In 2011, the Chief Security Officer of a major global manufacturer laid out his dilemma in simple terms.  “Over the last six years,” he said, “we’ve been systematically formalizing the security function, building up our capacity to manage down the risks that confront out business in many areas.”  He ticked them off on his fingers.  Fraud and embezzlement.  Employee conduct.  Executive protection.  Workplace violence prevention.  The list continued. “But many of my executive colleagues – and even some of our board members – still think of security like we used to: as a tactical environmental, health and safety function.  Or worse, as a ‘check the box’ list of facility management tasks.  Like installing more CCTV cameras and counting outstanding keys.”

A Security Program Annual Report Can Be a Tremendous Driver of Security Awareness

“Prevention is hard to measure,” agreed Hillard Heintze’s CEO.  “Many of our other executive clients are frustrated with the same challenge.  This is about telling your program’s story.  Building awareness at every level – board, management team, business division leaders, functional heads.  Even frontline employees.  This is about explaining security’s business value and its contribution to the core operational activities, service lines, functions and support capabilities that drive your bottom line.” The CEO suggested developing an “annual report” for the enterprise’s global security program.  “Think of this,” he said, “as a multi-year ‘look back’ that highlights the arc of your program’s evolution, its significant milestones, its challenges and successes in serving as a ‘silent partner’ to the business, and the client-service ethic it asked of every salaried member of its global team.”  The CSO agreed and, within days, authorized the annual report and charged his global team with contributing to the collaborative effort.

The Board Takes Note – As Do Internal Stakeholders across the Enterprise

This annual report turned heads.  Board members and executives on the management team referred to the report by name.  Members of the security team at every level – across countries and functional areas of expertise – referenced sections of the annual report for a wealth of reasons.  And ten months later, the CSO asked Hillard Heintze to start drafting the next year’s annual report.

Unplugged: The Project Manager’s Perspective

“Every function within the enterprise contributes value to the business.  Or it wouldn’t be funded by the CFO.  Security does as well but in a unique way.  Sometimes it’s obvious to the leadership team.  But, if the security function is doing its job, much of the time it’s not. We found that developing an annual report for the corporation’s security function is an exceptionally powerful, mission-enabling tactic.  Not just as an awareness tool and an important ‘look back’ of security’s maturation, but even more importantly as a solid platform of shared understanding crucial to gaining buy-in for the next critical planning document: the program’s three-to-five year security strategy.”

The ACTION WEDNESDAY Tool Box: Two Key Take-Aways

  1. Decide When Is the Best Time to Develop an Annual Report for Your Security Function:  Keep a couple of things in mind here.  First, you want to be able to report on progress – so get a few program development years under your belt before you set out to champion results.  Second, just because you call this an Annual Report doesn’t mean you have to publish one annually.  For example, one of our clients has us create one of these every two years.
  2. Define Your Audience and Tailor Your Message Accordingly: Remember – you’re messaging to very different stakeholder groups with widely varying goals and perspectives.
    • Leadership: This ranges from the executive suite to the boardroom.  For this group, keep the message strategic, fact-based, risk-oriented and business-aligned.
    • Security Program Personnel: Champion their success. Show their face. Maybe even give them a voice through quotes or short on-page cameos.  Give them a little sunlight.
    • Employees in Business Divisions and Other Functions:  These are the colleagues your security team interacts with every day – and for this group, you want to remind them in easy-to-read ways (e.g., case study vignettes, employee snapshots) how important security is to their daily tasks and where their awareness and support have driven concrete business results.

There are many other stakeholders of this annual report that you’ll want to consider at the messaging level – so take a layered, prioritized approach to your headlines, structure, content, tone, style, graphics and layout.

(What’s it like on the front line supporting the firm’s clients?  What are the challenges the firm’s experts help senior business executives, general counsel, board members and other decision-makers address?  Welcome to ACTION WEDNESDAY.  Every Wednesday, the Front Line Blog publishes a new case study.)