Dr. Leo S. Mackay, Jr. is senior vice president of Internal Audit, Ethics and Sustainability at Lockheed Martin. Before joining the corporation, Dr. Mackay served as Deputy Secretary of Veterans Affairs. The former Navy fighter pilot graduated from the United States Naval Academy and has a master’s degree and Ph.D. in public policy from Harvard University. Dr. Mackay is also a member of the U.S. Naval Institute, Council on Foreign Relations and Aspen Strategy Group.
Matthew Swibel is director of enterprise risk and sustainability. He leads an integrated team, reporting to Dr. Mackay, responsible for enterprise risk management and sustainability program strategy, implementation and stakeholder engagement. Prior to joining Lockheed Martin, Swibel spent almost a decade as a business journalist, most recently as Associate Editor of Forbes, where he was recognized by the Overseas Press Club for his business reporting from abroad. He is a graduate of the American University and has an MBA from the University of Maryland.
Christopher P. Skroupa: To what extent should enterprise risk activities focus on avoiding risk versus managing acceptable tolerances of risk?
Dr. Leo S. Mackay: I think the latter is important and sometimes overlooked. The key to being a successful business is to modulate risk and to monetize that, so we look at risks and opportunities as two sides of the same coin. I think considering risk and sustainability together is part and parcel as sustainability, in grand, strategic terms, is about realizing business resilience. It’s also an opportunity to enhance transparency and partnership. In many respects, it can be, and in our context should be, a first resort in the mitigation toolbox. It’s a part of shaping our future operating environment, our corporate perception and, in a concrete fashion, building resilience and efficiency into the business. Those things are operationalized as risk mitigation, modulation of risk and exploitation of opportunity.
Skroupa: Given the complementary tools of enterprise risk management and sustainability to achieve strategic objectives, how are you organized to harness capabilities in these areas?
Mackay: We recently aligned the organizations so those two functions at Lockheed Martin – enterprise risk and sustainability – are under a common reporting senior, Matt Swibel. Both ERM and sustainability are principally focused on the identification and prioritization of risk. They also enjoy a pretty good community of tools with which you attack either subject intellectually. One way to think about sustainability is as a first among equals in terms of the mitigation strategy. Putting those two together where they can share tools, leverage people and also develop a working partnership made sense to us. One prominent area of leverage is that in both we see a primacy on internal reporting, external disclosure and transparency.
One of the organizational wrinkles is that any disclosure and reporting capability is shared between those two so that we are looking at both sides of the coin as we do things like make inputs to our 10k, and as we interface with NGOs and other organizations that judge the corporation on the quality of its risk management and sustainability program.
There are some strategic issues, some intellectual coherence issues and some sort of meat and potatoes issues around business tools and the employee skills sets that at least, in our mind, recommend those as not joint, but interacting and interweaved capabilities.
Swibel: I’ll just comment on two dimensions: the first is corporate governance. Strictly from building and retaining investor confidence, it’s helpful to see that there is a “sibling process” that ultimately finds its way into board engagement on reviewing the critical business risks and opportunities that ought to be considered in the context of the business strategy. Rather than have siloed discussions or disaggregated thinking around what are the existing and emerging risks that would be effective to manage and disclose, that now is a coordinated effort.
The second dimension is the tie to strategic planning. Whereas organizations could have two earnest teams, one in sustainability and one in enterprise risk management, both trying to aid the monitoring and managing of different risks of strategy – now both in the design of issues assessment to the tracking of mitigation plans – there is a singular entity that has a robust perspective on the critical business issues in the context of strategy. I think those are two advantages that a firm can benefit from if they’re organized where there’s a central reporting structure.
Skroupa: Would you agree that organizing that in that fashion allows for sustainability technologies or operational practices to be fully leveraged and embedded into the enterprise?
Swibel: I think it’s still early days for us, but I can see where that would be an accelerant.
Mackay: Matt mentioned one of the real payoffs being the interface with strategic planning. As the corporation looks out three to five years and what it needs to get done and what opportunities it has in front of it, you have to do that with some reference to these critical issues that are either risks for the enterprise or opportunities to build resilience. It is a necessary lens for planning.
Strategic planners also benefit from methods like materiality assessment, transparency and issues identification that are done in a rigorous fashion in a sustainability context. These too are critical for good strategic planning. These are practices and disciplines that are emphasized in sustainability, and are informative for strategic planning.
Swibel: I just want to describe a real-world example at a high level. In the instance that we’re looking at security and supply, and this would apply to organizations that have a fair amount of supplier content, but in this context there may be a supplier performance aspect that when investigated also illustrates a reliance on or exposure to a longer-term environmental risk. It helps both crystallize what the environmental factors that ought to be prioritized in the product design and lifecycle stage are, and it is also generating a more resilient supply chain management approach, but it’s all happening in the same business process, they feed off of each other.
Mackay: Sustainability surface externalities can become material costs to the business. The best example is environmental remediation. It addresses choices around supply-chains, choices of chemicals and certain materials and how they’re folded in and how they’re used, and what the true long-term cost of those are. I dare say there are a lot of corporations that would make different decisions about the use of certain processes, substances or chemicals had they surface externalities at the time of adoption.
Skroupa: Would you please describe your pursuit of integrated assurance?
Mackay: I don’t think anyone thinks it’s uncommon or unusual for all of the legal affairs of a corporation to be gathered under a general counsel – even though attorneys are particularly quick to tell you what they don’t specialize in. A property attorney would not deign to give you advice about a merger and acquisition or about labor relations or environmental law. They are very particular and very specialized in the areas of the law in which they have expertise. Yet, no one thinks it’s odd that they all then report to a general counsel that has some background across a number of those disciplines, but certainly not all of them.
Similarly with a chief financial officer. A chief financial officer may have been a treasurer, may have been in finance and business operations, may have done some time in contracts, may be an expert in investor relations, but almost assuredly no CFO is an expert in all of those jobs. Yet, no one thinks that all of the financial affairs of a corporation shouldn’t be gathered under a common reporting senior to give them coherence. I think what a lot of companies are now realizing- and some of them get “helped” to this realization when they have an escape and the federal government fines them or sends them a monitor – is that assurance activities may benefit from such a coherent organization. The question goes something like, “if I’m the chief executive or a member of the audit committee, how am I going to know and who is going to assure me that this corporation, in its processes and procedures and business interactions/operations, is observing all of the laws and regulations that pertain to it?” As a lesser issue, how about all of the company polices that we’ve outlined that apply to the several areas that we operate and the processes that we have? I think what people are doing, in different manifestations and slightly different lash-ups, is creating jobs that are broadly similar to mine, and it’s around this issue of assuring compliance to law and regulation.