Where best to invest your scarce protective dollars
In these interesting times there is some pressure within corporations to do something about protection. Some managers, not realizing that security is about increasing productivity and profit through managing risk, consider security to be overhead with no payback, interpret this to mean spend as little as possible to give the impression of positive activity.
Independent of how you view security, it is fairly clear how best to spend protective dollars: On independent threat, vulnerability, and risk audits.
Audits have four benefits. First, they don’t cost a lot, so no matter what they show there is little downside. Second, because audits, by their nature, are done by outsiders with little vested interest in the results, they tend not to be biased by the internal culture. Third, because the inside staff (who often know exactly what needs to be done, were they but able to get anyone to listen) is interviewed, known but ignored problems are revealed. Most importantly, they bring a fresh look at the forest, and not just the trees, often producing unexpected and valuable results. As an example, in a recent Latin American audit focused on protective services, we made recommendations that cut down on shrinkage in a plant sufficiently to quickly cover the cost of the audit. Lest you think petty theft is only of intellectual interest, or more germane to Latin America than to your operation, we remind you that the Small Business Administration said that 60 percent of business failures are a direct result of internal theft.
Audits can be general or specific, depending upon you needs. We at the LUBRINCO Group do general audits, protective services audits, OPSEC audits, counter-surveillance audits, crisis management audits, and due diligence audits covering financial practices, safety practices, hiring practices, and a host of other things which we feel fall under the mantle of due diligence (i.e., you can be sued for negligence if you haven’t done it).
It is not uncommon – nor undesirable – for an audit to show that things are being done well. It a good defense in case of suit in the future. Remember that the goal of the audit is to see what is being done and what has been overlooked, and not to find fault. In most cases, however, no matter how good an operation may be, a trained outsider is likely to find something that can be improved in a cost-effective manner.
When an audit is completed, you will have a sound basis for deciding if and where you should spend additional protective dollars, and where, in some cases, you might cut back on spending. At that point you can assess your vulnerabilities make a rational decision as to how your scarce dollars may be most effectively spent to manage and or transfer risk.