Building a business case for security can often be a daunting task, presenting multiple challenges. Now there’s a solution, one that works and makes good business sense. It’s defining the real and measurable value your security business brings to any organization. We’ll discuss how to calculate the real value Corporate Security brings to an organization. It’s called Value Proposition, and it works.
The realization that the sum total of all our efforts was not producing the results we needed led us to look at applying proven business skills to Corporate Security. We asked ourselves about the basic business function of Security, that we couldn’t do today’s job with yesterday’s methods, and expect to be successful in the future.
We began to ask questions of ourselves – and not easy ones.
We also asked the question as to what we learn from tough economic times.
Value proposition mathematically is simply benefits minus cost (VP = B – C). It is a security statement that speaks to how security services addresses and/or solves problems or improves the company’s position. It describes how Security brings specific and quantifiable benefits to the company and tells the company how their security differentiates from other security models. The Value Proposition of Security also describes how Security contributes to the company’s productivity and it’s bottom line. “What we are about is helping the company run its business in a risky world.” The value of Security to the company is its ability to identify and manage risk.
Corporate Security’s Value Proposition may be the most essential part of developing and evangelizing its business case.
Building a business case for Corporate Security is often a daunting task. Challenges include:
Given these issues, Corporate Security can address, mitigate, reduce, or even eliminate risk and loss, threats, and provide a workplace environment that enhances productivity and does contribute to the bottom line. There are three major elements that will drive Security’s value dramatically, allowing a quantifiable, measurable, and reportable value. These elements are derived from the Cooper Management Model, developed and implemented by Bill Cooper, Senior Security Manager and retired Chief of Police.
Part 1 – Lean Six Sigma’s Applicability to the Value of Security
By definition, Lean Six Sigma is a business philosophy centered on the relentless identification and elimination of waste, re-works, and redundancy from all processes so they flow at the rate of customer demand, at the same time improve the overall quality of the output. Lean Six Sigma is the optimization of value in all processes. Lean Six Sigma will provide exactly what is needed, when it’s needed, in the form it’s needed. In other words, business process simplification. Lean Six Sigma can be applied to anything. Lean Six Sigma is made up of principles, methods, and tools that are designed to improve the speed and efficiency of any process by targeting and removing unnecessary and wasteful steps or materials – Lean Six Sigma identifies bottlenecks found in processes and systems.
Lean Six Sigma provides a common foundation to support production of services (and goods) for our customers of value to the customer with a high degree of quality and minimal waste. The most significant benefit of Lean Six Sigma is the large-scale cost savings realized sooner rather than later due to streamlined processes. Lean Six Sigma’s goal is growth, not just cost-cutting, with emphasis on effectiveness, not just efficiency. Part of the overall strategy is to teach the organization not only how to improve, but how to innovate.
The need for more efficiency and effectiveness in virtually everything an organization does continues to grow and become more of a priority. Identifying and eliminating what doesn’t add value and reducing cost become more important every day.
Lean Six Sigma is continuous improvement, a process improvement methodology, a results-oriented, focused approach to quality. Lean Six Sigma minimizes mistakes and maximizes value and creates precision in the work. It measures and sets targets for reductions in problems and defects which translates into cost and time savings and dramatically reduces the chances of introducing errors in the future. Lean Six Sigma develops the practice of getting it right the first time.
Lean Six Sigma is the single most effective problem solving methodology for improving organizational performance. The evidence leads you to the real causes of problems, allowing easier solution generation. It improves the speed to completion – you don’t have to work harder or faster to produce more speed; this removes the barriers and obstacles, getting you from beginning to end faster.
Departments have inconsistency in their processes, systems, and services. Professional results demand consistency; inconsistency degrades good performance and inconsistency is all about waste, redundancy, and re-doing work that has already been done.
Any task that can be performed more efficiently and isn’t is an example of poor quality and increased cost – waste.
Benefits of Lean Six Sigma
Part 2 – The Value of Business Intelligence to Decision Making
Security organizations collect large amounts of information and data as a result of their daily operations. Using that data to create usable information and actionable intelligence is a key element of good security management. Organizing the information in as near real time as possible and displaying it in a useful manner is critical to allowing proper decisions regarding deployment and actions required to provide the organization with measurable, articulable results. The purpose of a good business intelligence system is to improve the availability and quality of information useful for making more informed management decisions – based on facts.
Establishing a business intelligence architecture in your security organization can transform this raw data into meaningful and useful information. Business intelligence provides historic, current, and predictive views of your operations. If you were asked by superiors to provide essential information – facts – about the real results Security is providing, could you do it? Do you have quantifiable security performance metrics that show an improved state of security and safety in the organization? Do you have – and use – metrics that consistently and intelligently assess outputs and results?
Business Intelligence also provides Security with two further opportunities:
Intelligence is crucial to managing security. When developing and deploying business intelligence, the broader the distribution the higher the return. The more real-time the intelligence distribution the more agility Security has in addressing security and safety issues and concerns.
This data-based analysis improves the quality of decision making throughout the organization by replacing hunches and guesses with data-based analysis. The ability to identify real causes allows Security to design and deploy solutions that produce results that are unmatched.
Producing business intelligence in a graphics-rich format allows faster, far more accurate deployment of staff and resources to real problems, producing real outcomes. This system additionally measures performance and accountability.
Based on the original NYPD CompStat program, this business intelligence system asks four questions, each requiring answers:
The benefits of a good, robust business intelligence system include:
Part 3 – Employee Involvement in Organizational Security
Organizations speak frequently about employees being involved in working with their communities to enhance their quality of life. These organizations seek to hire and retain good employees and Security is no different. The purpose here is for Security to partner with the organization’s staff and employees as a force multiplier in keeping the company safe and secure. By successfully doing this the company can reduce its costs, time to complete work, and improve its profit margin.
