Corporate Security: Efficiency vs. Effectiveness
 
                                                                         By Brian Buggé, M.A., CPP, CHPA, CPOI
                                                                                                              www.brianbugge.com
 
 
This article will focus on innovative solutions that can help strengthen the security posture of your organization in a cost effective manner, whether you work in a corporate environment, a healthcare setting, a school or retail, etc. The answer is through proper utilization of robust process improvement efforts focused on performance management and innovation.
 
Over the years I have been exposed to hundreds of approaches to managing security, safety and emergency management operations. Needless to say, I have learned a lot from that experience. Some lessons learned were gleaned while dealing with large scale catastrophes involving manmade and/or natural disasters, at home or abroad. Some lessons were learned while overseeing more mundane everyday practices within corporations, stores, hospitals, schools, government agencies, non-profits, law enforcement, etc., but one thing always stood out: the failure to differentiate between being efficient and being effective. As I will illustrate, they are two different things and failing to distinguish that can lead to all sorts of problems, like: redundancies and fragmentation; chronic and repeat problems that never seem to get resolved; random patrol that produces random results; vaguely defined problems that get vague answers; wasted resources, manpower and money; morale and motivation problems from not being able to see or demonstrate the results of your efforts, leading to high turnover; silos; lack of teamwork and coordination; etc. The list could go on-and-on, but I don’t want to belabor the point. What we want to do is focus 10% of our time on the problem and 90% on the solution.
 
In a nutshell, efficiency is doing things right, while effectiveness is doing the right thing. With that being said, it is possible to be efficient without being effective. That is what you want to avoid at all costs. Here’s an example: Complaints from passengers wishing to use the Bagnall to Greenfields bus service that “the drivers were speeding passed groups of up to 30 people with a smile and a wave of a hand” have been met by a statement pointing out that “it is impossible for the drivers to keep their timetable if they have to stop for passengers.”
 
So how does this apply to security operations in your organization? For starters, there are very few useful metrics used to demonstrate effectiveness. Most metrics that are used just count things, which focuses on efficiency, but doesn’t enable you to discern if what you are doing (or counting) is bringing you closer to your goal or further away from it. Worse, it doesn’t allow you to easily replicate your approach even if you did stumble upon a great solution (i.e., what works and what doesn’t work and why). All you know is that you handle these various issues quickly, courteously and perhaps that you handle a lot of them, but not whether you should be handling these things at all or how these things pertain to the substance of what your company or division does (its mission).   
 
Being efficient means that you have put what you believe are good security/safety related policy, training and supervision in place within your organization. But what does the word good really mean? How do you know if it’s “good”? That’s where the effectiveness component comes into play. You could have nice policy, training and supervision in place that is all working together and it makes your operation efficient as a result. But if you look at it from an effectiveness perspective, you might find (as I did in many cases) that it’s not “good,” because it’s working to take you further away from your goal rather than closer to it. Some administrators don’t want to hear that because they believe things are working fine and staff are doing things right, which might be true in the short term  – but in the long term, if you want to reach your goals and serve your mission you need to emphasize doing things right AND doing the right thing (and doing it in sync, so it all becomes seamless and holistic, a sort of ecosystem that is self contained and feeds off itself – one working off the other and each making the other stronger along the way).  
 
So what is the litmus test? How do you know if your policy, training and supervision are aligned with your mission and vision statement, thus allowing you to be effective? Ask yourself this one question: “Do I experience a lot of ‘dilemmas’ in my decision making?” Do you hear yourself or your staff saying things like “Well, the right thing to do would be to (fill in the blank)…” followed by “But…” Do you tangle with silos, disruptive office politics, coercive and/or bullying behavior, etc.? All of these are warning signs that you are probably not being effective. 
 
So how do you make your security/safety operation both efficient and effective? Simple -- Proper leadership! By that I mean leadership that focuses not just on meeting regulatory standards and simply counting things with your metrics, but leadership that utilizes robust process improvement, performance management and innovation to help your organization become resilient. Organizational resiliency is the goal. We cannot achieve that with silos and piecemeal strategy standing in our way. A good way to overcome that is through practicing “Enterprise Risk Management.” ERM bolsters strategic thinking, collaboration and coordination.   
 
