There are many types of valuable security assessments that can be performed at any time. However, certain types of assessments can have greater impact when performed and utilized during the year-end time period when peoples’ minds shift into a future-oriented perspective related to planning and improvement.
For many companies, October and November are the time of the annual year-end trifecta: personnel performance reviews, yearly budget planning, and next-year objective-setting. In a business setting where continual improvement is a primary objective, each of these three actions is usually focused on just that: making incremental improvements, meaning more of the same but just a little bit better.
Maybe there are specific requests or directions from management that must be incorporated in the planning. Perhaps there are corporate strategic objectives that each functional area must contribute to and for which each executive and manager must submit a plan that supports or is aligned with those objectives.
Keeping Pace with Change
The traditional year-end described above is not likely to account for this critical fact: for many security functions, the pace of improvement—including in business alignment—has not kept up with the pace of organizational and technological change. To do so requires going beyond the typical scope of year-end requests and proposals. Strategic thinking and collaboration is required, and where that hasn’t been done yet, this is the perfect time for it.
Most security practitioners are facing new challenges relating to organizational evolution and the accelerating pace of technology change. For example, the arrival of cloud-based systems is shifting at least a portion of technology funding from CapEx to OpEx. A new generation of video analytics is able to provide valuable business data beyond its traditional security uses. Physical access control systems now offer smartphone-based door access without requiring a card reader at the door. Utilizing wireless electronic door locks for a lower cost factor, this can provide an affordable way to provide convenient access control for lower-risk assets and areas that nonetheless warrant protection.
Merger and acquisition activity can bring pervasive disruptions that management doesn’t have full insight into. M&A impacts include company culture differences that have significant effects on security functions as well as other business functions. These differences must be analyzed and taken into account based upon their impacts.
These and other changes, while they can be challenging and frustrating, are often opportunities to provide high value to the business in a visible and well-supported way.
Leveraging Year-End Perspectives
Managers and executives at all levels are often more open to collaborative discussions when they align with the year-end evaluation and planning efforts. At this time, they are also more open to considering new ideas, especially when there are benefits for them that can improve next year’s picture in one way or another. For example, physical security collaboration with IT can increase the organizational ROI from IT functions and activities, and vice versa.
It can happen that challenges and opportunities don’t get the full consideration they deserve because they are shoehorned into the year-end trifecta, when they actually deserve more than just a quick discussion and single line-item representation on a list.
Opinions, Observations, Facts and Situations
Formalizing the response to a challenge as a documented assessment or evaluation effort can:
- Clarify the thinking around it
- Elevate the attention its critical issues receive
- Facilitate collaboration by providing a light framework for stakeholder participation
- Give validity to the resulting outcomes, plans and proposals
Sometimes statements made in meetings or discussions are taken as opinions or observations, when they should really be considered important facts or situations that warrant action.
A slightly formalized assessment effort can be a good first step, such as a micro-assessment, which is a narrowly-focused short assessment that provides support for decision-making and planning. It can make quick work of sizing up a situation, and make that work delegable. A micro-assessment is a good way to evaluate a particular aspect of your security program utilizing reference materials that can provide specifics in support of your particular focus.
Don’t Sell Your Plans and Objectives Short
During year end thinking about improvements, amidst the rush of other activities, it is easy to condense your thoughts down in to action items, lists or bullet points—when they actually deserve more consideration. What is the actual level of effort required? How hard or easy will it be to engage the participation of others? Could there be hard costs involved that are not initially apparent?
Make sure that whatever time, money or people are needed are well-accounted for and included in planning so that proposed security improvements are not over-burdensome to you or your existing staff. Sometimes having performed a documented assessment, no matter how small or light the effort, provides the additional validity required to fully support whatever sponsorship and funding is needed.
What would you really like to work on that keeps getting put off because of other “high priority” requests? What would put a smile on your face or the face of your staff or team if it actually got accomplished?
The light touch of a very simple assessment or evaluation framework can be more effective and powerful in its results when performed in concert with the year-end thinking and planning activities.
Why put off until next year something that may get a much better reception now?
About the Author: Ray Bernard, is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private organizations (www.go-rbcs.com). Mr. Bernard has also provided pivotal strategic and technical advice in the security and building automation industries for more than 28 years. For more information about Ray Bernard and RBCS go to www.go-rbcs.com or call 949-831-6788. Mr. Bernard is a member of the Subject Matter Expert Faculty of the Security Executive Council (www.SecurityExecutiveCouncil.com). He is also an active member of the ASIS International member councils for Physical Security and IT Security.
