Corporate Security: Efficiency vs. Effectiveness
By Brian Buggé, M.A., CPP, CHPA, CPOI
This article will focus on innovative solutions that can help strengthen the security posture of your organization in a cost effective manner, whether you work in a corporate environment, a healthcare setting, a school or retail, etc. The answer is through proper utilization of robust process improvement efforts focused on performance management and innovation.
Over the years I have been exposed to hundreds of approaches to managing security, safety and emergency management operations. Needless to say, I have learned a lot from that experience. Some lessons learned were gleaned while dealing with large scale catastrophes involving manmade and/or natural disasters, at home or abroad. Some lessons were learned while overseeing more mundane everyday practices within corporations, stores, hospitals, schools, government agencies, non-profits, law enforcement, etc., but one thing always stood out: the failure to differentiate between being efficient and being effective. As I will illustrate, they are two different things and failing to distinguish that can lead to all sorts of problems, like: redundancies and fragmentation; chronic and repeat problems that never seem to get resolved; random patrol that produces random results; vaguely defined problems that get vague answers; wasted resources, manpower and money; morale and motivation problems from not being able to see or demonstrate the results of your efforts, leading to high turnover; silos; lack of teamwork and coordination; etc. The list could go on-and-on, but I don’t want to belabor the point. What we want to do is focus 10% of our time on the problem and 90% on the solution.
In a nutshell, efficiency is doing things right, while effectiveness is doing the right thing. With that being said, it is possible to be efficient without being effective. That is what you want to avoid at all costs. Here’s an example: Complaints from passengers wishing to use the Bagnall to Greenfields bus service that “the drivers were speeding passed groups of up to 30 people with a smile and a wave of a hand” have been met by a statement pointing out that “it is impossible for the drivers to keep their timetable if they have to stop for passengers.”
So how does this apply to security operations in your organization? For starters, there are very few useful metrics used to demonstrate effectiveness. Most metrics that are used just count things, which focuses on efficiency, but doesn’t enable you to discern if what you are doing (or counting) is bringing you closer to your goal or further away from it. Worse, it doesn’t allow you to easily replicate your approach even if you did stumble upon a great solution (i.e., what works and what doesn’t work and why). All you know is that you handle these various issues quickly, courteously and perhaps that you handle a lot of them, but not whether you should be handling these things at all or how these things pertain to the substance of what your company or division does (its mission).
Being efficient means that you have put what you believe are good security/safety related policy, training and supervision in place within your organization. But what does the word good really mean? How do you know if it’s “good”? That’s where the effectiveness component comes into play. You could have nice policy, training and supervision in place that is all working together and it makes your operation efficient as a result. But if you look at it from an effectiveness perspective, you might find (as I did in many cases) that it’s not “good,” because it’s working to take you further away from your goal rather than closer to it. Some administrators don’t want to hear that because they believe things are working fine and staff are doing things right, which might be true in the short term – but in the long term, if you want to reach your goals and serve your mission you need to emphasize doing things right AND doing the right thing (and doing it in sync, so it all becomes seamless and holistic, a sort of ecosystem that is self contained and feeds off itself – one working off the other and each making the other stronger along the way).
So what is the litmus test? How do you know if your policy, training and supervision are aligned with your mission and vision statement, thus allowing you to be effective? Ask yourself this one question: “Do I experience a lot of ‘dilemmas’ in my decision making?” Do you hear yourself or your staff saying things like “Well, the right thing to do would be to (fill in the blank)…” followed by “But…” Do you tangle with silos, disruptive office politics, coercive and/or bullying behavior, etc.? All of these are warning signs that you are probably not being effective.
So how do you make your security/safety operation both efficient and effective? Simple -- Proper leadership! By that I mean leadership that focuses not just on meeting regulatory standards and simply counting things with your metrics, but leadership that utilizes robust process improvement, performance management and innovation to help your organization become resilient. Organizational resiliency is the goal. We cannot achieve that with silos and piecemeal strategy standing in our way. A good way to overcome that is through practicing “Enterprise Risk Management.” ERM bolsters strategic thinking, collaboration and coordination.
Warren Buffet was fond of saying that “Risk comes from not knowing what you’re doing.” Abraham Lincoln said, “If I had eight hours to chop down a tree I’d spend six hours sharpening my axe.” Accordingly, here is the research you need to do to take your security operation to another level. Read, digest and apply the information contained in the following two books:
For your added reading enjoyment, go online and download the following monograph for free:
Persuading Senior Management with Effective, Evaluated Security Metrics. ASIS Foundation (2014). https://foundation.asisonline.org/FoundationResearch/Research/Current-Research-Projects/Documents/ASIS_Report_REV12_JA.pdf
I know what you’re saying right about now, “I don’t have the time to read all that.” So here’s what it all says in a nutshell: The common theme that runs through all of the material above can be condensed into something I call the 5 P’s: Philosophy, Process, Programs, Problem-Solving and Partnerships. Incorporating those 5P’s into your security/safety and emergency management operations will allow you to be both efficient and effective.
