Trends such as the expanding need for risk management and greater use of sophistcated technology and work methods have all enhanced the professional role of security management in the last few years .The major shift from protecting or gaurding the perimeter of the business to managing the risk of business in a proactive manner has helped this image, as has more business emphasis on security demonstating how ot adds value to the organization.
Increasingly security managers require input not only from their traditional staff, but engineers, internal auditors, information system specialists and others. The security manager now needs to be well versed with what happens in the departments of other disciplines in order to effectively embed risk management practices within the organisation as a whole. Control over budgets which represent significant amounts of the corporate capital expenditure are now common and contributions from various disciplines need to be coordinated by the head of security. Indeed, some security departments are almost unrecognisable from what they were 10 years ago.
Security status lags technological trends
The speed of change in the nature and focus of security has not necessarily been accompanied by a similar change in the job status of security managers or the image of security within the organisation. On the other hand, the career expectations of security managers have been raised as the scope and complexity of their responsibilities has increased.
This has led to many managers asking why they do not enjoy the same level of recognition and grading as many other senior people in the production, financial, human resource and even information systems areas. Interestingly enough, the IFSEC conference to be held in London in May shows some focus on getting security into mainstream management with one of the topics to be presented looking at "Getting security into the boardroom" while another is to examine changes that new technology will make to the industry.
Has security management arrived?
Has security arrived at the point where security managers can expect to be treated the same as their colleagues in the traditionally "high profile" disciplines, be graded the same way, and operate with the same power base within executive committees?
Certainly the designation of Security Director is rare, even in the UK and security managers are seldom graded at the same level as their counterparts in other disciplines. However, there are instances where security executives have received this kind of recognition and some industries are likely to be more receptive to this than others.
I have been involved recently in looking at these issues for a couple of organisations and believe that they are likely to become more and more common as the security discipline increases its coverage and sophistication.
Discerning the trends
In this article and its follow up in part two, I'm going to share some of my personal thoughts and views on this process. These are not necessarily industry practices or policies, but a trend in the development of the security discipline which follows that of other disciplines.
Human resources twenty years ago was seen as a low key administration function until a combination of IR, organisational development and an influx of professionally qualified people propelled it into the mainstream.
Information systems is on a similar curve from ten years ago when the drive to corporate networks, a PC on every manager's desk and the need for business intelligence created a whole new management function different from the previous mainframe intensive administration. I'm not sure when the trend for security started but it is well in progress and being boosted by CCTV, enhanced technology and the increasing demand to manage risk within the business process.
Job grading and responsibilities
If we look at the security manager responsibilities and implications for grading at the equivalent level as his or her established counterparts, an argument put forward by some security managers is that they are responsible for their own department and therefore should have the same status. Grading and power in an organisation, however, goes beyond being a department head and the personal credibility of the incumbent. It affects the business, politics in decision making, and impacts on strategy.
Managing one's own department, increased budgets, new and expensive technologies, higher calibre complements and sitting in executive committee meetings help in promoting the status of the manager but do not guarantee a higher grading. Nor does increasing the numbers of employees in your department, particularly if they are low-level personnel. If anything, increasing the number of guards you are responsible for reinforces the traditional image of security and drops you into the "old style" perceptions of the function.
Enterprise risk management
The security manager's strategic responsibility benefits substantially moving from a department focus to one of looking at enterprise risk management. There is a need to appreciate the business and be able to talk the language of business, not just the language of security.
The more the manager can understand and contribute to business management and define the role of security in this context, the better placed he or she is, and the more security is on the corporate agenda.
In a similar vein, the more other disciplines are responsible for security issues or share in the whole process of risk management within the organisation, the more the manager has integrated a security philosophy within the organisation. It is an observation rather than a fact but I believe the more a security manager tries to make security an exclusive area which only they understand, the less impact they have on the organisation. On the other hand, the greater the level of understanding of what goes on in other departments and the more security principles and practices are incorporated into the business processes of the organisation, the more status the security manager will have.
Enhancing business performance
Business performance enhancement is increasingly within the scope of the security manager's role. Being able to apply the security systems to monitor and enhance production, standards and utilisation of people moves from controlling risk to adding value and represents a whole area of development for the discipline.
I remember some years ago when working in the mining industry, a metallurgical manager was made a mine manager for the first time in the history of the Group I worked for. After years of mining engineers being made general managers, this was seen as a huge achievement for the metallurgical profession. It is perhaps the ultimate achievement for a discipline head and recognition of the discipline that they can be appointed to run the business.
Business awareness aided by highly qualified personnel
This is something that has probably occurred relatively infrequently in the security industry, but the casinos and hotels provide an interesting case perceptive on this. Dave Wright, Head of Surveillance and Security for Sun International notes that surveillance and security managers in casinos and hotels would typically have a greater depth of understanding and coverage of other departments compared to other operations. In order to do their jobs, they need to understand the business of other departments virtually as well as those departments do themselves and security functions are closely integrated into work practices and procedures. This business awareness is aided through the recruitment of highly qualified personnel for those positions and the creation of a culture that emphasises that business departments and executives are security's internal customers.
Not only do you get a movement from surveillance into other departments, but the potential is there among such managers to be appointed to general management positions and there is already a precedent for this. This business understanding is a trend that is increasingly happening in the industry and is going to be essential to security professionals.
The strategic impact of security
Management job grading is based on specific guidelines related to the nature of work, decisions and responsibilities. Nevertheless, when distinguishing levels from one another, it is often quite difficult to explain how an activity at one level is very different from one at another level. Differences are often subtle rather than obvious. However, one trend I have found is that when one can define a position in terms of its impact on the rest of the organisation, the ease at which an executive position can be defined is much easier to rationalise. For example, a major change in the production process by a production manager has significant implications for virtually everyone in the organisation and the way the company functions. It also has a clear implication for the strategy of the company and the way it is going to go about things.
Security may have a different type of strategic impact but in the next part of this article, I'll discuss some of the things that I think security managers can be doing to reinforce their claim to a stake in the executive offices.
For details contact Craig Donald on tel: (011) 787 7811, fax: (011) 886 6815 or e-mail: firstname.lastname@example.org, or visit www.leaderware.com
© Technews Publishing (Pty) Ltd | All Rights Reserved