Building a business case for security can often be a daunting task, presenting multiple challenges. Now there’s a solution, one that works and makes good business sense. It’s defining the real and measurable value your security business brings to any organization. We’ll discuss how to calculate the real value Corporate Security brings to an organization. It’s called Value Proposition, and it works.
The realization that the sum total of all our efforts was not producing the results we needed led us to look at applying proven business skills to Corporate Security. We asked ourselves about the basic business function of Security, that we couldn’t do today’s job with yesterday’s methods, and expect to be successful in the future.
We began to ask questions of ourselves – and not easy ones.
- In taking an honest look at our department, what did we see?
- What results were we actually producing?
- How did we get there?
- What did we need to do?
- We also asked of ourselves, if we keep doing what we’re doing right now, where will we be in 1 year, 2 years, and 3 years?
- Can we stop trying to explain the problems and start trying to solve them?
- We agreed that we needed to train our people to propose solutions rather than keep asking for them.
We also asked the question as to what we learn from tough economic times.
- Our answer was that when we are forced to face economic reality we need to do something different.
- We asked ourselves this question: At what point do we stop doing what we’re doing and tell ourselves we could do it better?
- If we don’t like what’s happening or what we’re getting, at what point do we change?
- Why aren’t we anticipating change and preempting problems?
Value proposition mathematically is simply benefits minus cost (VP = B – C). It is a security statement that speaks to how security services addresses and/or solves problems or improves the company’s position. It describes how Security brings specific and quantifiable benefits to the company and tells the company how their security differentiates from other security models. The Value Proposition of Security also describes how Security contributes to the company’s productivity and it’s bottom line. “What we are about is helping the company run its business in a risky world.”[1] The value of Security to the company is its ability to identify and manage risk.
Corporate Security’s Value Proposition may be the most essential part of developing and evangelizing its business case.
Building a business case for Corporate Security is often a daunting task. Challenges include:
- The company’s desire for profitability;
- Corporate Security does not generate revenue; it’s viewed as a cost center;
- The perception that Security adds to much too the business processes;
- Determining just how much security is needed and for what;
- Determining the level of risk to the organization, especially when there aren’t many incidents;
- Workplace violence potential;
- Employee conduct;
- Terrorism
- The budget for Corporate Security – is it ever enough? How do you maximize what you have and produce outcomes of value?
- Selecting the right people for Corporate Security;
- Providing the right training for security personnel;
- Ongoing threat assessments;
- Risk identification and mitigation;
- Reducing insurance costs for the organization;
- Executive protection, internally and externally;
- Protecting company information from hackers, viruses, and other concerns;
- Security reporting within Security and to the executives;
- Theft, loss, and other crimes – by personnel or external people. How does Security involve company employees in protecting themselves and company assets?
- Achieving the Corporate Security mission and goals – do security personnel even know what they are?
- Transforming a risk-averse, reactive security management model into a proactive, problem identification, results-based model;
- Reducing attrition of security personnel;
- Finally, optimizing security efficiency and effectiveness, and demonstrating articulable, measurable value to the company.
Given these issues, Corporate Security can address, mitigate, reduce, or even eliminate risk and loss, threats, and provide a workplace environment that enhances productivity and does contribute to the bottom line. There are three major elements that will drive Security’s value dramatically, allowing a quantifiable, measurable, and reportable value. These elements are derived from the Cooper Management Model, developed and implemented by Bill Cooper, Senior Security Manager and retired Chief of Police.
Part 1 – Lean Six Sigma’s Applicability to the Value of Security
By definition, Lean Six Sigma is a business philosophy centered on the relentless identification and elimination of waste, re-works, and redundancy from all processes so they flow at the rate of customer demand, at the same time improve the overall quality of the output. Lean Six Sigma is the optimization of value in all processes. Lean Six Sigma will provide exactly what is needed, when it’s needed, in the form it’s needed. In other words, business process simplification. Lean Six Sigma can be applied to anything. Lean Six Sigma is made up of principles, methods, and tools that are designed to improve the speed and efficiency of any process by targeting and removing unnecessary and wasteful steps or materials – Lean Six Sigma identifies bottlenecks found in processes and systems.
