Cost vs. Revenue. It’s really that simple. Security departments, like any other department, must consistently demonstrate value to the bottom line to thrive. Innovative CSOs adapt and evolve. They invest in cutting-edge technology and training. They continuously look to improve departmental best practices. To maintain this level of innovation, security leaders may seek funding in excess of last year’s annual spend. This can be particularly challenging during a down cycle when corporations look at every division for cost-cutting opportunities, better efficiencies or staff reductions. However, there are some fundamental tools and strategies security leaders can incorporate to improve their security posture while fostering innovation.
Put Your Case Databases to Work
The most important tool in demonstrating your department’s value is a simple case database. With today’s technology, case databases can evolve beyond a glorified Excel spreadsheet into a robust security management system. You can quantify the number of closed cases, losses, cash recovered, losses prevented, terminations and prosecutions for each year. Coupling this with enterprise data warehouse technology and fraud analytics, a security management system can be customized to manage in real-time case management, cold cases, compliance monitoring, intelligence, regulatory compliance and automated reporting. With a mouse click, security leaders can pull pre-defined, customized reports, intel and critical statistics. Identifying a few high-profile cases will immediately demonstrate the department’s value. Imagine a security department that closes $50 million a year in case work, recovering millions of dollars in cash and mitigating millions of dollars in fines. This goes a long way with the bean counters when it comes to asking for more funding. However, sometimes even that’s not enough.
Use Analytics to Recognize and Identify Threats to the Bottom Line
The most important strategy in your funding quest begins with turning your cost center into a profit center. If your business has high-volume transactions, sells a product or service, offers discounts or has a loyalty program, you should have a fraud analytics strategy in place. Fraud analytics will identify millions of dollars in previously undetectable fraud. In addition to answering the who, what, where, when, why and how questions, security departments can leverage analytics to quantify fraud exposures on a global scale, historically, in real time and in some cases, predictive. Moreover, this approach, uncovers often more costly, unproductive business transactions. Although fraud analytics is only one piece of a modern security program, it certainly can be the most lucrative and efficient in demonstrating your department’s value to the bottom line.
Partner With Other Departments
Security departments should create solutions, not problems. Innovative security programs, particularly those with a fraud analytics strategy, identify unproductive business activity that sometimes requires only a quick policy or technology fix to close the hole. However, these issues are often complex and require significant thought to identify solutions that minimize operational, customer and employee impact. Your department should partner with the Sales, Marketing, Customer Management or Technology departments to create a viable solution. This approach helps your department gain a reputation for seeing the big picture and adding value beyond the security disciplines. These working relationships prove invaluable when trying to justify new security expenditures.
As security professionals it’s our responsibility to plan for the unexpected. Certainly, having a relationship with key players in advance helps. That same logic holds true when it comes to funding. Your department’s $50 million saved and recovered is less significant if no one knows about it. Share your news. Communication is critical when it comes to building departmental credibility and when asking for additional monies. Your CEO and other executive leaders – particularly your controller – should be very familiar with your department’s work and value to the company. Share with them the intimate details of a few high-level cases. Of course, the executive group should already be in the know of your team’s stellar handling of day-to-day threat and incident management work. These key players should also be updated regularly on your department’s case work, compliance successes, project updates and future proposals.
Business Security is Multi-Faceted
Don’t be one-dimensional when asking for funding. Business-minded security leaders are recognized for not just protecting assets, but protecting the brand and corporate culture as well. This is where leveraging your internal partnerships comes into play. When security risk alone is not enough to justify a future expense, examine other benefits such as improving safety, customer experience or employee efficiency. Cameras, for example, can be an excellent theft deterrent when placed in certain areas; however, a high theft rate or high-profile theft may not be enough to justify the expense. The support of your safety partners providing data that identifies the area as a location with a high occupational accident or asset damage rate – which costs significantly more than theft – might aid in justifying costs. Partnering with real estate might offer opportunities to improve security video saturation, enhance access control and customer/employee flow.
Finally, follow up, follow up, follow up! After your company does open the vault and you obtain funding for a project or a new covert security gadget, make sure the executive group and your controller are well aware of your successes. This adds to your credibility for future requests. You don’t want to be the leader who needs to be hunted down to find out whatever happed with that project or if the new covert security gadget is working.
Like all business leaders, CSOs have budgets and have to justify their department’s existence. Executives change and each has his or her own perception of security. Your team can be perceived as a traditional, reactionary, bad news bearing security force (a necessary evil as perceived by some) or as an innovative business and security organization that continuously adds value to the bottom line. Which do you think will better equip you to obtain funding?
About the Author:
Shawn C. Clark is president of Clark Consulting Group. He has served as Director of Asset Protection and Global Security Operations at Continental and United Airlines.