Earlier in the year, we identified a number of trends we expect to see in corporate investigations and security risk management in 2014. One of these (“Better Check That – Before the CFO Does”) was so important I want to give it more sunlight. From my perspectives, and ours here at Hillard Heintze, the conversation and the relationship between the Chief Security Officer and the Chief Financial Officer is a critical one – for security’s mission, for the goals of the finance function, and for the success of the business as a whole.
Joint Challenge for the CSO and CFO: “Are We Making Every Dollar Count?”
Every function funded by the CFO has to demonstrate a clear return – a concrete business value. And prevention is awfully hard to quantify. We see a clear synergy of interests on both the demand side (e.g., the Director of Security or CSO) and the supply (e.g., the CFO). Both seek the same objective: better security risk management outcomes at a lower overall cost to the company. Where do you look?
1. Examine Your Spending and Validate Your Baseline Security Operations
Turn the lights on and see what you have. The bigger your firm, the lower your transparency into cost.
- The larger your enterprise, the more likely that the money that funds processes and systems related to security and investigations are hidden in the shadows.
- They’re tucked away in sub-budgets controlled by business divisions and other functions and they’re disguised in the line descriptions of your third-party vendor invoices for services such as facility support, travel services and technical upgrades and improvements.
Conduct a security operations assessment. Initiate an enterprise-level analysis into all costs related to these areas. You’ll be surprised how many opportunities you uncover to increase security and investigative outcomes and save costs.
2. Create a Security Strategy Blueprint
Develop an actionable business document that is supported by the CEO and other senior business leaders and enacted by your security team. As CSO, how do you do this? Take all the opportunities your assessment identified, spread them out on the table and develop a formal, documented security strategy. Then get the CFO’s feedback and buy-in – as well as that of your other executive colleagues. This will force you to (1) rationalize each security and investigations budget line item with your business’s need; (2) prioritize expenditures so you avoid squandering valuable funds on tactical capabilities; and (3) assign authority, responsibility and timing deadlines.
3. Share the Costs and Capture a Huge “Force Multiplier”
When enterprises and their multiple business units address security as a stand-alone function, security risk management suffers because it leaves the Chief Security Officer’s team with 100 percent of the costs – and 100 percent of the responsibilities.
- The most effective corporate security programs maintain central control for global security policy, but allocate some costs to each business and region.
- Effective programs develop front-line field positions, such as Regional Security Coordinators and business-specific security teams.
- They also provide templates for facility-specific priorities like risk monitoring, business continuity plans, emergency preparedness plans, and active shooter plans.
- Think about it: an intensive focus on security awareness training across all employee classifications is a huge and exceptionally effective “force multiplier” of the risk security team. Ten people with their eyes wide open become 10,000.
Creating Business Value Requires Internal Partnership
When the CSO and CFO collaborate in implementing these three strategies, they promote effective corporate security and investigative outcomes – and concrete business value. What’s your perspective on this? Are there other opportunities inherent in a close working relationship between the CSO and CFO? Let me know your thoughts.