Lean Six Sigma provides a common foundation to support production of services (and goods) for our customers of value to the customer with a high degree of quality and minimal waste. The most significant benefit of Lean Six Sigma is the large-scale cost savings realized sooner rather than later due to streamlined processes. Lean Six Sigma’s goal is growth, not just cost-cutting, with emphasis on effectiveness, not just efficiency. Part of the overall strategy is to teach the organization not only how to improve, but how to innovate.
The need for more efficiency and effectiveness in virtually everything an organization does continues to grow and become more of a priority. Identifying and eliminating what doesn’t add value and reducing cost become more important every day.
Lean Six Sigma is continuous improvement, a process improvement methodology, a results-oriented, focused approach to quality. Lean Six Sigma minimizes mistakes and maximizes value and creates precision in the work. It measures and sets targets for reductions in problems and defects which translates into cost and time savings and dramatically reduces the chances of introducing errors in the future. Lean Six Sigma develops the practice of getting it right the first time.
Lean Six Sigma is the single most effective problem solving methodology for improving organizational performance. The evidence leads you to the real causes of problems, allowing easier solution generation. It improves the speed to completion – you don’t have to work harder or faster to produce more speed; this removes the barriers and obstacles, getting you from beginning to end faster.
Departments have inconsistency in their processes, systems, and services. Professional results demand consistency; inconsistency degrades good performance and inconsistency is all about waste, redundancy, and re-doing work that has already been done.
Any task that can be performed more efficiently and isn’t is an example of poor quality and increased cost – waste.
Benefits of Lean Six Sigma
- Faster service
- Higher quality
- Lower cost
- Increased performance
- Increased credibility
- Increased morale
- Predictability
Part 2 – The Value of Business Intelligence to Decision Making
Security organizations collect large amounts of information and data as a result of their daily operations. Using that data to create usable information and actionable intelligence is a key element of good security management. Organizing the information in as near real time as possible and displaying it in a useful manner is critical to allowing proper decisions regarding deployment and actions required to provide the organization with measurable, articulable results. The purpose of a good business intelligence system is to improve the availability and quality of information useful for making more informed management decisions – based on facts.
Establishing a business intelligence architecture in your security organization can transform this raw data into meaningful and useful information. Business intelligence provides historic, current, and predictive views of your operations. If you were asked by superiors to provide essential information – facts – about the real results Security is providing, could you do it? Do you have quantifiable security performance metrics that show an improved state of security and safety in the organization? Do you have – and use – metrics that consistently and intelligently assess outputs and results?
Business Intelligence also provides Security with two further opportunities:
- Good systems can help fix problems in the shortest time possible.
- Better align strategy and execution; better deployment of staff and resources; better overall decision making that gets Security to achieving its goals.
Intelligence is crucial to managing security. When developing and deploying business intelligence, the broader the distribution the higher the return. The more real-time the intelligence distribution the more agility Security has in addressing security and safety issues and concerns.
This data-based analysis improves the quality of decision making throughout the organization by replacing hunches and guesses with data-based analysis. The ability to identify real causes allows Security to design and deploy solutions that produce results that are unmatched.
Producing business intelligence in a graphics-rich format allows faster, far more accurate deployment of staff and resources to real problems, producing real outcomes. This system additionally measures performance and accountability.
Based on the original NYPD CompStat program, this business intelligence system asks four questions, each requiring answers:
- What’s working….why?
- What’s not working…why not?
- If it isn’t working what could we or should we do about it?
- What new strategies need to be put in place?
