Printer Friendly

Six secrets of a successful survey.

Industrial Security Professionals are facing ever-increasing challenges. Companies continue to streamline operations, targeting for cuts those who are not involved in the hands-on production of the company's product. The industrial security staff is often placed in this category. Security professionals must meet these challenges by taking a more preventive role. An asset protection survey is one way to accomplish that goal.

An asset protection survey (APS) is a combination of risk analyses, cost-benefit analyses, continuous process improvement analyses, and asset protection methodologies. An APS is an excellent way to identify weak links in the protection of assets and analyze the risks associated with those weak links. Based on the results of the survey, a management report can be prepared recommending needed changes in company policies, procedures, and budgets. These improvements can mitigate losses as well as reduce insurance premiums.

The APS methodology emphasizes process identification and analyses. It combines approaches used in auditing, inspecting, and interviewing. An APS should be conducted using a project plan. It should include a schedule with a start date, task time lines, and an ending date, as well as an objective to be accomplished. Generally, it should not last more than twenty business days. If it does, the project should be divided into smaller surveys.

The project plan should follow a standardized format to ensure consistency in all subsequent surveys. Once the security staff is trained in the standardized approach, APSs can be conducted simultaneously by various staff members in a consistent manner.

Six elements make up the plan of an APS. The justification for the survey is the main element presented in the first section of the APS plan, the introduction. This element addresses the questions of who, what, where, when, why, and how. It provides the basis for the survey and the approach to be used. The introduction should be written in simple terms; losses or potential losses of assets should be explained; the scope should be addressed; and the target should be identified.

The objectives of the APS, presented in the second section, should be stated in one or two clear and concise sentences. It is easy to become side-tracked while conducting an APS. By continuously referring back to the objectives, security professionals can focus on the results that are expected.

The third section presents the operational steps that are to be carried out to gather information relative to the target. It should include an identification of the process and the laws, rules, directives, policies, and procedures that apply. Also included should be the identification of people to interview, as well as key organizations and personnel who may be involved.

Resources are a vital part of any survey and should be addressed in the fourth section of the plan. This portion should identify the resources, such as people, equipment, and funding, that are needed to conduct the APS.

The fifth section, which deals with scheduling, should state all tasks related to an APS in the form of a project chart using time lines for management to track. Finally, the analyses section should be used to document the results of the survey tasks. Based on all interviews and reviews of all documentation and the process, an analysis of the results should be provided. The identification of specific threats, vulnerabilities and risks, as well as recommendations to mitigate those risks, should be included. This is crucial. This section is where the security professional determines how well specific assets are protected.

After the survey, a report should be prepared to address the survey's findings. The report should begin with a letter that not only introduces the report but also requests a reply from the reader concerning the report's recommendations for action.

Before the report is written, the writer should identify the specific audience and what he or she expects the reader to gain from the information presented. The analysis must add value to the company. It must show that the services security provides, such as this APS, are needed and benefit the company. The problems, their impact on the company's assets, and the assets that are the responsibility of the reader must be clearly explained. Recommendations must be presented in the reader's job terminology so that the reader will understand, whether he or she is an executive, an engineer, an accountant, or a security professional.

The report should consist of an executive summary, an introduction, a description of the environment, a process description, and recommendations. In the executive summary, a brief summation of the survey should be provided. It must not exceed one page. It should provide a short overview of what was done, why it was done, what was found, and recommendations.

The project should not be summarized here in chronological order as if the writer were documenting what has been done. It should be written as if telling a story.

The executive summary should culminate in a sentence or two that makes the desired impact on the reader. The summary is a standalone page and should be written last. Remember, readers are busy; this survey should capture their attention and intrigue them to read the details of the entire report.

The introduction should provide information on why the survey was conducted. It is important to show the impact on the protection of company assets. The key is to get the reader's attention and also to get that reader to agree that the survey adds value to the company. The writer should concentrate on value-added, cost-savings, and asset protection concepts and themes.

The current environment section is used to describe the environment of the survey target. This gives the reader an idea of the size and volume of the target area.

Using the laws, policies, and procedures documents, the process description section describes how the process works. It is important to use an approach similar to a systems analysis and identify and breakdown the process and subprocesses.

The threats, vulnerabilities, risks, and recommendations section should be kept simple. It should address a specific vulnerability with a specific threat and a specific risk with a specific recommendation. It may also be useful in this section to identify the person needed to address the problem - the person responsible for making the decision to implement changes. Often reports do not clearly show readers that it is their responsibility to make a decision. It is not security's job. Security merely provides the information they need to decide.

Each threat should be examined. A threat is a natural or deliberately created act or event, for example, an earthquake or arson. Specific vulnerabilities should be listed in the threats, vulnerabilities, risks, and recommendations section. It may be useful to thoroughly cross-reference each vulnerability with each threat, risk, and recommendation.

Risks should be defined as high, medium, or low. A risk level is an assessment that is the best educated guess based on experience, statistics, history, and the information developed during an APS. It ranks the probability that a threat will take place.

Recommendations should be listed with projected savings, cost-benefits, and value-added information. The projections should be realistic not idealistic; practical solutions should be provided. Recommendations should address how the level of risk will decrease if the suggestions are followed.

As a company downsizes and the risks to the company's assets increase, security professionals should be more preventive in protecting those assets as a value-added function. An APS is an efficient and effective method to accomplish that goal.
COPYRIGHT 1993 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:security industry
Author:Kovachich, Gerald L.
Publication:Security Management
Date:Sep 1, 1993
Previous Article:System selection and set up.
Next Article:Management's neglected tool.

Related Articles
Online crime costs rising.
Sweetheart deal.
Six Secrets of Successful Bettors.
Disaster training in transition: disaster response plans needed, companies know.
"Top Secret" clearance = 14% pay raise.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters