Within in the modern business world security management has taken on a wider role than just the idea of a sole night watchman. Today’s security manager needs to have a much broader understanding of their role with in the structure of the corporate world. The idea of the security department of any organisation being in the business of telling people what they cannot do is counter productive. A security manager now needs to ensure they are completely in tune with the strategic goals of their company and be able to facilitate the reduction of loss and risks. We will now take a closer look at what the area of security management entails.
Security management is the process of protecting a company or organisations assets, whether physical or intellectual, whilst supporting the strategic goals. Along side the protection of the physical and intellectual property is also important for the security manager to consider the reputation and image of the company when designing any policies to be implemented. To much security can be a detrimental to the company in terms of cost and image, whereas a lack of security leaves vulnerabilities unchecked. The adage “security measures must be commensurate to the threat” leaves the security manager trying to find the balance between an overbearing and restrictive security regime and leaving a company open to threats by having to little security, as well as working with in a defined budget. Any security measures put in place to mitigate or prevent a specific threat should not exceed the cost of the potential breach of security, as security departments are often seen as cost centres as opposed to profit centres. It is prudent to ensure everyone within the company is fully engaged with the security policies and procedures, from the top level management to the shop floor workers. The need to understand everybody is responsible for security, from a clean desk policy of top management down to preventing and reporting of tailgating through security barriers, from the reporting of petty pilfering of company stationary to the careless discussion of sensitive business outside of the work place. All of these things and more can lead to losses, which the board will feel in the profit margins and worker’s can ultimately feel in their pay packets or job security.
As this is being written I find myself in a situation where a lot of the pertinent principles of security are being tested. Currently there is large scale civil unrest in the province, mass protests against the work and living conditions of the population, a lack of electricity, civil services and work. These have led to large protests restricting the freedom movement of all foreign oil companies. It has shown a large disparity in the crisis management and contingency planning across a wide variety of international companies.
What started as peaceful but vocal demonstrations, by the local population calling for more locals and less expat’s to be given work, became increased in size and violent after government “controlled” security forces over reacted and shot and killed a two of the demonstrators. This has caused a what was a small scale and locally contained demonstration to gain wider support base and mobilisation of the wider population. The incident has shown how security measures should be commensurate to the risk in great detail. The deployment of security forces by the regional government and their over reaction to the protest, resulting in the death of protesters has only exasperated the situation. While the use of government sanctioned security forces to control the outer perimeter of the oilfields shows the “defence in depth” principle and gives early warning of threats to the business’s, it all so demonstrates that the quality of security is a difficulty that must be overcome.
“Ideally, public law enforcement and private security agencies should work closely together, because their respective roles are complementary in the effort to control crime.”
1Private Security: Report of the Task Force on Private Security (Cincinnati, OH: Anderson), p. 19.
Even with close integration between the companies and the security forces, providing training and mentoring, the auditing of policies and procedures ,the provision of security equipment such as x-ray scanners and search dogs, the quality of the security provided has to be a closely monitored activity. The investment of time and resources can lead to a false sense of security that becomes very apparent when challenging situations arise.
At the first sign’s of civil unrest some companies carried out their prearranged evacuation plans. This show’s the way some corporations value the safety of their staff and employees over the profit margins. Obviously this can be double edged, were as the evacuation of expatriate staff can be seen favourably as safety and security over profit margins, but it can also be interpreted by the host nation workers and staff as abandonment and a lack of investment in their safety and well being. This illustrates the fine balance security managers must strike when carrying out risk analysis between providing a secure working environment and protecting against losses, both material, financial and against reputation. This also demonstrates the requirement of the modern security practitioner to have both the skills of a security professional but also to have sound understanding of business management. To be able to weigh the potential financial loss’s incurred by evacuating staff and running production remotely or by proxy, coupled with any perceived damage against the corporate brand versus remaining in a deteriorating security situation but ensuring the production process remains running, whist carrying out dynamic threat assessments to deal with a developing threat to the supply chain, both the life support and to business needs.
The majority of security management deals with the low scale security problems, we find a large proportion of security managers take on a reactive approach to security threats, reacting to the day to day activities of employees and sub contractors, rather than using an analytical approach to risk assessment. Traditionally while using risk assessment tools to create risk management objectives, were threat impacts are rated from negligible to critical and the likely hood of the threat arising is rated from unlikely to certain/imminent, then the large scale employee theft and violence issues would rank much higher on the likelihood of occurring than the probability of large scale civil unrest and the implementation of martial law. Were as the later would be seen to have a much higher chance of effecting the business at a critical level. These assessments need to be taken in all context to the surrounding political and economic climate of the country in which the operations occur. The impact of both of these types of threat would most likely be the same in many risk assessments, but the assessment of the likely hood of the two different threats would differ widely depending on the environment in which the business operates, taking in to context the social and political structure of either area of operations.
According to Pettinger (See Bibliography for details) it is increasingly usual to separate out the discipline of risk management into strategic and operational issues. Strategic risk management is the process of long range planning, identifying those risks that may or may not be faced by the company. Operational risk management is defined as the identifying and assessing the risks faced in everyday operations, and applying avoidance or mitigation measures to manage these risks. Pettinger states (see Bibliography for details) three areas for attention are patterns of behaviour, accidents and single events and errors. The effects of inter office rivalries, bullying and work place violence all have direct effects on work place morale and productivity, it is essential to have policies and procedures in place to deal with such behaviour.
Accidents occur in all areas, but having the ability to manage and mitigate the chance of accidents due to poor health and safety practices can reduce the chances of loss’s to be incurred by any company, today you find most security management positions ask for some form of health and safety qualification and understanding, whether that be an IOSH or NEBOSH, is usually dependent on the size and scale of the operations to be overseen by the security manager. Single events and error’s can never be completely eliminated, but can be mitigated by encouraging a safety and security culture, by ensuring good work place ethics and a healthy work environment can all lower the risk of these events.