In Private Companies, CFOs Are Central to Building Ethical Guardrails

Ethics rules are, for the most part, mandated for public companies through regulation. For private companies, these guardrails are optional and sometimes don’t exist at all. It is incumbent upon the private company CFO to review his or her ethics culture and build it up when necessary. 

Ethical guardrails for public companies are largely mandated through regulation and maintained through a structured internal control environment and audits. In private companies, such guardrails are optional, and too often they simply do not exist. Without a disciplined control environment, the risk of ethical lapses goes up at the same time early detection goes down. If you are the CFO of a privately held business and the ethics structure is weak or missing, your responsibility is clear – you must build it.

In this article, I’ll share some of my experiences transitioning from a Fortune 500 company to a private one, explore the differences between these two environments, highlight the CFO’s role as a beacon of ethics, and then provide 12 tips on going beyond compliance to construct an ethical work environment.

Changing Worlds

After building a career at Campbell Soup Company, I seized an opportunity to take on the challenges of being the CFO at a smaller, private enterprise. Indeed, I initially served concurrently as CFO for two organizations: a privately held group of companies recognized for sustainable packaging innovation within the consumer goods industry and its sister company, an innovator in recycled plastic resin used in containers and packaging.

The original intent was to split my time 50/50 between the two companies, but we quickly realized the recycling company, a distressed manufacturing business in crisis, required more attention. Stabilizing this business by rebuilding financial controls to resolve its cash flow and lender compliance issues had to be my priority.

Specifically, the recycling business was out of compliance with various bank covenants. The owners had negotiated an agreement to “work out” their issues to avoid formal bankruptcy. But within a few months, the owners and bank agreed to move the company into a court-appointed receivership. I assumed de facto executive leadership, partnering with the receiver and leading sale negotiations, achieving full creditor repayment after a strategic acquisition by an offshore buyer.

Once the recycling company was acquired, I focused my full attention on the other group of companies, which had their own challenges. The CEO and I quickly realized the best way forward may be new ownership. With board approval, we began preparing for a transition. This entailed cleaning up the balance sheet, enhancing the quality of our financial reporting, strengthening controls, and otherwise “getting our house in order.” Ultimately, we successfully negotiated the company’s sale to a strategic buyer, enabling the group’s legacy to continue.

These experiences truly awakened me to the reality that private companies, relative to their public company brethren, are at an operational disadvantage. But I’m not talking about finances here: what I mean is clean, structured, and efficient systems. Public companies have mandated ethical guardrails that very much encourage best practices; such guardrails are often missing at private enterprises.

The U.S. Public Company Advantage

U.S. public companies are, of course, subject to SEC reporting, record-keeping requirements, and the Sarbanes-Oxley (SOX) Act of 2002.

Such companies must carefully design, document, and implement comprehensive systems of internal control over financial reporting, often adopting the COSO Internal Control Integrated Framework of 2013. Then they must test to ensure their controls are operating as designed, address any material weaknesses, and issue annual reports accordingly. Public company CEOs and CFOs must certify the assessment of their internal controls and financial reporting, facing significant penalties and even criminal prosecution if they are not truthful. In addition, larger public companies must have external auditors evaluate and report on management’s internal control assessment in addition to performing financial statement audits.

Additional U.S. public company advantages include:

• Segregation of Duties – Having both the incentive and the resources to create strong controls, public companies tend to have clear segregation of duties.
• Transparency – Driven by required disclosures, quarterly reporting, and investor scrutiny, public companies are transparent by default.
• Board Independence – Both the New York Stock Exchange (NYSE) and Nasdaq require public company boards to be composed primarily of independent directors. NYSE and Nasdaq also require specific board committees (e.g., audit, compensation, and corporate governance committees) to be composed entirely of independent directors and to have formal written charters.
• External Validation – External auditors, analysts, and regulators all provide professional scrutiny over management’s assertions and reporting.

As a result, U.S. public companies have mandated guardrails that encourage ethical business practices and help identify “bad actors.”

