Through their program guidelines, “Our Standards of Business Conduct – Building Trust Together,” Hewlett Packard sets out its “The Headline Test.” Quite simply, HP employees are instructed to ask “Would others think it was OK if they read it in a news story?” The HP manual touts “The Headline Test” as “…a simple but powerful tool designed to make sure we appropriately consider the soundness and impact of our business decisions.”
One can only imagine that the answer was “no” at Hewlett Packard when a recent CNBC headline read “Hewlett-Packard Walloped by Charge Relating to Fraud.”
On November 20, 2012, Hewlett-Packard reported quarterly earnings that excluded a one-time accounting charge of more than $8 billion, relating to “…serious accounting improprieties, disclosure failures, and outright misrepresentations at Autonomy that occurred prior to HP’s acquisition of Autonomy…”
But, looked at through the lens of compliance, the positive headline is what HP is doing, why, and how they are going to spin the disappointing results to create good will for the HP brand.
On the same day that the quarterly earnings were released, Hewlett-Packard issued a separate statement regarding the Autonomy impairment charge, which buzzed around words like “intense internal investigation,” “forensic review,” “oversight of…executive vice president and general counsel,” and “preparing to seek redress.” Most strategically, the statement included that Hewlett-Packard had already “…referred this matter to the US Securities and Exchange Commission’s Enforcement Division and the UK’s Serious Fraud Office for civil and criminal investigation.”
There are at least two, important takeaways from the headlines, both the one penned by CNBC and the one HP drafted. First, when an employee brings management information about what could be a compliance violation, a company must take that employee seriously and conduct an investigation. Your company’s ability to quickly respond to a compliance breach allegation could mean the difference between obtaining accurate information and preserving primary source materials, versus having to try to reverse engineer what happened after the government shows up at the front door with subpoenas.
Second, a company must comply with all self-reporting requirements in order to get ahead of a government investigation and score whatever points can be scored early on. Of course, self-reporting an event should include self-identifying an existing, rigorous compliance program. If there is going to be a mistake uncovered, let it be a discrete event, rather than the tip of an iceberg that crashes into a lack of a compliance program.
The ability of a company to navigate the treacherous waters of a compliance breach begins when leadership constructs a compliance program, puts it in place, trains employees, and routinely re-examines its timeliness. A company, like Hewlett Packard, can issue this kind of PR only because its own corporate culture is deeply grounded into compliance requirements and programs. If there is going to be a compliance problem, wouldn’t you want your company to be as well situated to weather the storm?