George Campbell is emeritus faculty of the Security Executive Council (SEC) and a former CSO. His book, “Measures and Metrics in Corporate Security,” may be purchased from the SEC. The SEC works with security executives to provide strategy, and proven practices to reduce risk and add to corporate profitability. For more information, email firstname.lastname@example.org or visit www.securityexecutivecouncil.com/?sc=std.
There is always more to the story than what’s in a simple chart. Our metrics should help us use the good data we have to support the important story we need to tell. Here’s an example of how data can be an effective centerpiece for what might otherwise be a hard-sell proposal.
A new Chief Security Officer has been hired to address a variety of risk concerns raised by a newly constituted Board of Directors. He has collected data to help him respond to complaints regarding Security’s poor performance meeting cycle time commitments for background investigations (BIs). Here are the facts that nine months of data (shown in the chart) indicate:
1. A hiring spike is happening due to opening a new Regional Operations Center.
2. Security has a service-level agreement with HR to complete pre-hire BIs within 10 business days. This target is shown on the red line.
3. Security headcount is frozen. The team processing backgrounds has caseload limits consistent with internal case management standards.
4. The actual cycle time has doubled on average over the past two quarters. Hiring managers are putting pressure on HR, and they are not happy.
5. HR and business units have routinely not waited for BIs to be completed before hiring. This trend has expanded as cycle time has increased.
6. There is no established policy on pre-hire qualification standards related to derogatory background investigation findings.
7. Hiring managers are accepting candidates with risky backgrounds.
8. HR-initiated disciplinary actions and internal investigations conducted by Security have revealed that one-third more subjects of these actions were hired and retained after receiving background results with material derogatory findings.
This CSO has used this data as part of a proposal to his HR peer to address this and other issues. Here is the pitch:
• First, sustained hiring surges require increased resources to handle the cases on the turn-around we have mutually established. Our SLA is based on caseload assumptions that have obviously changed. You can clearly see the impact here.
• Second, you are hiring regardless of our case results, and if this continues, we are just wasting money on the BI process. Moreover, look at the record on post-hire misconduct case results. These are red flags that would have been avoidable risks if considered before making the offer. I don’t believe either the CEO or the Board would support abandoning the need to perform background investigations, so we need to address a no-hire without a final BI policy between us.
• I propose that we jointly institute a policy that would prohibit any final hire decision until adjudicated background results are available to HR and the hiring manager. Along with Legal we’d collaborate on a policy supported by a set of guidelines that establish specific actions imposed by various levels of severity related to candidate histories.
• We also need to jointly communicate with all division managers on the rationale of this new policy. This will not go over well with those who think we are just here to delay their decisions. This is a pay me now or pay me later problem, and we need to demonstrate that our two organizations are joined at the hip on this risk management policy.
This conversation resulted in more than a revised approach to this company’s background investigation program. It facilitated repair in a key interdependency and commenced a far more fundamental approach to preventable risk. This is what can be accomplished when metrics are used not just as numbers or charts, but to tell a story that is relevant and important to other stakeholders.
George Campbell is emeritus faculty of the Security Executive Council (SEC) and a former CSO. His book, “Measures and Metrics in Corporate Security,” may be purchased from the SEC. The SEC works with security executives to provide strategy, and proven practices to reduce risk and add to corporate profitability. For more information, email email@example.com or visit securityexecutivecouncil.com/?sc=std. This article is copyrighted by the SEC and reprinted with permission. All rights reserved.