Printer Friendly

The art of planning.

THE 1990S HAVE BROUGHT NEW CONCEPTS to the security industry. Terms such as downsizing, do more with less, and profit-center orientation have begun to have an effect on security departments and their place in the corporate structure. Many security practitioners now recognize the importance of aligning security functions with the overall corporate entity. A key element of this type of preventive security is a written plan.

In the informal style, a security manager may periodically engage in various planning tasks to give direction to the security function. Planning will probably be spotty and unfocused. Obvious areas of concern may receive attention and resources, but overall unification will be absent. The effectiveness of this type of planning is likely to be marginal and unrecognized. At best, it may help the security department react to given circumstances as they occur without the advantage of adequate prediction.

Formal planning makes a number of assumptions concerning the role of the security department relative to the organization. It assumes that the security department is expected to identify issues and propose the means and resources necessary to meet anticipated needs. The formal plan extends beyond next week and looks at long-range issues and solutions. Another assumption is that the department is such an integral part of the overall corporate structure that the success of the organization becomes one of the security department's own goals to strive for each year.

The degree of planning formality may be stipulated by the organization or may be self-imposed by the department manager. The plan may be presented as a briefing to senior management with a summary and a request for support, or it may actually exist as an overall strategic plan. Regardless of the format of the final product, a comprehensive formal plan requires a series of steps.

Fact-finding. This phase consists of data collection and analysis. The amount and focus of the work will depend on the general circumstances of the department and the organization. For example, assume that a security manager has been hired by the Albatross Production Company. The manager is taking over an existing department in a manufacturing facility and has been asked to produce a three-year operating plan with the objective of revitalizing the security staff and turning the department into an effective contributing member of the organization. (The author has used the same concept to enhance museum security at his Canadian institution, but uses a manufacturing facility to illustrate the universal applicability of the planning approach.)

The first step is for the manager to take stock of the existing directive, policy, analysis, and planning documents. He or she must determine the adequacy of the existing documents and identify any material that is out-of-date, unclear, or inadequate. The manager should then list any analyses, policies, or other documents that do not exist but need to be produced. He or she should revalidate materials that are adequate and draft an itinerary of documents that must be updated or created. This step should include a priority ranking and a time schedule.

In our example, the manager found that the company had an adequate but poorly formatted policy and procedures manual, a fire safety plan but no emergency preparedness plan, an out-of-date risk analysis, and no job descriptions or post orders. In addition, he found that staff planning and development were nonexistent, and the site security survey missed several important aspects that needed to be identified and addressed.

Once the manager has taken stock of the documents that govern and direct the operation of the security department, he conducts an analysis of the department's functions. The purpose is to chart the structure of the department, define its current performance, and record its historical development in terms of personnel, physical, and administrative systems.

Field interviews. The analysis process must include field interviews with key members of the department and relevant external staff who can explain why the department developed as it did. Additionally, interviews with key external staff will determine the performance expectations that other department managers possess as well as promote the security function by indicating the direction the department plans to take.

The Albatross security manager can also use the interview process to gain acceptance for the planned changes and to solicit opinions about the security needs from other departments. The objective is to include in the formal plan a description of the developmental history of the department and a description of current responsibilities. The benefit to the department is acknowledgment by the approving authority of the condition of the department and its contribution to the overall organization. The security manager will also gain a clear understanding of how the department's performance is perceived as well as what other managers require of the department.

Physical security review. Physical security should be reviewed on a case-by-case basis. A cursory examination of the major elements of the physical protection program should reveal the general state of affairs and suggest the amount of resources necessary to raise the level of security to a required minimum. The objective here is not to become entangled in a comprehensive study of the physical security program but to establish the amount of planning and work necessary to address the program's problem.

For instance, the Albatross security manager, might have determined that the intrusion detection system was ten years old and subject to so many false alarms that the staff ignored them. Moreover, he might have found that many locations within the plant were obviously inadequately protected. Perhaps documentation revealed that systems maintenance and upgrading was virtually nonexistent.

