printer friendly version

Management vs security: how management undermines security effectiveness

A few years ago I was contacted by a security manager at a major South African company. The company was putting in a CCTV system to safeguard the warehousing operation and was pulling out the physical security. The security manager had a number of extremely good ideas and one of the things he wanted to ensure was the quality of the CCTV personnel that would be operating the system.

He recognised, as I have indicated before, that CCTV systems are only as good as the operators who handle them. The security manager had insights on how our CCTV operator selection instrument could be applied that were way ahead of much of the industry at that stage. This was also prior to our product becoming the effective de facto international standard for CCTV operator selection. Because this selection had human resources implications, we arranged to present it to an HR officer responsible for the appointments in the warehouse. The HR officer, who was in the second year of studying for her diploma, said during that meeting that "these are low level personnel and we do not have to spend any money selecting them". In doing so, she totally devalued the whole worth of security, and in a site responsible for hundreds of millions of rands warehouse turnover per year, probably added a few millions, if not tens of millions onto the potential shrinkage account.

This warehouse example was a classic situation of somebody in a position who did not have the slightest clue about security but who had the influence to critically damage the effective implementation of a security programme.

At a major airport last year, a trainee manager designated to look at training requirements for CCTV control room operators decided on telephone techniques and stress management rather than operational training critical for effective performance. Given the failure of meaningful development skills training, it is likely there really was subsequently a strong need for stress management, and the passengers who lost items in the baggage handling process probably thought so too.

The limited management awareness and perception of security is steadily being addressed as security becomes more important at a business and personal level. However, current management culture can still seriously undermine the effective implementation of security. Insufficient knowledge of security functions and what is required to implement security strategies remains one of the biggest dangers to effective implementation. Ironically, human resources sometimes appear one of the worst culprits within the management groupings. Cases where security related issues are passed down to lower level management in other functions undermines security significantly.

Managers are also responsible for not only creating a culture of security, but providing role models for adhering to security principles. However, often managers think that they are too good to be subjected to the normal provisions of security. They feel entitled to bypass security precautions because of their status. Senior personnel, as evidenced from various fraud cases, are not immune to committing theft. By implying that they are different and should not be checked by security, they undermine the very security precautions they are supposed to be promoting. This is a far cry from setting examples of how their personnel are supposed to behave. At the same time, security managers bear a responsibility for ensuring prompt service and processing for all personnel in the organisation to avoid the frustrations that can lead to circumventing security provisions.

Managers, particularly financial managers, can also be prone to looking at security in financial terms. This effectively is the annual outlay of cost for security systems and personnel. The cost benefit implications of what security is doing is seldom looked at. Of course, this would be simpler if security managers could quantify, using the same language and tools, how much they are saving the company, but this seldom happens. The management philosophy is that internal security is costing me X amount - therefore lets get rid of a number of the people, or replace it with contract security, which will cost Z.

The loss of organisational knowledge, techniques and procedures, training and commitment, among others things, are ignored or disregarded. Security for these kinds of managers is simple amounts of money and feet in shoes. Unfortunately, this also sometimes happens within security contractors where, for a pricing at lower amounts, at which it will be often almost impossible to do a good job, rival contractors take the contracts. It is very hard in the security industry to position yourself as a quality provider with a higher cost structure, unless the client has a manager who understands that the quality of service will have a significant bottom line on their actual earnings.

When security is doing its job, management can frequently undermine the performance. One of the simplest and most common ways of doing this is to ignore what is coming through from security staff as part of their reporting incidents. Security provides feedback on events or incidents. These could be procedural violations, irresponsible behaviour, safety or inappropriate practices, or actual theft or suspected theft.

There are a few possible reasons for the failure to acknowledge the worth of security content. These range from pressure of work operations, to thinking that the events or incidents are too small to worry about, to thinking security is more a hindrance to production than a help.

Where this management philosophy exists, no action is taken by managers to rectify the reported incident conditions, often even after repeated logging of violations by operators. This increasingly undermines and demotivates the CCTV operators or other security personnel and creates the psychological space and opportunities for people to commit illegal or unprocedural actions. After a time, these become the norm and for all intents and purposes, what looks normal may really be a streamlined theft operation taking place under everybody's noses. Faced with loss figures, managers then turn around and say security personnel are not doing their job. If managers, as part of their performance appraisal systems, were accountable for acknowledging security reports, companies would probably be a lot safer. At least, security would be more aware of its responsibilities and what lay outside of these from a management perspective.

Security needs to define itself around deliverables. Service levels need to be measured wherever possible. Security managers need to commit themselves and put their reputations on the line. Also, security cannot be providing insignificant indications of performance. For instance, where theft is critical but security is highlighting basic procedural violations or safety contraventions, questions are going to be asked about whether management is getting value for money. Security managers need to talk the same language as other managers, and the more they can demonstrate that security is actively saving the company money, the less security will be on the cost reduction agenda, and the more management will have to recognise the positive contributions being made by the security function. Security will have truly succeeded when executive managers themselves are evaluated on the security provisions within their organisations.

Dr Craig Donald is a human factors specialist in security and CCTV. He is a director of Leaderware, which provides instruments for the selection of CCTV operators, X-ray screeners and other security personnel in major operations around the world. He also runs CCTV Surveillance Skills and Body Language, and Advanced Surveillance Body Language courses for CCTV operators, supervisors and managers internationally, and consults on CCTV management. He can be contacted on 011 787 7811 or [email protected]

Share this article:

Further reading: