Mark Rigotti on What It Takes to Be a Successful Leader

The former lawyer and new head of the Australian Institute of Company Directors says boards need to look into the future... right now.

Current role: Managing director and CEO, Australian Institute of Company Directors (AICD)
Tenure: One year
Age: 58
Previous roles: Partner and senior adviser; global chief executive officer; and managing partner, clients and industries, at Herbert Smith Freehills

How do you define good leadership?

It has a couple of elements. One is to be able to operate at two speeds – what I call “‘in the today” and “‘in the tomorrow”. It’s being able to lead your organisation to be effective today but thinking about what’s coming around the corner. What does tomorrow look like? Good leaders can also zoom in on the detail with their people – without micromanaging – and then zoom out to see what’s strategically important and what stuff you can leave behind.

That’s quite a skill, isn’t it?

Zoom out too far and you’re not on top of things. Zoom in too much and you’re not visionary enough. It’s quite a balance.

You talk a lot about the importance of foresight. Is that really something people can master?

Well, you can probably improve on it but I don’t know if you ever master it. But it’s something that boards are starting to think about more and more. It used to be insights – show me the data and what does the past tell us about what we should be doing today? – but increasingly boards are being tasked to think about what’s coming. What foresight can they bring from the wealth of their experience? Instead of asking for a new report all the time and looking back, it’s learning to look forward.

You’ve joined the AICD at such a challenging time. Boards are grappling with enormous issues of cybersecurity, AI and climate change. How many directors are up to the task?

Quite a lot, I think. Our director community is pretty strong. When I went to law school many years ago there were all these cases of corporate train wrecks. You don’t hear as many terrible circumstances now so directors do a good but not perfect job – no-one is perfect. The increasing challenge is the tsunami of regulation that keeps accumulating. That can be quite crushing for directors and boards. They should be dealing with all that complexity you mentioned but instead they’re trying to work out the latest change. The regulation may be well-intentioned but it doesn’t have regard for the cumulative effect of all the changes that keep coming, one on top of another.

What do you think a best-practice board looks like?

I’m sure you’ll find a management consultant who’ll tell you the ideal size of a board is seven because of the human dynamics. You need more than five to get enough diversity and you want less than 10, otherwise it ends up being too big for the chair to manage the interpersonal dynamics. Scale does matter but boards have to be inclusive in terms of being chaired well and allowing different views to come through. You can put 10 people with a variety of experiences and diversity of thought in but unless there’s an environment that allows that to come forward, people aren’t going to speak up and say what they really think.

Even at that level?

Sometimes, yes, on hard issues, social issues or very difficult corporate issues. So you need to create an environment where people with different thoughts, perspectives and experiences can put them into the mix. And a good board gets behind decisions once they’re made, even if they aren’t the exact decision I wanted or you wanted. A good board can rally around the decision and not lick their wounds and think, “Oh, I didn’t get that one.”

Similarly, you have to be able to correct the course when you know you’ve made the wrong decision.

Absolutely. Nothing is forever. At the AICD we call it being adaptive. The world is full of six-month chunks. The days of the five-year plan are gone.

You mentioned diversity. How reflective of our society are boards?

If you run the numbers, they’re not. Gender-wise they’re not far off but culturally or racially they’re not, I would suggest. I heard of “postcode diversity” the other day. Look at the listed companies and look at the postcodes of where their directors live. There aren’t many from regional areas; there’s probably not many from certain demographics within each city. So there is some way to go. But having said that, it’s not about getting a perfect paint chart, if you like, of diversity. It’s about doing the right thing for the stakeholders, which will depend on the company and what it’s trying to achieve, as well as on the skills matrix that you have. You can have the perfect diverse board and it still might not be right for the company at that point in time with its particular set of stakeholders.

Given that there’s so much pressure on directors these days, what’s your pitch when someone says they’re on the fence about pursuing it as a career?

If you can, talk to someone you admire who does it well. It’s not going to be plain sailing. It’s a profession, not a semiretirement job. Not every day is going to be perfect but there are plenty of positives, impacts and contributions that you can make.

There is a little bit more fear these days.

Yes, there are liability issues. Some of the stuff we try and teach is how you can get in front of that – check the insurance, do your due diligence before you go on a board, all of those things. But you’ve also got to examine why you want to be a director. If it’s just a vanity project, maybe it’s not for you.

You speak with chairs of ASX200 companies all the time. What’s the one issue they’re really worrying about right now?

Cyber is right up there because it’s so quick-moving and it probably doesn’t matter what you do, you never solve it. Longer term, climate. You’re trying to make decisions that are going to have 10-, 20-, 30 year implications and that’s big.

When it comes to cyber, how do you think boards can best build cyber resilience?

Build internal capacity but also have some third-party help. There are experts who live in that world every day. Unless you’re a huge bank or corporation, you’re probably not going to be able to build sufficient internal capacity so don’t do it alone. And constantly try to keep abreast of trends and ask your management intelligent, challenging but supportive questions. In AICD’s Essential Director Update last year, David Thodey [chair of Xero and Tyro Payments] said there are three questions you should ask your management: What data do we have that cybercriminals might want? Why do we have it? And if we don’t need it then get rid of it. Third, is it coded, encrypted?

What’s your view on boards paying ransoms?

Our view is that it shouldn’t be outlawed. There should be some level of flexibility, depending on the circumstances. There are some rules and guidelines that can be given to help companies and governments navigate their way through this and probably some level of what I would call “safe reporting”. If people can report when they’ve received a ransomware request, the government can say, “Well, actually, we’ve had seven of those in the past month and we suggest you don’t pay it because that particular threat actor has a history of not returning your data.”

And what are your thoughts on penalties for directors of organisations that have suffered data theft?

If the directors haven’t protected the company properly and the board signed off on something that’s substandard, there probably should be some sort of consideration. But I don’t think there should be a specific liability just because their walls have been breached. That feels pretty heavy-handed and it may not promote sharing of information. If Bank A has a major breach, you want it to share it so that Banks B, C and D don’t suffer the same breach.

SEE ALSO: How to Make EDMs Work Harder for Your Small Business