A reactive manager might be tempted to tackle the intrusion detection system problem without further ado. However, our example manager would determine that replacing the intrusion detection system is a major undertaking in terms of time and monetary resources and must be examined in relation to other issues under consideration in the operating plan.

Mission statement. At this point the Albatross manager decides that the security department lacks a clear mandate for itself. The department has been unfocused and isolated. In this case, since it is the first time the department has produced an operating plan, the manager has decided to incorporate a department mission statement. It will be the starting point for the security manager's anticipated changes.

Since all of the key executives have been consulted, the Albatross security manager is comfortable drafting a mission statement. The statement is consistent with and complementary to the corporation's mission statement and is subsequently circulated to key company officials for consideration. The security manager elects to have the mission statement approved by his senior manager and thereby obtains the first recognition of a positive improvement to the department. The security staff is briefed on the purpose of the mission statement.

Key issues. Once the background material has been assembled, the manager must identify the key issues that are central to the planning of the department and that affect the organization as a whole. The issues can cover a wide spectrum of topics depending on individual circumstances. The key is to identify the major tasks that must be satisfied as part of the plan's objective.

For instance, the Albatross manager may select twelve issues that will be incorporated into the operating plan. They could range from a program of intrusion system upgrading and a revision of the policy and procedures manual to the development of an emergency preparedness plan and staff development planning.

Ultimately, the issues encompass any concern that affects the department. It is important to remember that the plan has a finite duration. The amount of work necessary must be balanced against the time, staff, and other resources available. The security manager's goal is to select the highest priority items for consideration based on the time realistically available. It is better to succeed at a few tasks and be perceived as effective than to undertake too many goals and be stigmatized as ineffective when deadlines are missed.

Implementation. Once priorities are identified, the plan should describe what is needed for effective implementation. For instance, it might include a description of all of the people, organizations, and agencies that could be considered stakeholders. Stakeholders are those entities that have authority over the department or are significantly affected by it.

Stakeholder recognition is important because it demonstrates the wide variety of influences or memberships to which the department is subject. Stakeholder identification will also enhance senior management's knowledge of the security function. Senior management may not be aware of all of the stakeholder and may accord additional regard to the security department in light of the enhanced knowledge of security's importance.

Stakeholders may need to be consulted on various aspects of security planning. Some police forces could be considered stakeholders, for instance, if they rely on the security department for a contribution to public policing, such as auxiliary support forces, data gathering, and reciprocal information sharing.

Senior management is obviously a stakeholder. Other examples of stakeholders include the board of trustees or directors. This has become even more evident in light of director liability in some countries, such as Canada.

Opportunities. Another integral component of the plan is a description of the opportunities available to the security department that will allow for the successful accomplishment of the objectives. Here, opportunities refer to the methods used to meet objectives. By describing them, the manager may garner support for the planned approach, as well as the goals.

The Albatross security manager may suggest that senior management require a monthly presentation of security operations to senior management. The presentation will include a summary of important incidents and an update on the plan's progress or related projects. The purpose of the presentation is to stimulate awareness of the security function among sometimes indifferent senior management and to encourage the full integration of the department into the corporation.

Objectives. The plan must include a statement of objectives that identifies the criteria that must be met in order for the plan to be considered successful. The criteria may be general or may be specific to one or more issues. The objectives must be reasonable. For instance, our manager may want to broaden the corporation's awareness of the security department. This will be accomplished in part by the monthly senior management meetings. But, as an objective, the plan may call for establishing better lines of communication and interaction between the department and the rest of the organization's divisions.

The desired result of the planning process is general support of the security program and acceptance of the need for protection. The objective is general in nature but the specific applications are evident. Also, the generalization of the objectives allows for multiple approaches to problem solving at the manager's discretion.

Plan organization. Once the manager has completed the elements of the functional analysis, the task of plan organization starts. The manager has identified the relevant issues, gathered background data, decided on objectives, and formulated strategies for accomplishing plan objectives.

The manager must organize the issues and resulting objectives into one-year tasks. The arrangement should be based on priority to the organization and the relative expected improvement to the targeted operation of the department. Plan costs are, of course, a factor in determining annual tasks. It would make no sense to plan an unsustainable increase to the operating budget or the capital budgets.

