Rightsizing and Its Benefits and Costs to Security - Literature review Example

Rightsizing and its benefits and costs to security Rightsizing remains a buzzword in managing firms, business organizations, and governments (Hernandez and Noruzi 2010; Scott 2010; Davison 2002). It is considered important for managing businesses, public budgets and even for managing the International Monetary Fund, the World Bank, and the World Trade Organisation (Gamberoni et al. 2011; Naiman 2000). One survey that indicates that rightsizing continues to be an important buzzword for managing organisations and firms is the Deloitte worldwide survey that covered several industries and that covering several survey respondents from the Americas, Asia Pacific, Europe, the Middle East and Africa. The Deloitte survey revealed that rightsizing is continuously being implemented by firms and organisations (2009a, p. 1). Although rightsizing typically implies downsizing, rightsizing need not always imply downsizing (Ranft and Ranft 1999, p. 195). Meanwhile, according to Budros (1999, p. 70), downsizing is “an organisation’s use of permanent personnel reductions in an attempt to improve its efficiency and/or effectiveness.” Downsizing can be part of innovations in an organization. Innovation is defined as the adoption of an internally generated or purchased device, system, policy, program, process, product, or service that is new to the adopting organization (Budros 1999, p. 73, citing Damanpour 1991). Downsizing can also be the result of several consolidations among firms as they integrate into a single organisation (Budros 1999, p. 74). It can also be the result of firm investments on labour-saving devices and technologies (Budros 1999, p. 74). Not all downsizing lead to rightsizing and downsizing can be too much that it is not longer rightsizing. Further, rightsizing may have to involve the acquisition of a larger organizational or business size to exploit the economies of scale (Ashton 1998, pp. 22-23). For instance, there are goods that are cheaper to produce via mass production and some goods may be cheaper to buy by the dozen. In distributing products, for example, lower transportation costs per unit of the good is realised when goods are delivered in bulk compared to when it is delivered in small quantities only. Yet, rightsizing is usually and commonly translated as downsizing, especially under a situation of economic difficulties. In economic difficulties, rightsizing as downsizing becomes very crucial as downsizing can be the only option for firm survival under very difficult economic conditions or stiff competition. In an economic difficulty, failure of a firm to downsize can lead to her elimination from the market. ‘ As Budros (1999, p. 76) pointed out, “downsizing rates will increase during economic troughs and decrease during peaks.” This happens as economic difficulties or downturns force businessmen to “look very hard at their costs” (Deloitte 2009b, p. 1). In contrast, rightsizing as the acquisition of larger size or scale of operations emerges in a situation when the market is vibrant and there are opportunities to expand the market such as in a situation when markets are globalising or internationalising. The decision for rightsizing comes about as a decision for organisational innovation or change. Rightsizing is needed to “combat excessive headcount associated with operational inefficiencies that arise from sustained periods of organisational growth” (Deloitte 2009b, p. 2). Rightsizing can also result from a shift in strategic direction or from a need to “alter resource and capability profile in order to deliver new strategy and objectives” (Deloitte 2009b, p. 2). It can also result from a desire to “avoid structural inefficiencies by adapting all functions dependent on a department that has modified its structure or capabilities” (Deloitte 2009b, p. 2). Rightsizing can be also be a response to a recession wherein there may be a need to “reduce costs aggressively in response to changing market conditions and declining growth” (Deloitte 2009b, p. 2). It can result from a need to respond to the changing competition landscape by creating new capabilities and reallocating limited resources to reinforce to focus on specific businesses outside of competition (Deloitte 2009b, p. 2). Rightsizing decisions can also be a response to changing customer behaviour and needs and, thus, there is a need to scale down redundant activities and focus on certain businesses and products (Deloitte 2009b, p. 2). Perhaps also importantly, rightsizing can be the result of mergers and acquisitions (Deloitte 2009b, p. 2). Firm size can increase with merger and acquisition but the market may be able to absorb only a firm of smaller size. Rightsizing is important in the 21st century. This is because rightsizing can provide the strategic flexibility and competitive advantage that are required for the 21st century (Hitt et al. 1998, p. 22). As pointed out by The Changing Nature of Business Organisation: the implications for security managers (2002, p. 2), the business environment is changing. Businesses and firms, therefore, must have the right size given a business environment. Some of the changes taking place in the business environment includes the movement from stability to volatility, a global instead of a national market place, devolution of control instead of central control, customer orientation instead of product orientation, pro-activity instead of re-activity, and emphasis on overall-responsibility rather than specialisation (The Changing Nature of Business Organisation: the implications for security managers, p. 3). All these imply a need for a highly flexible organisation and rightsizing as the old ways of doing things become unsuited to the new environment. Further, devolution implies a security management