The Private Company Challenge

When CFOs transition from a public company to a private one, they very well may find that many expected guardrails are missing. Whether due to a lack of a regulatory mandate, limited people and resources, or other perceived priorities, many smaller private companies have a rudimentary internal control environment, at best. In contrast to a public company:

• A private company’s ethical guardrails and controls are determined by leadership discretion, not regulatory requirement.
• The internal control system is often informal, relying upon trust, experience, and informal oversight, often resulting in inconsistency.
• Segregation of duties may be blurred or outright lacking.
• Management can control the narrative, choosing when, where, and to whom strategic plans, operational details, financial performance, and other company insights are shared.
• Private companies often have tightly controlled boards with fewer independent voices to challenge decisions, potentially creating blind spots.

As CFO, you may find yourself wearing many hats,¹ including SOX lead, auditor, and even the (missing) challenging voice of a board member. Because the rules are more ambiguous, private company CFOs may find it harder to adequately tackle ethical dilemmas.

Like their public company peers, successful CFOs at private companies tend to be strategic business partners with curiosity, strong technical and analytical skills, strategic agility, and leadership ability. They are also results-oriented and known for their integrity and trust. Even more so than their public company peers who benefit from ethical mandates, private company CFOs need strong communication, persuasion, and negotiation skills to move the ethics needle. They also need the confidence and courage to be the beacon of ethics within their organizations. They must shine the light on potential blind spots and speak up about the ethical lapses they see, promoting accountability throughout their organization – up to and including business partners, the CEO, and board members. As the finance chief, you are the arbiter of ethical business practices. 

Creating an Ethical Business Environment

As previously discussed, public companies have certain ethics mandates they must meet, but that doesn’t mean establishing guardrails at private companies isn’t mission critical. You – your company’s beacon of ethical behavior – must take the lead. Below are 12 ethical guardrails for your consideration.

Tone at the Top – Upon joining Campbell Soup, new employees were introduced to the company’s leadership model, which highlighted the company’s core values such as inspire trust, create direction, execute with excellence, and produce extraordinary results. The leadership model provided examples of the types of behaviors that would make a given core value a reality. For example, to inspire trust, you should earn respect, honor all people, celebrate diversity, meet your commitments, and take responsibility for your actions and their consequences. We were then held accountable to live these core values accordingly. Indeed, formal reviews addressed the “how” (the behaviors) of one’s performance as much as the “what” (the results delivered).

Clarify your organization’s core values, operating philosophy, and standards of conduct, then convey these expectations in value statements, ethical codes, company policies, and communications. You, your CEO, and other leaders within the organization must then “walk the walk,” ensuring your actions reflect the behaviors expected of the broader organization. In short, leadership behavior – or tone at the top – is paramount.

Business Code of Conduct – To significantly increase ethical awareness, formally document your expectations via a business code of conduct. Such codes typically address professional integrity, ethical business practices, desired workplace behavior and culture, legal obligations, the importance of protecting assets and information, corporate social responsibility, and other such topics. Your code should also clearly articulate the consequences of violations, up to and including termination.

After developing your company’s business code of conduct, you need to train your employees on how to apply it in real-life situations. It is vital that they acknowledge that they understand and follow it.

Campbell Soup’s comprehensive business code of conduct included a message from our CEO on its importance, a reminder of the core values reflected in our leadership model, and detailed expectations across multiple topics and situations. Each year, every employee participated in training that provided highlights of the overall business code of conduct as well as delving more deeply into specific topics (e.g., our policies around giving and receiving gifts). Finally, we formally certified that we understood what was expected of us and that we had not breached these expectations in any material way during the prior year.

Conflicts of Interest Policy – In conjunction with developing an overall business code of conduct, specifically clarify policies regarding conflicts of interest (i.e., a scenario where one’s professional responsibilities and personal interests may be in conflict). This policy should provide examples of potential conflicts (e.g., spouse works for a competitor), outline the steps to be taken if an actual or perceived conflict arises (e.g., discuss the potential conflict with your supervisor or human resources), and define the potential consequences of being out of compliance (up to and including termination).

Delegation of Authority – Many smaller private companies, based on my experience, can be quite loose in terms of delegation of authority, whether related to approving routine purchases, one-time expenditures, and/or large capital investments. A new CFO will know they are facing this messy situation if they ask the controller for a copy of the company’s delegation of authority policy and all they get is a blank stare. In a company where the owner approves every expenditure, regardless of its nature and/or materiality, you may be OK. Otherwise, by formalizing who has what authority, you can increase operational efficiency, reduce your personal workload, empower your team, build trust and personal accountability, and generally enhance controls.

