How to Train Your Security Staff for Successful Report Writing

A well-written report can mean the difference between a successful shoplifting prosecution and a civil liability lawsuit for false arrest.

Because incident reports are vital to a store's profitability, they must be written correctly and objectively. Everyone knows that a good report contains the five Ws and one H (who, what, when, where, why, and how), but those basic elements are broader than one might think. The objectivity of the report is also a key element. By leaving out relevant information or including emotionally loaded words or opinions, your security officers can torpedo what would otherwise be a good case.


Every report is built on the foundation of the five Ws and one H. In a good report, these categories include more than just the obvious.

--WHO: Identify the complaining party, the victim, the suspect, the witnesses, and any involved law enforcement personnel. In the case of a retail operation, these parties are not always so clear as they may seem. The store security officer or officers who make the apprehension must be named, of course, and so should the suspect(s).

And while the complainant is often the store itself, in some cases it is a separate corporation. If, for example, a theft occurs from a concession, or a store-within-a-store, such as a jewelry counter or optical shop that appears to be part of the department store but in reality is owned and operated by a totally separate company, then this information must be clearly spelled out in the report or the case cannot be successfully prosecuted.

Identifying information about persons involved should include home and work addresses, including corporate contact information, telephone numbers, physical descriptions and occupations.

--WHAT: Not only what was stolen, but what evidence was found? What was done with the evidence? What individual or police agencies responded to the scene? What agency has jurisdiction? What section or officers will follow up? What is the contact information for the prosecutor's office or prosecutor assigned to the case? What is expected of the security officer who made the apprehension: testimony, submission of written reports, etc.?

--WHEN: When did the incident occur? When did the suspects arrive? How long did they stay? When did they leave?

Information regarding the "when" of police response must also be included. When the law enforcement officers arrive? When did the officer have contact with the security officers, the witnesses or other parties to take their statements?

--WHERE: Aside from where the incident occurred specifically, the locations and activities of the loss prevention team should also be recorded. Where the witnesses and suspects were interviewed is important. Where the evidence was collected, marked and stored is another piece of the puzzle that should be included in the report. Where the police questioned and arrested the suspect is important to know.

--HOW: How the offense was committed is also important information. Was it an organized theft ring with several players, each of whom had a specific role? Was it a professional job, with a shoplifter who wore a booster coat or carried a booster bag? Was it committed by a juvenile working alone or with friends? Answering these questions helps establish a pattern both within the store and within the area.

How the store security officer identified the suspect, the merchandise and the witnesses is also important information.

--WHY: The "why," or the motive for the incident may be the toughest foundation question to answer in a report. Security officers may never discover the reason behind a theft. Nevertheless, prosecutors and jurors like to have a reason. It helps them understand the crime.

Should a suspect offer a reason -- "My friends dared me" or "It was stupid, just a spur-of-the-moment thing," or even "I heard this store was an 'easy steal'" -- by all means, include it in the report. But if a motive cannot be established, a security officer must never make one up for the sake of writing a "complete" report. Fabricating information only weakens a case; it doesn't strengthen it.


Including answers to the building-block questions helps ensure that there are no gaps or missing pieces of information. When supervisors check over reports, they should be looking for completeness as well as correct grammar and spelling.

A report that states "The dude stole and I caught him" is going nowhere fast. The reader should be able to pick up a report and find answers to all the foundation questions. However, it should not be so long and packed with details that the reader must wade through the unimportant in order to find the nuggets of pertinent information.

In reviewing reports, supervisors also need to look for objectivity. An accurate report is one that is free of opinions, guesses and other non-factual information. Objectivity includes avoiding the use of emotionally charged words in favor of words with a neutral connotation.

A security officer would not be correct to say, for example, "I saw this lowlife come into the store." Rather, the report should include the information that led the officer to draw the conclusion that the person was not a pillar of society without using any derogatory or slang terms: "When the man entered the store, I saw that his clothing was torn and dirty and his hands and face were streaked with dirt."

By painting a picture of the incident for the reader, the report has a greater impact than when using negative, subjective language.

In the words of Dragnet star Jack Webb, incident reports should include "just the facts" -- but all the facts should be included.

About the author: Liz Martinez is the author of "The Retail Manager's Guide to Crime and Loss Prevention: Protecting Your Business from Theft, Fraud and Violence" (2004, Looseleaf Law), and is a retail security/loss prevention consultant and an instructor at Interboro Institute in New York City. She will be lecturing on "So You Want a Degree in Business Continuity, Security or Emergency Management? Here's How!" at the CPM West conference on business continuity in Las Vegas on May 25, 2005. She will also present retail business continuity case studies at the CPM East conference in November 2005. She can be reached through her website at