Warren Buffet was fond of saying that “Risk comes from not knowing what you’re doing.” Abraham Lincoln said, “If I had eight hours to chop down a tree I’d spend six hours sharpening my axe.” Accordingly, here is the research you need to do to take your security operation to another level. Read, digest and apply the information contained in the following two books:
 

• Michael Hammer, Faster Cheaper Better: The 9 Levers for Transforming How Work Gets Done. NY: Crown, 2010.
• Ronald Heifetz and Marty Linsky, Leadership on the Line: Staying Alive through the Dangers of Leading. MA: Harvard Business School Publishing, 2002.

 
For your added reading enjoyment, go online and download the following monograph for free:
 
Persuading Senior Management with Effective, Evaluated Security Metrics. ASIS Foundation (2014). https://foundation.asisonline.org/FoundationResearch/Research/Current-Research-Projects/Documents/ASIS_Report_REV12_JA.pdf
 
             I know what you’re saying right about now, “I don’t have the time to read all that.” So here’s what it all says in a nutshell: The common theme that runs through all of the material above can be condensed into something I call the 5 P’s: Philosophy, Process, Programs, Problem-Solving and Partnerships. Incorporating those 5P’s into your security/safety and emergency management operations will allow you to be both efficient and effective.
 
Philosophy: The most fundamental of all questions is what is your philosophy? What is it you’re trying to accomplish? Why do you come to work each day, put on your security uniform (or blazer) and start your day or your patrols? What is it you’re trying to accomplish? Hopefully, the philosophy of your security department is aligned with the philosophy or mission of your organization, but if you sense things are disconnected, or none of this is clear, then you need to change that. If you say something superficial like “We strive to provide a safe and secure environment for our customers, visitors, vendors, students, staff, patients, employees (whatever),” well, what does “safe & secure” mean in real nuts-and-bolts terms and measures? What does it look like? How do you know if you are doing that?
 
Process: This is the “how” you need to examine in how work gets done. What you do here is abolish unnecessary work and useless process. What if transforming your security operations to improve revenue growth and profitability was as simple as changing ‘the way we do things around here’? It sometimes can be. But you first need to do a comprehensive 360 degree review on the way you do things, with a keen eye toward “robust process improvement.”
 
Programs: Make a list of all your programs and see if they are still getting you to where you want to go. If not, some may have to be eliminated and some may have to be added. Programs are the legs that your philosophy rests on. After all, philosophy is theory, where programs are action oriented. But the programs you put in place have to be in alignment with your philosophy and your efforts at process improvement. Program outcomes also need to be measured because you can’t manage what you don’t measure. Are there any innovative programs you’re not thinking of or aware of? Brainstorm with staff and professional colleagues to find out. Can your successful programs be easily replicated? Do you know why they work or why they don’t work?
 
Problem-Solving: This is the keystone to all the 5 P’s. We run a security operation in order to prevent and/or solve a problem. But if we don’t properly and precisely identify the problem, and then gather suitable and appropriate data surrounding this problem, then our response is not going to be as effective as it could be. Proper problem-solving is also in alignment with Continuous Quality Improvement (CQI). Once we respond to the problem we also measure or assess our results. Did we eliminate it? If we didn’t eliminate it, did we at least reduce the harm or monetary costs associated with the problem? What was our target or objective? Did we accomplish what we set out to do? If so, what worked and what didn’t work and why? Perhaps we just displaced the problem, but displacement can be considered a success too under some circumstances. We need to assess all of this and apply it to future problems that arise or refine our efforts to the current problem so as to be more effective at eliminating, reducing or displacing it (if our initial response was not as successful as we would have liked).  
 
Partnerships: It’s all about teamwork, collaborations and partnerships. The broader term would be relationship building. We do not operate in silos. We also do not need to constantly be in the limelight seeking credit. We are not effective going it alone. Proper problem-solving helps us delineate who the stakeholders are that we need to collaborate with. Once we have identified the people, groups or organizations that need to be brought into the equation, then we go inside and/or outside the organization and build formal and long-term partnerships.
 