The benefits of a good, robust business intelligence system include:
- Delivers consistent information
- Drives innovative problem solving
- Gives a better view of reality and drives better decisions based on that reality
- Improves communication – no spin
- Saves time and cost
- Enables fact-based decision making
- Provides actionable intelligence
- Drives an effective overall Security strategy
- Enhances the ability to make superior decisions
- Improves the ability to create effective plans
- Optimizes performance of Security
Part 3 – Employee Involvement in Organizational Security
Organizations speak frequently about employees being involved in working with their communities to enhance their quality of life. These organizations seek to hire and retain good employees and Security is no different. The purpose here is for Security to partner with the organization’s staff and employees as a force multiplier in keeping the company safe and secure. By successfully doing this the company can reduce its costs, time to complete work, and improve its profit margin.
Employees, typically new to an organization, are provided with orientation that may include direction on how to keep themselves and corporate assets secure – most of this orientation is inadequate. If assets are lost or stolen, the cost to the organization may become very large. Risk of loss and vulnerability to loss increase proportional to lax behavior on the part of employees.
It is Security’s responsibility to assure assets and people are protected. In reality, Security traditionally follows a reactive management model, reporting loss or other issues after the fact. The value of Security increases exponentially as it transforms into a proactive, results-based model. By a proactive approach, security officers look for and identify security and safety issues, escalate them to the appropriate people, and follow up to assure they have been addressed.
Examples of real cases include the following:
Asset protection – proactively patrolling the company’s buildings security officers observed unsecured laptop computers by the hundreds after hours, even though employees had been given locking cables. Over 400 unsecured laptops were observed. Officers created a professional reminder card, reminding employees of the need to secure their assets. Officers signed, dated and placed the cards on the desks. In a 30-day period these unsecured laptops were reduced by 98% and kept there.
To calculate the value of this one security activity, assume 20 laptops per year were stolen. The value of the computer is about $1,500. The value of the intellectual property on the computer varies. Now, examine the time and loss associated with replacing the computer. Question 1 is how long the employee who lost the computer takes to get fully re-engaged. On average it is about 10 days – 2 weeks. Determine how many people are involved in reporting the loss, authorizing the replacement, ordering, preparing, shipping, and formatting the computer before it goes to the employee. On average the cost is between $10,000 and $20,000 per loss.
If 20 laptops are lost annually, the effective loss to the company is estimated to be about $200,000 – $400,000. As Security reduced that loss by 98%, Security saved the company some $196,000 – $392,000 in cost avoidance. By simply quietly and subtly engaging the employees in securing their own assets, Security saved a significant amount of money.
To further this example, Security conducted an assessment of access control on the campus. Each building required a card key to enter, but due to tailgating, employees letting people in, etc., Security determined 56% of the employees entering the executive building did not have or use an access card. With 17,000 visitors annually, Security and the company did not know who more than 9,000 of them were – a significant risk and vulnerability.
Security implemented random visits to visibly remind employees to use their cards and not allow tailgating, etc. In six months, a reduction of 90% was realized, resulting in 8,500 fewer people entering than previously. Security’s random reminders to employees had those employees reminding fellow employees, visitors, and others to use a card key to get in.
Look at the cause and effect relationship to establish real value of Security. The report to the C-Suite stated that people had less than a 10% probability of entering one of the buildings, and f they did get in, had less than a 2% probability of taking something of value.
Overheating IDF/MDF rooms – server farms – this company had 10 such rooms. If the rooms got to a certain temperature level, they overheated and shut down. It cost $100,000 to reboot them and get them in working order. The security officers proactively began to check each room on each shift. In a 1-year period, they found the rooms overheating 184 times. The officers acted on the spot and prevented the loss to the company.
By proactively patrolling, looking for problems, the officers saved the company more than $18,000,000 annualized.
We’ll next look at, define, and establish the value proposition of Security in any organizations.
Part 4 – The Value Proposition of Security
Value proposition is a clear, compelling, and credible statement of the experience the company will receive from Security. Value propositions work because they force Security to focus resources where they are needed; articulating this value increases the visibility and presence of Security in the organization. The presence of properly managed Security allows the organization and its employees to enhance productivity and optimize performance, decreases costs and issues and increase profit.
