Show me the Money

How to manage and defend your security budget


Gathering all of this information will take a time commitment. Staff members and non-security colleagues may need to be brought in to share input and contribute data, but some of this task can likely be done by going through existing records and brainstorming. For many security leaders, the heavy lifting actually starts with the next step.

 

Where Is Security’s Value?

When a finalized list of services and service costs has been developed, it’s time to determine the service value. Take the list and pick apart who the beneficiaries are of each service. Which business units gain opportunities or risk mitigation from the service, and how? If possible, develop or include metrics that show the benefit in a tangible way.

Present this information to the business unit leaders, and ask them what their critical business goals are. Then discuss how security services help enable them to meet those goals, both by opening up opportunities and mitigating risks. In many cases, the business unit leaders will be unaware of the risks inherent in their operations, and the security leader needs to share this information. Open a dialog — listen to your colleagues if they have concerns or complaints about security’s value, and work with them to uncover mutual benefits.

One of the purposes of this exercise is to remind the business unit leaders (and sometimes the security leader him- or herself) that Security does not own organizational risk — the organization and its business units do. Sometimes business unit managers will be willing to take on some of the cost of a program or service once they are shown the value in a concrete way.

Keep in mind, however, that examining any service’s value to the business may be a double-edged sword. Sometimes you discover that you have more resources than you thought dedicated to a service that is not needed or valued by the organization, and your analysis provides support for cutting that service entirely. While that may be painful at first, remember your main concern is the good of the business. If a service is not valuable to the business, why retain it?

Conducting an analysis like this in the good times is ideal — when cuts are not on the horizon. If a service is found to cost more than it is worth, that service can be eliminated or downsized proactively, and the funds that were dedicated to that service can be put to use in another area that provides more value to the organization. If, instead, none of this occurs until the eleventh hour of mandatory budget cuts, then the money is gone, and that’s that.

 

Finding Efficiencies for Reallocation

George Campbell, STE’s regular “Metrics for Success” columnist, works with the Security Executive Council to help leaders analyze their programs. When companies document their security services and costs, many of them find that guard force services are one of the top three most expensive services.

“This analysis is all about drilling down to learn how well time is directed to value-added, risk-reducing, business-centered services,” Campbell says. “Economies can be found in wasteful administrative tasks, fixed posts that can be eliminated with technology, chasing invalid alarms, and time not directly connected to hazard identification and mitigation. If you cannot find non-productive time — often lots of it — in the daily three-shift routine, you have not been serious about the process.”

During budget cuts, management is likely to demand slashes to high-cost services like the guard force. Organizations can use targeted metrics proactively to see how well such services are performing against expectations and standards. “Where programs fail to document value, they become opportunities for reduction,” Campbell says. “An objective, internal analysis tends to prioritize reallocation of resources to measurably higher-value programs. That’s the mission, after all.”

Campbell adds that security leaders’ biggest challenge in finding efficiencies is partly habit. “Much of security’s work is based on established routines: guard tours, background vetting, investigation processes, service level agreements, etc.,” he says. “We get comfortable and fail to challenge the routine. It is reasonably easy to document where the time is being spent — the hard part is finding new ways to do the work differently with consistently better results at lower cost.”