            I have helped hundreds of clients in every industry and niche imaginable with implementing these and similar type strategies. Very simply, they work, and they produce measurable results in a short period of time. From new construction and design work, to meeting regulatory mandates, to designing effective metrics, to innovative strategies on deploying security officers (and more), get in touch with me and I’ll provide you with some good guidance and advice. You’ll be glad you did (www.brianbugge.com).
 
About the Author: Brian Buggé is Director of Security Operations at IRI Global, LLC. He is also an Adjunct Professor of Criminal Justice & Security Management at the University of Phoenix. Brian is Board Certified in Security Management by ASIS, Intl. He is also a licensed private investigator and certified security guard instructor. In New York City he received the Fire Safety Director designation from the NYC Fire Department. In 2003 Brian helped form the N/E Chapter of The Assoc. of Threat Assessment Professionals (ATAP), and he served on their Board for six years. Brian has over 15 years of security management experience and over 20 years of experience in various positions in law enforcement (federal, county and city level). He can be reached at www.brianbugge.com.
                                                                                                                                   
 
 

HI-RISE BUILDING SECURITY IN NEW YORK CITY – LESSONS LEARNED:
 
                                                                                                  By Brian Buggé, M.A., CPP, CHPA, CPOI
 
 
This article will focus on Hi-Rise Building Security and Life Safety in New York City, but the principles and techniques I’ll be discussing can just as easily be applied to corporate offices, hotels, schools and hospitals, etc. I’ll share some of the lessons learned over my time at Kroll, and also from my time as a police trainer and consultant with the Police Executive Research Forum (PERF is a police think tank based in Washington, DC. At the time I was a nationally recognized expert on “Problem-Oriented Policing & Security,” and “Situational Crime Prevention”). I’ll also blend in lessons learned in my subsequent position as a director of corporate security & safety.
 
On 9/11/01, I was Director of the Security Services Group at Kroll stationed at their worldwide headquarters in New York City. The terrorist attacks that day caused us to go into overdrive. At the time Kroll was arguably the largest and most sophisticated risk mitigation/security consulting firm in the world. Our clients ran the gamut from high net worth individuals and famous celebrities, to Fortune 500 companies, government agencies, ivy-league universities and even foreign sovereign governments. On that fateful day we had to prioritize requests almost with a hospital triage type approach. Naturally, our first concern was with the fact that the Port Authority of NY/NJ, owners of the World Trade Center, was our client. In addition, Logan Int’l. Airport in Boston, the location where al-Qaeda terrorist Mohamed Atta and his murderous crew boarded AA Flight #11 that eventually flew into the North Tower, had been a client in the past. Paradoxically, we were even concerned for the safety of a few Saudi nationals residing in the U.S. who were our clients and who had some close or distant family connection to Osama bin-Laden.
 
Once we got through our reactionary stage, we quickly switched to a preventative proactive stage. That involved offering our services to every major airport in the country and every major property management firm in the country. We had immediate requests for assistance from places
 like the Sears Tower in Chicago (now the Willis Tower), the Empire State Bulding, CNN and the Time Warner Center, and major airports and Global 500 companies throughout the world. We even trained the entire NJ Transit System (all 10,000 employees) in a first of its kind “Terrorism Awareness” training course. We gave similar counter-terrorism training to corporations, government agencies and property managers throughout the country.
 
What assisted our efforts in this regard was the confiscation by police in Manchester, England of an al-Qaeda training manual. Yes, Osama bin-Laden actually produced a terrorist training manual. Back then the manual was a secret, and few outside of Scotland Yard, the FBI and CIA (and Kroll of course) had a copy. It wasn’t until it got introduced as a court exhibit in a terrorism case in England, however, that it got into the public domain. Although the manual is now outdated, and terrorists have changed their tactics, they still employ some of the core strategies contained in that manual (e.g., the terrorists who struck in Mumbai in November 2008 – called India’s 9/11, used some of the techniques outlined in this al-Qaeda manual). So the past can be a prologue to the future in trying to decipher terrorist behavior. If you want to know what they will do in the near future, look at what they’ve done in the immediate past.
 