Security needs to ask and answer these questions to describe itself and begin to articulate its value:
- Where does Security excel?
- What does Security actually do that lowers costs in the organization and helps increase profit?
- What does Security do that helps the organization improve quality and eliminate problems, waste, redundancy, and non-value add elements?
- What are the core competencies of Security?
- What benefits does Security provide the organization to employees or systems that allows them to be better than they were?
Recall that Value Proposition is simply Benefits minus Costs (VP = B – C). To calculate value use that formula. Assume the cost element is the Security budget. Using the previous case study involving IDF/MDF rooms we determined that Security’s proactive patrol model resulted in more than $18,000,000 in cost avoidance. In this instance the Corporate Security budget was $9,000,000. The Value Proposition is benefits minus cost, or $18,000,000 – $9,000,000, or for every dollar spent on Security, Security returned two dollars. This is just one example; imagine doing this for each instance. In this case Security told the C-Suite that for every dollar invested in Security, Security was returning between $2 and $100 – quite a compelling ratio.
In the instance of unsecured laptop computers, the cost of the reminder cards was about $200. The cost avoidance at the lower end was $200,000, so in this case for every dollar invested in Security, Security returned $1,000. This is yet another compelling statement.
Tying the Parts Together
Any one element of these models works very well as a stand-alone system; each has been proven successful in its own right. The strength of each part is amplified when they are combined into a single management model.
- Employee Involvement reduces the burden on Security by acting as a force multiplier to Security, freeing time and cost.
- Lean Six Sigma eliminates suboptimal processes, further reducing time and cost and freeing security resources.
- The Business Intelligence Decision Support System laser focuses your security resources to where they’re needed, what they’re needed for, and how they’re needed. The randomness of patrols is refocused.
- Value Proposition demonstrates the true value of Security to the organization, clearly showing measurable, articulable results. These results are formatted graphically into the reports prepared for executives, each of which provides an enhancement to the organization’s financial and operational positions. The bottom line is dramatically improved.
Finally, “Do not lose sight of the fact that you are the core to your venture’s value proposition. What solution can you deliver uniquely well? What kind of disruptive business model can you bring? Be true to yourself as a thought leader and you will go far.
- Chief Security Officer Online, August 1, 2003. Security’s Value Proposition.
- The Cooper Management Model, copyright 2010, 2015. Bill Cooper.
- Leading Beyond Tradition: Exceeding Expectations in Any Economy, Cooper, William E., 2012
- Leading Beyond Tradition: Exceeding Expectations in Any Economy, Cooper, William E., 2015
- Steps to Building a Compelling Value Proposition, Skok, Michael, 2013. Forbes Magazine, https://www.forbes.com/sites/michaelskok/2013/06/14/4-steps-to-building-a-compelling-value-proposition/#1b8c59f94695
Co-Authored by Michael Delamere
Trusted Global Private Security Services
Serving US: Seattle, Bellevue, San Francisco, San Jose, Sunnyvale, Cupertino, Fremont, Milpitas, San Mateo, Palo Alto, Sacramento, Los Angeles, Orange County, San Diego, Las Vegas, Reno, Portland, Vancouver WA, Honolulu, Denver, Salt Lake City, Dallas, Houston, San Antonio, Austin, Chicago, Columbus, Atlanta, Tampa, Orlando, Miami, Charlotte, Washington DC, New York City, Boston
Serving International: Vancouver Canada, Mexico, Guatemala, Panama, Brazil, Argentina, Chile, Peru, Ireland, United Kingdom, France, Spain, Italy, Switzerland, Germany, Czech Republic, Netherlands, Poland, Hungary, Turkey, Ukraine, Russia, Saudi Arabia, United Arab Emirates, South Africa, Kenya, Nigeria, Algeria, Egypt, India, Bangladesh, China, Thailand, Cambodia, Vietnam, Philippines, Indonesia, Japan, South Korea