Employees, typically new to an organization, are provided with orientation that may include direction on how to keep themselves and corporate assets secure – most of this orientation is inadequate. If assets are lost or stolen, the cost to the organization may become very large. Risk of loss and vulnerability to loss increase proportional to lax behavior on the part of employees.
It is Security’s responsibility to assure assets and people are protected. In reality, Security traditionally follows a reactive management model, reporting loss or other issues after the fact. The value of Security increases exponentially as it transforms into a proactive, results-based model. By a proactive approach, security officers look for and identify security and safety issues, escalate them to the appropriate people, and follow up to assure they have been addressed.
Examples of real cases include the following:
Asset protection – proactively patrolling the company’s buildings security officers observed unsecured laptop computers by the hundreds after hours, even though employees had been given locking cables. Over 400 unsecured laptops were observed. Officers created a professional reminder card, reminding employees of the need to secure their assets. Officers signed, dated and placed the cards on the desks. In a 30-day period these unsecured laptops were reduced by 98% and kept there.
To calculate the value of this one security activity, assume 20 laptops per year were stolen. The value of the computer is about $1,500. The value of the intellectual property on the computer varies. Now, examine the time and loss associated with replacing the computer. Question 1 is how long the employee who lost the computer takes to get fully re-engaged. On average it is about 10 days – 2 weeks. Determine how many people are involved in reporting the loss, authorizing the replacement, ordering, preparing, shipping, and formatting the computer before it goes to the employee. On average the cost is between $10,000 and $20,000 per loss.
If 20 laptops are lost annually, the effective loss to the company is estimated to be about $200,000 – $400,000. As Security reduced that loss by 98%, Security saved the company some $196,000 – $392,000 in cost avoidance. By simply quietly and subtly engaging the employees in securing their own assets, Security saved a significant amount of money.
To further this example, Security conducted an assessment of access control on the campus. Each building required a card key to enter, but due to tailgating, employees letting people in, etc., Security determined 56% of the employees entering the executive building did not have or use an access card. With 17,000 visitors annually, Security and the company did not know who more than 9,000 of them were – a significant risk and vulnerability.
Security implemented random visits to visibly remind employees to use their cards and not allow tailgating, etc. In six months, a reduction of 90% was realized, resulting in 8,500 fewer people entering than previously. Security’s random reminders to employees had those employees reminding fellow employees, visitors, and others to use a card key to get in.
Look at the cause and effect relationship to establish real value of Security. The report to the C-Suite stated that people had less than a 10% probability of entering one of the buildings, and f they did get in, had less than a 2% probability of taking something of value.
Overheating IDF/MDF rooms – server farms – this company had 10 such rooms. If the rooms got to a certain temperature level, they overheated and shut down. It cost $100,000 to reboot them and get them in working order. The security officers proactively began to check each room on each shift. In a 1-year period they found the rooms overheating 184 times. The officers acted on the spot and prevented the loss to the company.
By proactively patrolling, looking for problems, the officers saved the company more than $18,000,000 annualized.
We’ll next look at, define, and establish the value proposition of Security in any organizations.
Part 4 – The Value Proposition of Security
Value proposition is a clear, compelling, and credible statement of the experience the company will receive from Security. Value propositions work because they force Security to focus resources where they are needed; articulating this value increases the visibility and presence of Security in the organization. The presence of properly managed Security allows the organization and its employees to enhance productivity and optimize performance, decreases costs and issues and increase profit.
Security needs to ask and answer these questions to describe itself and begin to articulate its value:
Recall that Value Proposition is simply Benefits minus Costs (VP = B – C). To calculate value use that formula. Assume the cost element is the Security budget. Using the previous case study involving IDF/MDF rooms we determined that Security’s proactive patrol model resulted in more than $18,000,000 in cost avoidance. In this instance the Corporate Security budget was $9,000,000. The Value Proposition is benefits minus cost, or $18,000,000 – $9,000,000, or for every dollar spent on Security, Security returned two dollars. This is just one example; imagine doing this for each instance. In this case Security told the C-Suite that for every dollar invested in Security, Security was returning between $2 and $100 – quite a compelling ratio.
In the instance of unsecured laptop computers, the cost of the reminder cards was about $200. The cost avoidance at the lower end was $200,000, so in this case for every dollar invested in Security, Security returned $1,000. This is yet another compelling statement.
Tying the Parts Together
Any one element of these models works very well as a stand-alone system; each has been proven successful in its own right. The strength of each part is amplified when they are combined into a single management model.
Finally, “Do not lose sight of the fact that you are the core to your venture’s value proposition. What solution can you deliver uniquely well? What kind of disruptive business model can you bring? Be true to yourself as a thought leader and you will go far.
 Chief Security Officer Online, August 1, 2003. Security’s Value Proposition.
 The Cooper Management Model, copyright 2010, 2015. Bill Cooper.
 Leading Beyond Tradition: Exceeding Expectations in Any Economy, Cooper, William E., 2012
 Leading Beyond Tradition: Exceeding Expectations in Any Economy, Cooper, William E., 2015
 4 Steps to Building a Compelling Value Proposition, Skok, Michael, 2013. Forbes Magazine, https://www.forbes.com/sites/michaelskok/2013/06/14/4-steps-to-building-a-compelling-value-proposition/#1b8c59f94695
Co-Authored by Michael Delamere