Philosophy: The most fundamental of all questions is what is your philosophy? What is it you’re trying to accomplish? Why do you come to work each day, put on your security uniform (or blazer) and start your day or your patrols? What is it you’re trying to accomplish? Hopefully, the philosophy of your security department is aligned with the philosophy or mission of your organization, but if you sense things are disconnected, or none of this is clear, then you need to change that. If you say something superficial like “We strive to provide a safe and secure environment for our customers, visitors, vendors, students, staff, patients, employees (whatever),” well, what does “safe & secure” mean in real nuts-and-bolts terms and measures? What does it look like? How do you know if you are doing that?
Process: This is the “how” you need to examine in how work gets done. What you do here is abolish unnecessary work and useless process. What if transforming your security operations to improve revenue growth and profitability was as simple as changing ‘the way we do things around here’? It sometimes can be. But you first need to do a comprehensive 360 degree review on the way you do things, with a keen eye toward “robust process improvement.”
Programs: Make a list of all your programs and see if they are still getting you to where you want to go. If not, some may have to be eliminated and some may have to be added. Programs are the legs that your philosophy rests on. After all, philosophy is theory, where programs are action oriented. But the programs you put in place have to be in alignment with your philosophy and your efforts at process improvement. Program outcomes also need to be measured because you can’t manage what you don’t measure. Are there any innovative programs you’re not thinking of or aware of? Brainstorm with staff and professional colleagues to find out. Can your successful programs be easily replicated? Do you know why they work or why they don’t work?
Problem-Solving: This is the keystone to all the 5 P’s. We run a security operation in order to prevent and/or solve a problem. But if we don’t properly and precisely identify the problem, and then gather suitable and appropriate data surrounding this problem, then our response is not going to be as effective as it could be. Proper problem-solving is also in alignment with Continuous Quality Improvement (CQI). Once we respond to the problem we also measure or assess our results. Did we eliminate it? If we didn’t eliminate it, did we at least reduce the harm or monetary costs associated with the problem? What was our target or objective? Did we accomplish what we set out to do? If so, what worked and what didn’t work and why? Perhaps we just displaced the problem, but displacement can be considered a success too under some circumstances. We need to assess all of this and apply it to future problems that arise or refine our efforts to the current problem so as to be more effective at eliminating, reducing or displacing it (if our initial response was not as successful as we would have liked).
Partnerships: It’s all about teamwork, collaborations and partnerships. The broader term would be relationship building. We do not operate in silos. We also do not need to constantly be in the limelight seeking credit. We are not effective going it alone. Proper problem-solving helps us delineate who the stakeholders are that we need to collaborate with. Once we have identified the people, groups or organizations that need to be brought into the equation, then we go inside and/or outside the organization and build formal and long-term partnerships.
I have helped hundreds of clients in every industry and niche imaginable with implementing these and similar type strategies. Very simply, they work, and they produce measurable results in a short period of time. From new construction and design work, to meeting regulatory mandates, to designing effective metrics, to innovative strategies on deploying security officers (and more), get in touch with me and I’ll provide you with some good guidance and advice. You’ll be glad you did (www.brianbugge.com).
About the Author: Brian Buggé is Director of Security Operations at IRI Global, LLC. He is also an Adjunct Professor of Criminal Justice & Security Management at the University of Phoenix. Brian is Board Certified in Security Management by ASIS, Intl. He is also a licensed private investigator and certified security guard instructor. In New York City he received the Fire Safety Director designation from the NYC Fire Department. In 2003 Brian helped form the N/E Chapter of The Assoc. of Threat Assessment Professionals (ATAP), and he served on their Board for six years. Brian has over 15 years of security management experience and over 20 years of experience in various positions in law enforcement (federal, county and city level). He can be reached at www.brianbugge.com.
Brian Buggé is Director of Security Operations at IRI Global, LLC. He is also an Adjunct Professor of Criminal Justice & Security Management at the University of Phoenix. Brian is Board Certified in Security Management by ASIS, Intl. He is also a licensed private investigator and certified security guard instructor. In New York City he received the Fire Safety Director designation from the NYC Fire Department. In 2003 Brian helped form the N/E Chapter of The Assoc. of Threat Assessment Professionals (ATAP), and he served on their Board for six years. Brian has over 15 years of security management experience and over 20 years of experience in various positions in law enforcement (federal, county and city level).