The Albatross manager may determine that an upgrade to the security system is needed but would cost roughly $150,000. He may find that while the concept of a system upgrade is acceptable to management, the financing will cause the project to be delayed or implemented in stages.

The annual objectives should coincide with the issues that are described in the long-range plan--typically a three-year plan. There should be no hidden surprises here. Sometimes, multiple annual objectives may match up with one planning issue or objectives may extend through several years of a plan. Alternatively, perhaps only one task will satisfy the objective.

The amount of detail that goes into the annual objectives is one of personal preference and may also be partly determined by the security manager's immediate supervisor.

There are advantages to breaking an issue into several tasks or objectives with clear descriptions. The plan will exhibit clarity of thought and comprehensiveness without being overburdening; it will describe a logical sequence of tasks, making it easier to implement them; and the relationship between related issues and tasks will be more obvious to management.

If the interrelationship between issues and tasks is unclear, it may be harder to achieve objectives. For instance, suppose the Albatross security manager has decided to upgrade the intrusion detection system over three years. The intention would be exceedingly vague if the manager simply stated that the first-year objective was to start the intrusion system upgrade, the second-year goal was to continue it, and the third-year objective was to finish.

What exactly is to be started? How can performance be gauged? It would be more logical to define the objectives clearly. For example, first-year objectives could include the following:

* Conduct full risk analysis and vulnerability survey with special consideration to intrusion detection point coverage.

* Research current state of detection technology and integrated systems over two-month period concurrent with first objective.

Financial analysis. The last component of the plan is a financial analysis, or cost summary, to implement the plan. Naturally, some tasks that require financing cannot be fully budgeted. More work may need to be done before the true cost can be calculated, but this situation may be more the exception than the rule.

The three-year plan cannot be considered a plan if a budget and the potential financial impact of the program are not included. Again, the immediate manager or controller can and should be of assistance. It is also wise to include a list of financial assumptions. Funding sources for various tasks and projects should be identified where possible. An annual budget increase allowance is also a good idea.

The firm's controller may specify how the calculations should be treated (for example, present net dollars or percentage annual increase to operating budget per year), and how the capital projects should be financially justified. When the security manager demonstrates a familiarity with the financial concepts and language that the chief executive or chief financial officer uses to determine relative worth of corporate projects, the chances of security projects receiving funding are much improved.

As financial assumptions change, the manager should review the budget. He or she can make the necessary corrections to the operating plan based on the new information.

Updates. Once the draft plan has been completed, it should be reviewed by the immediate manager prior to ratification by senior management. This step should be self-evident. If missed, it could spell disappointment for the security manager.

After the plan has been reviewed and approved, the manager must consider how it will be monitored and how it will be updated. Ideally the plan should be updated annually so that the department always has a current three-year plan. This ensures yearly planning and prevents the plan from simply gathering dust on a bookshelf.

To monitor progress, the manager may simply itemize the tasks from the plan and program them into a calendar. A more sophisticated approach is to construct an action or work plan. Either way, even the best made plans are for naught if they are poorly executed or left unmonitored.

A good operating plan is well researched and constructed and offers tangible and meaningful results. It is reasonable in its assumptions and encompasses every aspect of security operations and all appropriate facets of the corporation.

The initial effort is not easy, but the manager's challenge is well rewarded when senior management acknowledges security's contribution to the corporation's success.

William Plante, CPP, ASP (Accredited Security Professional), is chief of operations of the McMichael Canadian Art Collection in Kleinburg, Ontario. He is the Ontario Region Chairman of the Canadian Society for Industrial Security, Inc., and is a member of ASIS.
COPYRIGHT 1993 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1993 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Management; security systems
Author:Plante, William
Publication:Security Management
Date:Mar 1, 1993
Previous Article:Keeping conversations confidential.
Next Article:Get a piece of the privatization pie.

Related Articles
Successful renovations require tenant input.
Reaping the rewards of teamwork.
Lasting impressions.
Cyber Risk Guide.
A higher degree of security. (Working Wise).
City conducting study to strengthen Fulton Street corridor.
Physical security.

Terms of use | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters