You’re a security professional. Do you think Return on Investment, or are you really a cost of doing business? A drain on the bottom line, perhaps? Where do you sit on the value question, too?
I entered the world of security management 22 years ago when the industry was populated almost exclusively by retired senior policemen – possibly masons – who shrouded what they did in mystery and secrecy. Quite often, the security manager’s key daily mission at the time was to find someone to buy him lunch.
Yes, I did say ‘him’, because the industry was also almost exclusively populated by men. I used to report to a head of security who would come to work at about 10 o’clock in the morning and usually disappear by around one that afternoon, his parting salvo being something along the lines of: “If anybody wants me, I’m at the Yard.”
Nobody had ever heard of Service Level Agreements or Key Performance Indicators. Even now as you read this, some of you will likely be scratching your collective heads.
I regularly went through an appraisal process. The appraisal itself was laughable. One section on the form was concerned with ‘managing police relations’. “What does that mean?” I asked. “Exactly,” replied my boss.
When I first came into the industry I could not understand how little people did, or how little senior security people were challenged. I started in the world of hotel security and, having quickly achieved the heady status of chief security officer, came to what I thought was the natural conclusion. That I should, as part of the senior management team of a large hotel, become an involved part of the management of the business.
As a result, I began to take on management responsibilities, such as covering the duty manager role. This was not met with universal delight by the ranks of retired policemen whose culture of fine dining and limited delivery was being threatened. “Management? Nothing to do with me!” was the war cry.
Cost versus revenue
It would be nice to say that those days are behind us. In some ways they are, but there’s still a proliferation of managers in our industry who are happy to be viewed as a cost centre rather than a revenue stream. Managers who are not IT literate and still shroud their activity in secrecy and mystery. There are so many heads of security “at the Yard” of an afternoon it’s a wonder the Boys in Blue can fit them all in!
There are still security managers who don’t understand what Return on Investment means. Meeting with a potential supplier means a nice lunch. ‘Supplier-client relationship’ means a free Christmas hamper, or some such.
To address this area fully, one can almost say that business in general is as guilty as our own industry. Senior managers don’t challenge security functions enough. It’s the ‘tick box’ mentality that’s the problem: “I need a security something. Don’t want to pay too much, and I certainly don’t know what it does, but I’d better have one.” Thus the status quo is perpetuated – managers on one side deliver poor or minimal services, while their directors fail to set stringent enough targets or challenges. We don’t see operations directors or other senior functions being managed in such a lackadaisical manner.
The position is acute in many loss prevention functions, where often the key word – ‘prevention’ – is misinterpreted. Sadly, we are again in the domain of retired police personnel or those who have perhaps been over-exposed to 1970s TV offerings. The idea of ‘prevention’ is pure anathema to them. They are members of the Loss Reaction Department, and their reporting is along the lines of: “Another two nicked this month, Guv’nor.”
Where is the value of the function? To arrest or dismiss means you are missing the point. Prevention means managing value in a targeted fashion on many levels. Put simply, if the cost of the solution is more than the problem, you shouldn’t be there.
Welcome to now
Business awareness and IT knowledge are still key areas of ignorance. Such weaknesses are perpetuated in this industry by lazy, ill-informed managers. In my present role as a consultant, my target audience is not the head of security, nor the head of loss prevention, but rather the CFO or the finance director.
Having spent time with the ‘industry professionals’ it’s not uncommon to find that they either don’t understand what you are trying to say, or feel threatened because they are underperforming. To this day, I still encounter senior managers who aren’t comfortable with e-mail or indeed any kind of technology. One client of mine looks at his e-mail once a week at best.
Counting down the days
If you cannot – or will not – understand basic business principles, if acronyms like ROI, SLA, or KPI are double Dutch to you and if you have to ask your children to answer e-mails on your behalf, then surely your days should be numbered in this (or indeed any other) industry? Alas, this is seemingly not the case.
There is now a distinct need to engage with industry leaders and senior security, risk and loss prevention professionals to educate on the value message and the key deliverables of a well-run function, while driving out the complacency and poor performance of the mainstream of this industry.