ISJ Exclusive: Adopting a proactive approach to security management

Effective security managers manage security, ineffective security managers manage crisis, writes Adil Abdel-Hadi MSc (Security Management), CSyP, FSyI and Member of the ISJ Leaders in Security Conference Advisory Panel.

Management is seen as a concept that embodies a wide range of behaviours and decision making, however, there appears to be a consensus on the classic definition of Henry Fayol: “To manage is to forecast and plan, to organise, to command, to coordinate and to control.”

Security management is considered today by organisations as an integral part of their activities, unlike in the past when security was mainly associated with the guard (night watchman) and always related to the military or the police.

In those days, security activities were focused on the criminal threat, guarding assets and access control, with very little consideration given to other elements within the organisation such as profit, cost effectiveness, contingency planning, business continuity management (BCM), effective communication and others.

The growth of importance of security management in business and industry has dictated the adoption of modern management techniques by security managers as well as acquiring new qualifications and skills in risk management and prevention. Certain problems may emerge as there are no specific management theories for security management and what’s available consists mainly of security manuals and guides. In addition, and most importantly, the majority of security managers who may be retired police or army personnel often have very little knowledge of management techniques.

It has become apparent in recent years that there is great pressure from businesses and industry for security risks to be proactively managed rather than dealing or reacting to an event. To do this, security managers need to adopt a proactive approach to security management rather than the widely practiced reactive approach.

Reasonable, realistic and compatible

Security management is considered a matter of focused planning – and planning does not work in isolation from other management functions. On the contrary, it must be reasonable, realistic and compatible with the organisation’s goals and objectives.

The ends are defined and the means are identified to enable the formulation of policies and codes of conduct and practice to be applied. It can be assumed that a security plan drawn within an organisation should ensure that the organisation operates and grows within a secure and safe environment.

As plans are put into action, it will involve the organisation’s human and material resources and one of the essential factors to a successful plan is communication. This makes the establishment of standard methods of reporting and clear channels of communication an essential part of organising a security function.

Then comes the management of people, which plays an important role for successful completion of the management cycle. Without securing the support and commitment of your people to the stated goals, you render any good planning and organisation useless. It has been suggested that monitoring security personnel tends to be a difficult task for security managers because of the nature of the repetitive security work among other reasons such as unsociable hours, pettiness and attitudes.

However, these elements may be overcome by the recruitment of the right calibre personnel, furthering their education and training and establishing clear information and communication channels (circulars, directives, seminars). This is in addition to remuneration and promotional prospects to cement the fact that security is a profession and not a job.

The control part of the management cycle involves measuring the actual performance against preset standards, then taking corrective action as required. However, the concept of cost effectiveness is considered as a method of measuring performance. This makes it a function of the security manager to make decisions to justify their existence economically and functionally. Control may play a major role in this justification as well as showing and demonstrating a clear understanding of the possible causation of crime, the appropriate prevention measures and the response of the criminal to such measures.

Approaching security as a risk management concept has the benefit of including all types of risks, such as crime, crisis, disasters, natural calamity or others. It has always been assumed that security management is about putting appropriate and adequate measures in place to counter foreseeable threats, thus reducing, limiting or avoiding damage to assets.

This can only be achieved if the security manager has the ability and capacity to make the correct decisions, based on knowledge of facts, supported by reasonable predictions and implemented via the process called risk management.

A wider range of risks

Crisis and disasters could be natural or man-made and can occur at any time with little or no warning at all. Their effect could be very severe and have catastrophic effects on the business community and it may take different forms. For example, terrorist acts, negligence, errors, explosions, fires, storms, pollution, epidemics, infestation and technological disasters.

A good example of a disaster is the Chernobyl nuclear plant in Russia, where the enquiry revealed poor safety standards and low safety awareness among employees made them a contributing factor to the incident.

Modern security no longer just includes traditional crimes. It has expanded to a much wider range of risks, such as terrorism, fraud and disaster and crisis management plans. Effective security managers are assumed to have knowledge, skills, imagination and breadth of vision, capable of identifying potential targets within the organisation, measuring the type and extent of threats, creating a plan of action and taking appropriate measures to prevent it from materialising into an event.

This requires the security manager to have a broad knowledge base as well as additional skills in risk assessment and crime prevention in addition to management skills to cater for all eventualities. It is necessary, for example, to have knowledge of the law and culture of the land as well as the effectiveness and limitations of primary and secondary prevention methods and devices deployed on the organisation premises.

It has become necessary for the effective security manager to conduct his/her tasks in a proactive way with greater degrees of flexibility. They must be able to cater for any shift in the organisation activities which may alter the types of risk exposure. Simply reacting to predictable undesired events is not an acceptable practice today.

However, it is common knowledge that organisations are often reluctant to commit resources to prevent future disasters, until a disaster occurs, then the issue of committing resources to risk management becomes a priority.

Managing crisis and disasters is literally managing an unknown event with unknown effects when it occurs. No matter how much training is given in managing such catastrophic events, it is impossible and impracticable to cover all types of incidents or devise a contingency plan for each individual incident, taking into account on the occurrence of a disaster or crisis. The damage has already occurred and managing such events becomes similar to a salvage operation.

Managing disasters is a difficult task and gets even more difficult if the security manager is not prepared. The end result may prove detrimental to the organisation if not managed correctly. The level of preparedness will depend on the type of organisation and business activities as well as the support of senior management to risk management policies and activities.

It has become apparent that the effective security manager is the one that manages security as a risk management concept and is always prepared for all foreseeable eventualities. This is in contrast to the unprepared security manager that awaits a disaster or crisis to occur or dismisses the idea as something that is unlikely to happen – and, therefore, there will be no requirement to worry or prepare for such an unlikely event.

Thus, the acquisition of more professional qualifications and skills in risk/threat management, disaster recovery, BCM, loss prevention and more would without a doubt improve the effectiveness, professionalism and functionality of the security manager.

This article was originally published in the May edition of ISJ. To read your FREE digital copy, click here.