CSO roundtable: The economy’s effect on security management

ASIS International CSO Roundtable members talk strategy for security in tough times

All six of our roundtable participants noted that they were faced with “doing more with less” and, now more than ever, were having to think critically about the management and operations of their security department. Here’s what they had to say…

The current business mantra seems to be “Do more with less”, and this has affected security and risk departments as well as all business units. How are you doing more with less?

Baley: You are absolutely correct; there is definitely an ever increasing mantra to “do more with less”. This actually caused us to take a strategic view of our security plan. We revisited our plan and really drilled down on our priorities and revised existing profiles related to risk mitigation and response. Since we fully expect the climate, in terms of cost allocation and constraints, to harden more before it expands, we refined and reprioritized our goals. WE matched our internal skill sets and resources with our goals and then identified challenges, obstacles, and constraints toward attainment. We were able to focus our financial resources toward our highest priority goals and in many cases identify nonfinancial solutions to other strategic goals. At least in the short run this has helped us become a much more efficient and effective department. It is amazing, as smart as we often feel we are, we do fall into that rut of maintaining certain practices, services, subscriptions, etc., because we always have done so, rather than on a continuing validated need.

Fountain: We have taken a more inclusive approach to assigning responsibility for security matters. For example, we don’t have the travel budget to get to every location for an on-site vulnerability assessment, so we used an interactive survey conducted by operational personnel at the site to conduct the annual assessments. We then review the assessments with a committee of subject matter experts to direct mitigation strategies. Another example might be the execution of the passport rules for land border crossing under WHTI. In the past, this would have been a security-led effort due to the personnel security overtones. However, we shifted this to an operations-led project with security input. In sum, it isn’t so much about doing more with less, but rather doing focused and priority work with less.

Becker: One big way is in the investigations arena. We have eliminated our corporate security investigations manager so I am now much more involved in the investigative process. We are also leveraging other corporate departments (human resources, internal audit, and finance) to assist in investigations. Finally we have retained a contract investigator at a much lower rate.

Osborne: Stretching security is a continuous theme throughout the business world. Security systems and programs must show value to the business. That value can be shown in such areas as theft detection, information security and personnel security. In order to develop and implement an effective and robust program, cost efficiency is a top concern. By performing vulnerability assessments focused on key assets and critical equipment, we have reduced our security system capital expenditures through reallocating current resources whose protective value was providing little or no value to areas requiring a higher protective element. This reallocation translates to a better, less expensive protective element that is measurable and demonstrates value.

McDonough: Cost is becoming a significant issue and concern and I think most of us are feeling some budget constraints. In these times, security directors are being asked to do the best we can with either what we already have or to reduce spending. As a way to help cut costs, we are also using guard watch solutions in combination with video cameras to supplement existing security officers and possibly replace guards on third shifts and weekends when facilities are less occupied. Another way many companies are cutting costs is by using video conferencing and other communication technologies as a way to save on travel expenses. However, the fact remains that travel is an absolute necessity at a global enterprise and we are doing a better job of partnering with our business units to ensure travel is business necessary. As an example we have stretched the time for certain risk assessments or security compliance audits from annual to once every 18 months.