Two Lessons from Facebook's Leadership Crisis
Mark Zuckerberg's call with journalists yesterday went sideways. Zuckerberg intended to talk about Facebook's community standards, but instead found himself fielding questions about his and Sheryl Sandberg's leadership. (If you aren't up-to-date on the topic, start here.)
Zuckerberg largely went on the defensive, saying, "The reality of running a company of more than 10,000 people is that you’re not going to know everything that’s going on."
His statement was accurate, but couldn't be more wrong.
Of course a CEO or COO cannot be apprised of every decision made at their company, but it's up to them to set the tone for how everyone else makes decisions. Two drivers of Facebook's crises are how the company manages culture and risk.
1. Why culture matters more than ever:
Everything a CEO says and does matters. A lot. The ever quickening pace of buisness and communication brings more chances for opportunities or mistakes. When you read Zuckerberg's statement from yesterday, do you think he genuinely expects us to believe that neither he nor Sandberg knew about the decision to hire a PR firm to manage the company's most valued asset – it's reputation?
Let's suppose Zuckerberg and Sandberg truly didn't know about this brand-protecting decision. This lack of knowledge speaks volumes about their leadership and Facebook's company culture. It suggests a culture that allows and supports decisions like hiring Definers Public Affairs to help Facebook "delay, deny and deflect" as the NY Times described in their investigation earlier this week. Evidence of further deflection or dysfunction is that no one at Facebook seems to know who hired Definers PR.
Either scenario – of Zuckerberg and Sandberg lying about their knowledge or of establishing a culture that enabled such a decision – is a failure of leadership on multiple levels. Executive words and actions, more than internal branding, guide individual employees how to act. Facebook has core values to guide employee behavior. Did Zuckerberg violate any of Facebook's 5 core values?
Based on name alone, I assumed he violated values #4 Be Open and #5 Build Social Value. After reading their brief descriptions, the company's values are so vague I can't say whether he violated them. The inability of an outsider to determine if a CEO violated his or her company's own values is an enormous problem. How can Facebook employees make values-based decisions if its unclear how to interpret those values?
2. How short-termism can blind leaders:
Too few companies take a comprehensive view of risk management. Those that do often have to because of the nature of their business, supply chain, regulation requirements, or imminent threats. Industries like insurance, finance, and healthcare come to mind.
Even companies that historically faced fewer and less serious risks have enterprise risk management programs and business continuity plans. Depending on company culture – from established businesses that may be slower to change, to new companies trying to move as fast as possible – leadership may not be taking a wide angle view of risk. No one can predict the future, but we can run scenarios, war games, or stress tests to assess threats. How thoroughly are companies looking at potential disruptions from climate change, dematerialization, digitization, cyber security, or the litany of other risks out there?
In hindsight, it's easy to see Facebook didn't perceive risks surrounding cyber security and fraud broadly enough leading up to the 2016 U.S. elections. The company is still playing catch-up to fix the original problems and that threat is constantly evolving. Unpacking the entire story of how and why is more suitable for a book than a blog.
We can look back to Facebook's 5 core values to see how value #3, Move Fast, could compete with risk management. Silicon Valley perpetuates a mentality of growth as fast as possible at almost all costs. That growth expectation is short-term, and can be even shorter after an I.P.O. The faster a company moves, the harder it is to keep up with increased risk velocity. The shorter the focus for goals, the more likely a company is to develop blind spots at all levels of the organization.
Lessons to take away:
Things are so bad for Facebook even its customers are blasting it for having no morals. While it doesn't look like any advertisers are leaving the platform, one ad industry professional suggested Facebook create an oversight role to assess and, "...report its risk to society versus just financial risks to the business."
Managing your company's reputation is a never-ending task. And rebuilding a damaged reputation requires a monumental effort not just of PR, but of investments, change management, and rebuilding key relationships with promises, action, and proof. Culture and risk management are not set-it-and-forget-it endeavors – they require regular attention to stay on track. Here are questions and actions to help actively manage these two critical elements of success:
- Examine your culture. QUESTIONS: Are company values crystal-clear or ambiguous? Are values perceived as gospel or guidance? Does your employee appraisal process evaluate how values are embodied? How do the actions and statements of senior leaders align with company mission and values? ACTIONS: 1. Get an independent perspective. 2. Develop a monitoring system with update frequency matching the extent of the company's public persona.
- Take a wide angle view of risk. QUESTIONS: How does the company manage internal risks across functions? How often does the company evaluate external risks? How often does it assess plans for managing known risks? How does the company perceive risk velocity? What is the process for assessing the threat level posed by mega trends? What is the company doing to create long-term stakeholder value? ACTIONS: 1. Schedule regular, independent assessments. 2. Rotate consultants to maintain a wide angle view. 3. Re-evaluate the company's long-term plan in relation to known & emerging risks.
Perhaps the most important lesson we can learn from Facebook is to avoid causing a self-inflicted wound. Facebook's is the worst kind – a deep breach of trust and unwillingness to fess up, accept full responsibility, and authentically start to win back trust.