The Executive Vice President could not have been more clear. “Security is not bringing enough value to the business,” she said. “It dropped the ball in the Middle East last year – and later in California. And not a single person in this organization can tell me what we spend on security across our global businesses and operations.”
The enterprise had been trying to make changes – and had recently engaged a new Chief Security Officer. But the complexity of the challenge was daunting. Key factors included a decade-long history of acquisitions, multiple divisions and operating entities, a highly decentralized organizational structure, and inconsistency in addressing critical security imperatives ranging from protecting blockbuster brands and world-class tourist destinations to high-profile talent, celebrities and VIPs.
Enterprise Security Strategy: The First Step is Assessment
Hillard Heintze’s first task was to conduct a high-level current state assessment – a strategic exercise that included more than 50 in-person interviews with the enterprise’s most senior executives and security-related decision-makers. This intensive effort yielded 10 key findings and more than 85 specific, actionable recommendations. The second task was translating this insight into a crisp, concise, high-level strategy document – or Security Strategy Blueprint – that defined the mission, vision and goals of the program, organizational chart and team structure, strategic program components and special areas of domain excellence. The Blueprint also specified clear annual operational priorities to achieve these goals within the next three years.
Outcome: A Risk-Driven Plan Integrated at the Enterprise Level
This global leader now has a comprehensive, layered and risk-driven plan in place to integrate its approach to implement an enterprise level strategy. While it will take three years to accomplish, some actions are expected to yield measurable results within six months. These include (1) rationalizing the security budgeting and reporting process, (2) capturing large-scale procurement savings opportunities, and (3) immediately increasing cross-business sharing of in-house security-related best practices.
Unplugged: The Project Manager’s Perspective
“Every Security Strategy Blueprint has to be anchored in an honest and accurate current state assessment that ‘pulls no punches.’ You absolutely have to know the status on the ground in order to build a path up and out of the fog of daily security operations toward a more strategic vision of what security should be doing for the business and bottom line. What made this project different? This is a company with many businesses and leaders. By talking to their ‘top 50,’ we were able to capture terrific insights into their respective priorities, concerns and requirements – from a completely neutral, independent perspective.” How will this security department meet those expectations? It’s all in the Blueprint.”
The ACTION WEDNESDAY Tool Box: Two Key Take-Aways
- Recognize that an independent perspective can bring important advantages to the enterprise. In-house assessments can be effective – but their findings can be skewed by internal agendas, organizational politics and the agendas of managers at various levels of the organization. Even the perception, however unjustified, of a latent bias in analysis and recommendations can undermine leadership’s acceptance of the assessment’s outcomes and its commitment to translating its guidance into an effective security strategy.
- Cultivate strong championship of the process at the highest levels possible within the enterprise – and use this leverage to drive accountability for strategy completion. Strategy blueprints require a strong vision, commitments about how to organize and manage complex, and often global, security operations in a matrix-based decision-making environment. Don’t underestimate how critical it is to have leadership champion this endeavor at every stage.
(What’s it like on the front line supporting the firm’s clients? What are the challenges the firm’s experts help senior business executives, general counsel, board members and other decision-makers address? Welcome to ACTION WEDNESDAY. Every Wednesday, the Front Line Blog publishes a new case study.)