January 31, 2011

Duke Energy Scandal: Lessons from Enron—Monitor Email to Manage and Prevent Crises

By announcing its intent to acquire and merge with Progress Energy, Duke Energy has set the stage to become the nation’s largest utility. The only thing standing between Duke and its preeminence on the American market is regulatory approval. With its expanding regulatory scandal that has cost the COO, and a division President, along with a corporate attorney their jobs. Duke executives have shot themselves in the foot at the worst possible time, and the Board of Directors should take notice. Not only has cozy regulatory relationship been blamed on failures at companies like Enron, and BP, now the Duke Energy Board may endure a much more trying time to convince remaining regulators and assuring the public that its merger is not tainted. What could the Duke Board of Directors done differently and how can they ensure that this does not happen again?

Let’s take a look at the publicly available information. Within the past two months, Duke has been battling very damaging publicity that regards corruption and conflict of interest of its key executives. To date the hatchet has fallen on Jim Turner (COO) for inappropriately communicating (via email) with Indiana state regulators—it was a soft hatchet with a $3.8 million severance so that Jim would not “disparage” Duke and enjoy a couple years of not working within the industry. The President of Duke Energy Indiana, Mike Reed, was fired. The Duke Energy regulatory affairs attorney, Scott Storms, was fired also.

What really happened? At issue was the recruiting and immediate hiring of Scott Storms to work as regulatory attorney for Duke while he was still an employee and lead attorney representing the State of Indiana in regulatory matters that concerned Duke. This hiring went expressly against Duke policies and the policies of the State of Indiana. For this offense, Scotts’ former boss, the Indiana Utility Regulator Commission chairman, David Hardy, was fired by the Indiana Governor, Mitch Daniels. This touched off a firestorm, that continues to consume Duke executives. As of this writing, Duke CEO, James Rogers has become embroiled in explaining how his second in command and President level executives could override corporate policies to prevent fraud and corruption.

Duke had a process on the books that prevented such hiring. Duke CEO went on the record to say that this should have never happened. Yet, it did happen and not by an untrained novice, but a 15-year veteran executive, the second in command, which casts a long shadow on the CEO and the Board. The process was intentionally circumvented by Duke Indiana President, Michael Reed, with at least partial knowledge of the COO. Duke executives and attorneys understood this behavior was unethical and potentially illegal that is why they instilled policies against it. Still, executives as high as the COO and the division president could override policies without any supervision, the only thing that eventually stopped them was that they left footprints in email evidence that was leaked to the Indianapolis Star.

Could Duke have prevented this issue? There are many ways to look at a solution, but since it is is difficult to shred email, and since a regulated company has a stringent requirement to archive email communication, there is another assurance option. Whether or not Duke’s goal was to gain competitive advantage by manipulating a regulatory body, any Duke shareholder should seek to minimize such crises to protect shareholder value, and this is where the Duke Board may be failing. The best strategy for preventing such issues is building the right company culture. Culture is set from the top down and Duke executives will need to answer for this to their Board of Directors. It is difficult to completely control culture, because of individual human motives. Even if we assume that no other executives except for the COO, a division president and a senior attorney were involved, Duke executives and Board Directors should implement the means to monitor, measure and manage such issues in the future. This is not an issue of simple data loss prevention, of preventing whistleblower leaks to the public—we advocate prevention through next generation business intelligence communication monitoring, which we believe should be in the arsenal of the Audit Committee of any statutory board. “Trust and verify” as the old adage goes has a new medium.

Pragmatic Recommendations for any Audit Committee of a Statutory Board:

1. Identify areas where fraud, illegal collusion or regulatory relationship violations are most likely to occur. The top executives and the procurement departments are the most frequently cited.

2. Implement email archiving solution, all regulated industries already have such solutions in place with a focus on legal hold, ensuring that evidence is not lost, but virtually no analysis performed.

3. Implement a data warehouse for unstructured (free) text information that organizes information within three dimensions, entities, time, and topics so that it can be analyzed for potential risks and liabilities.

4. Report on a periodic (daily, weekly, monthly, quarterly) basis the risky activity communicated within the enterprise, and explore items that appear to violate policies.

The technology solutions available today from companies such as Mindent Solutions, SAS, or RSA can ensure that any employee, even top executives abide by the rules. Any employer who wants to trust employees, should implement a method that verifies that trust—this is not spying; it is a simple way to protect the 99% of the workforce who do not have a criminal backgrounds, and to practice fiduciary responsibility on behalf of the shareholders to prevent catastrophic losses due to employee misbehavior. Instead of waiting for the news media to pick up stories of misbehavior the Board should provide real oversight of the activities of the executive team, and proactive deal with issues before they hit the national spotlight and diminish shareholder value.

To learn more about how to extract valuable information from company emails and instant messages, find out more Mindent Solutions business intelligence for communication risk management. Please contact us at info@mindent.com, or at www.mindent.com.