Several years back I attended an invitation only event hosted by the NYPD at One Police Plaza in lower Manhattan on the topic of “Terrorism Awareness for Realtors.” At that training I was approached by a member of the Real Estate Board of New York and BOMA and asked to name a book or manual that I would recommend, which could be used by members of REBNY and BOMA. I quickly recommended, High-Rise Security and Fire Life Safety by Geoff Craighead. It was good back then but now, in its third edition, it’s even better. But since that time many other useful guides have been written, all of which can be downloaded from the Internet for free. Here’s a list:
 

• FEMA Series on Protecting Buildings from Natural Disasters and/or Terrorist Attacks (Publication Numbers: 426, 427, 429, 430, 452, 453, 455, 459 & 543). Just type into the Google search box “FEMA 426 pdf.” Repeat for the other numbers.

 

• NIOSH/CDC Manual, “Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological Attacks,” 2002.

 

• ASIS, “From the Ground Up: Security for Tall Buildings,” by Dennis Challinger, 2008.

 

• DHS, “Commercial Facilities Sector-Specific Plan: An Annex to the National Infrastructure Protection Plan,” 2010.

 

• NYPD, “Engineering Security: Protective Design for High Risk Buildings,” 2009.

 
I know what you’re saying, “I don’t have the time to read all that.” So here’s what it all says in a nutshell: Have good policy, good training and good supervision in place. That’s 90% of the battle. Also, focus on three main areas of concern: #1: your perimeter; #2: the exterior of your building; and #3: the interior of your building. Last, it all comes down to utilizing three overlapping approaches to increase your security posture: you need to have good security staff in place; you need to have good electronic access control and surveillance cameras in place; and you need to have good architectural designs in place (or what is known as Crime Prevention Through Environmental Design – CPTED). You also need to have all of this working for you at the same time.
 
Don’t let the fact that I condensed it all into one small paragraph fool you. It’s not as easy as it sounds to get all that stuff in alignment and in sync. Unfortunately, when I do security reviews and assessments of commercial office buildings I rarely find that the property managers have all three things going for them at the same time (i.e., Good Policy, Good Training and Good Supervision). The more efficient and effective buildings might have two out of those three, but some less efficient buildings might only have one out of three.
            
Perhaps you have some issues with Policy in regard to security & life safety. If so, I can provide some good guidance and advice, whether it’s writing Manuals, SOP’s, and/or Post Orders customized to your environment, your building and your corporate culture {Contact me at: www.brianbugge.com}.
 
If you believe you have issues with Training, I can help with that too. There are numerous online training platforms you can utilize, and also training and certifications provided online for free by government agencies like FEMA, etc. In 2016 and beyond, training can be delivered in person, or via webinar, YouTube, Kajabi, or via interactive blogs containing customized videos streamed directly over the Internet – no dedicated servers or intranet needed. {Contact me at: www.brianbugge.com}.   
 
If you believe you have issues with Supervision I can help there too. I can quickly and easily show you how to do a 360 degree review and offer you ideas and suggestions regarding current best practices and also models to follow through benchmarking and through my own 30 years of experience. Actions that provide a good ROI in this regard are: leadership and supervisory training on topics like “Principle-Centered Leadership,” and “The 7 Habits of Highly Effective People,” etc. {Contact me at: www.brianbugge.com}.   
  
About the Author: Brian Buggé is Director of Security Operations at IRI Global, LLC. He is also an Adjunct Professor of Criminal Justice & Security Management at the University of Phoenix. Brian is Board Certified in Security Management by ASIS, Intl. He is also a licensed private investigator and certified security guard instructor. In New York City he received the Fire Safety Director designation from the NYC Fire Department. In 2003 Brian helped form the N/E Chapter of The Assoc. of Threat Assessment Professionals (ATAP), and he served on their Board for six years. Brian has over 15 years of security management experience and over 20 years of experience in various positions in law enforcement (federal, county and city level). He can be reached at www.brianbugge.com.