Segregation of Duties – Ensuring effective segregation of duties in a smaller business can be challenging due to limited personnel. At the recycling company, for example, there was a corporate controller and two accounting associates. At our church, there is literally one financial specialist and only two paid office staff overall. To complete all tasks, there will invariably be overlap.

To help bring clarity, start by defining each person’s roles and responsibilities, then train them and hold them accountable. You may consider cross-training, such as selecting someone to back up the payroll associate and requiring them to run payroll at least once quarterly.

For example, as the CFO you may be performing work (e.g., bank reconciliations) that, in a larger organization, you would have assigned to a subordinate. In this scenario, consider having the CEO or a cross-functional partner perform the review. 

Complete and Timely Reporting – Does it really matter if we skip a few of the accruals this month? Does anyone really care if the monthly reports are not issued until Day 10, Day 25, or even Day 90? For the small-business CFO who is juggling multiple priorities with limited resources and lacking the incentive of external financial reporting requirements, the temptation to become lax is a legitimate concern. Doubly so if cross-functional partners are not pressing you for them. Remember, the leadership team’s ability to make quality decisions is impaired without complete, accurate, and timely reporting. To that end, present the results honestly and transparently, good news and bad.

Basic Controls – Soon after becoming CFO for the recycler, while reviewing the current month’s financial statements, I noted the month-to-date reporting for several prior months had changed. When asked, the controller said they had received vendor billings for activity earlier in the year, so they posted the expenses to those prior months. So, prior months were never fully “closed,” nor did they leverage a closing checklist to ensure all steps were followed and all accruals were made. Bank reconciliations were not prepared, let alone reconciliations of other accounts. No one reviewed the financials at a higher level for reasonability.

If you walk into a similar reality, quickly work with the team to implement basic controls and then ensure those controls are consistently followed.

Cross-Functional Accountability – In a small business, your cross-functional partners also juggle multiple priorities with limited resources. They may not consider the financial impact or ethical implications of their decisions as they go about their routines. To ensure cross-functional accountability and alignment on risk tolerance, provide analysis to support their key decisions, jointly develop budgets, and engage them in monthly business reviews.

Right Incentives – Employees will do what they are incentivized to do. At Campbell Soup, we were expected to produce extraordinary results, but we were also expected to do so while exhibiting the core values reflected in Campbell’s leadership model. If you exceeded your sales target or cost reduction goals, but were unable to inspire trust, drive organization alignment, and/or build organization vitality, your overall performance rating may well be “needs improvement.” Thus, it is important to establish the right incentives; ones that link ethics to performance and reinforce long-term value creation.

A Speak-Up Culture – The first time I engaged in union contract negotiations, I came back to the office and asked the payroll associate (our resident expert) for her opinion on a few issues. She looked at me with a blank stare, then said she had never been asked her opinion before. Ensure your employees feel safe to express their opinions and make sure they know you want to hear from them. Even consider establishing a confidential ethics (aka whistleblower) hotline. In short, create a speak-up culture.

Outside Perspective – When I joined a small business as its CFO, the CEO shared that my hire was his second significant change. His first was to remake the board of directors, adding several independent members, scheduling quarterly meetings with a clear agenda, and then inviting challenge and discussion. In addition to adding independent directors to a board, getting an outside perspective can also include leveraging your legal counsel, auditors, and other third-party advisers.

Personal Awareness and Support – It’s often said that professional ethics is in the CPA’s DNA. Private company CFOs will face unique ethical challenges and pressures. Ensure you and your team are making ethically sound decisions by participating in ongoing ethics training, creating a sounding board of CFO peers, and even reaching out to the confidential AICPA Ethics Hotline or Institute of Management Accountants (IMA) Ethics Helpline if needed.²

Final Word

In private companies, building and maintaining ethical guardrails must be intentional. You, as the CFO, must play a central role in this process. The 12 tips offered above are just a start: once established you must not relax. You need to remain vigilant and hands-on. 

¹ J. Stephen McNally, CPA, CMA, “The Many Hats of the Small-Business CFO,” Pennsylvania CPA Journal (fall 2022). 

² AICPA: ethics@aicpa.org or (888) 777-7077; IMA: (800) 245-1383.