18, 2018. You’ll hear from leading international directors, executives, and security professionals on how to protect sensitive corporate information.

Frederick Scholl is president of Monarch Information Networks, and is adjunct professor of computer science at Lipscomb University in Nashville, TN. All thoughts expressed here are his own.

Culture: The Board’s Expanding Frontier

Peter R. Gleason

With headlines trumpeting high-level firings for “inappropriate behavior” in a variety of domains, it’s become more obvious than ever that corporate culture matters, and that boards should oversee it. So what exactly is corporate culture, and how can it be overseen? These questions might sound new, but they are as old as the corporate governance movement that began some 40 years ago when NACD was founded. Indeed, for the past four decades, the role of the board in overseeing corporate culture has been growing in breadth and depth, and much can be learned from history.

  • The Foreign Corrupt Practices Act of 1977 made the board a vigilante against foreign bribes. The original law made it illegal to do business abroad “corruptly” and required “internal controls” through oversight of books and records.
  • In 1987, the Committee of Sponsoring Organizations of the Treadway Commission put the board on alert against misdeeds not just in faraway lands but down the hall: its Treadway report required independent audit committees to prevent fraud in general.
  • Another decade later, in 1996, the Delaware Chancery Court’s decision In re Caremark International Inc.said that directors have an affirmative duty to seek reasonable assurance that a corporation has a system for legal compliance. Soon thereafter, NACD published its first handbook on ethics and compliance, authored by NACD pioneer Ronald “Ronnie” Zall, an attorney and educator then active in the NACD Colorado Chapter, which later established the Ronald I. Zall Scholarship in his honor.
  • In late 2007, as global equity markets went into panic mode, NACD forged Key Agreed Principles of Corporate Governance for U.S. Public Companies, highlighting all areas of agreement among management (the BRT), directors (NACD), and shareholders. Our report, published in 2008, stated that boards must ensure corporate “Integrity, Ethics & Responsibility.NACD Southern California Chapter leader Dr. Larry Taylor began writing on “tone at the bottom,” publishing a series of articles and books on the topic over the next several years.
  • And now, in 2017, board oversight of culture has become more important than ever. Our NACD 2017 Blue Ribbon Commission Report on Culture as a Corporate Asset provides useful guidance.

NACD’s 2017 Commission made 10 recommendations, starting with this one:

The board, the CEO, and senior management need to establish clarity on the foundational elements of values and culture—where consistent behavior is expected across the entire organization regardless of geography or operating unit—and develop concrete incentives, policies, and controls to support the desired outcome. The Commission report explains that these foundational elements involve two sets of standards: first, the values and behaviors that help the company excel and that are to be encouraged, and second, the behaviors for which there is zero tolerance.

As I write this blog in December 2017, the business media are continuing to report firings or sabbaticals for executives—some 20 in the past eight weeks alone—over reportedly inappropriate conduct or speech. Many of these pertain to sexual harassment, but the corporate desire to clean house seems to be spreading like wildfire to other domains. One executive was recently fired for making a disparaging remark about regulators in private conversation to a former employee. Could a policy have prevented this? I think so.

Click to enlarge in a new window.

The NACD Commission urges a proactive approach backed by policies and training. The good news is that many companies are taking preventive action.  A Wall Street Journal article titled “Harassment Scandals Prompt Rapid Workplace Changes” cites numerous companies that are instituting training to avoid bad behavior in the workplace. Some like Vox Media and Uber Technologies are responding to scandals. Others like Dell, Facebook, Interpublic Group of Cos., and Rockwell Automation are acting more proactively.

Boards in these companies and others are starting to oversee culture in proactive ways, but they still have a long way to go. Our most recent 2017–2018 NACD Public Company Governance Survey found that oversight of culture is stronger at the top than at lower levels, but that boards are taking steps to correct the imbalance.

The best cultures don’t happen by accident. They are intentional. They happen when a company makes a concerted effort to foster a good culture.