Client’s Challenge: “How Do We Communicate Security’s Value to the Business?”
In 2011, the Chief Security Officer of a major global manufacturer laid out his dilemma in simple terms. “Over the last six years,” he said, “we’ve been systematically formalizing the security function, building up our capacity to manage down the risks that confront out business in many areas.” He ticked them off on her fingers. Fraud and embezzlement. Employee conduct. Executive protection. Workplace violence prevention. The list continued.
“But many of my executive colleagues – and even some of our board members – still think of security like we used to: as a tactical environmental, health and safety function. Or worse, as a ‘check the box’ list of facility management tasks. Like installing more CCTV cameras and counting outstanding keys.”
Our Solution: Developing a Security Annual Report
“Prevention is hard to measure,” agreed Hillard Heintze’s CEO. “Many of our other executive clients are frustrated with the same challenge. This is about telling your program’s story. Building awareness at every level – board, management team, business division leaders, functional heads. Even front-line employees. This is about explaining security’s business value and its contribution to the core operational activities, service lines, functions and support capabilities that drive your bottom line.”
The CEO suggested developing an “annual report” for the enterprise’s global security program. “Think of this,” he said, “as a multi-year ‘look back’ that highlights the arc of your program’s evolution, its significant milestones, its challenges and successes in serving as a ‘silent partner’ to the business, and the client-service ethic it asked of every salaried member of its global team.” The CSO agreed and, within days, charged his global team with contributing to the collaborative effort.
Impact on the Client: Stakeholders Took Note. And Publishing This Report Became an Annual Practice.
This effort turned heads. Board members and executives on the management team referred to the report by name. Members of the security team at every level – across countries and functional areas of expertise – referenced sections of the publication for a wealth of reasons. And ten months later, the CSO asked Hillard Heintze to start drafting the next year’s annual report.
Unplugged: The Project Manager's Post-Engagement Perspective
“Every function within the enterprise contributes value to the business. Or it wouldn’t be funded by the CFO. Security does as well but in a unique way. Sometimes it’s obvious to the leadership team. But, if the security function is doing its job, much of the time it’s not.
We found that developing an annual report for the corporation’s security function is an exceptionally powerful, mission-enabling tactic. Not just as an awareness tool and an important ‘look back’ of security’s maturation, but even more importantly as a solid platform of shared understanding crucial to gaining buy-in for the next critical planning document: the program’s three-to-five year security strategy.” (See Case Study #152)