system that is different from a system in which functions and operational control are not yet devolved. A movement towards devolution also implies that security managers must also be good in managing security across devolved units in addition to managing the security of specific units. According to Becker (2007, p. 1), rightsizing can be done in the right way or the wrong way. When rightsizing is implemented as downsizing, one of the wrong ways in downsizing is using an “improper and inconsistent layoff criteria” (Becker 2007, p. 2). Improper and inconsistent layoff criteria can lead to serious problems (Becker 2007, p. 2). For instance, it can create labour disputes and can make employees who used to be loyal to the company to become its enemies. Obviously, this is one possible cost that can arise with rightsizing. Becker (2007, pp. 3-10) identified ten principles for correct rightsizing. First, one must clarify the desired ends or objectives. Second, one must not neglect the human aspects or the effects of rightsizing among people and must take steps to cushion their impacts while encouraging voluntary actions such as voluntary resignation from the company or requesting a change in employment classification from permanent or regular employees into contractual or part-time employees. Third, one must develop a plan for communication and assign someone as the singular point for communications. Fourth, judgments on who should remain or go should be judicious. Fifth, one must manage rumours or misinformation immediately before, during, and immediately after implementing rightsizing. Sixth, one must have a road map or very clear steps or sequence to follow in rightsizing and this implies the use of management tools like the Gantt chart and performance evaluation and review techniques or PERT. Seventh, one must develop systems for smooth transitions into a right sized state. Eight, implement the rightsizing program. Ninth, boost the morale of surviving or continuing employees. And tenth, check on the results and communicate the gains or achievements from the rightsizing. The aforementioned principles for implementing rightsizing derived from Becker (2007) are useful for security rightsizing as well and can be considered as among the benefits of rightsizing literature for security management: the ten principles formulated by Becker (2007) for rightsizing firms are also useful for rightsizing security management or the rightsizing of security. Meanwhile, another set of principles are those of Calzone and Reynolds (2008). Versus Becker’s (2007) ten principles, Calzone and McReynolds (2008, pp. 4-6) recommends the adoption of four principles to be observed for a correct implementation of rightsizing. First, the case for rightsizing must be legitimate, legitimized and established (Calzone and McReynolds 2008, p. 4). Second, formulate the rightsizing plan with a clear documentation of the bases for rightsizing or the enumeration of reasons for rightsizing (Calzone and McReynolds 2008, p. 4). Third, one must create an overall plan or comprehensive plan to reduce all business or operation costs (Calzone and McReynolds 2008, p. 6). Finally or fourth, one must ensure a consistency between bases and objectives for rightsizing (Calzone and McReynolds 2008, p. 6). Similar to point I expressed earlier, I believe that the four principles formulated by Calzone and McReynolds (2008) can be applied to the rightsizing of security and qualify as the benefits of rightsizing or rightsizing literature to the rightsizing of security. As implied earlier, rightsizing will really have definite effects on security. When rightsizing is implemented as downsizing, it is reasonable to expect that there will be budget cuts for security. Yet, downsizing need not be always the case for rightsizing as rightsizing can also mean the transformation of a firm into a larger organisation for the purpose of exploiting economies of scale (Ashton 1998, pp. 22-23). Rightsizing need not always mean budget cuts. On one hand, rightsizing has costs for risks for the management of security. Rightsizing, especially if incorrectly implemented, can increase the security risks for a firm as disgruntled employees negatively affected by rightsizing oppose rightsizing or become vindictive against the company whom they have come to perceive as to have committed on their persons and families some serious injustices. Unfortunately, rightsizing as downsizing can involve “casualties” as some of the workforce can be dismissed or become irregular from their former status as regular employees. Yet, at the same time, rightsizing as downsizing can be necessary for firm survival especially as the only available options for the organisation may either be to perish or downsize. Rightsizing may be the only option for a firm to survive. Threats from labour or labour union response appear to be the principal cost if not the only costs that can arise from downsizing. The threats to security coming from labour or labour union response can be fatal for the firm as labour can go on strike for many months and become vulnerable to agitation and trade union/labour propaganda. The firm also becomes vulnerable to paralysis from labour strikes and sabotage. Worst, the firm earns bad publicity and suffers bruises in corporate image. On the other hand, when rightsizing is implemented as overall company downsizing, downsizing can have tremendous benefits for security management. As a firm implements rightsizing, rightsizing is also implemented in security management. There are at least three immediate benefits of overall firm or organisation rightsizing for firm or organisation security management. First, rightsizing as downsizing implies that only the crucial resources and personnel are maintained in the company. This implies that no excessive personnel or assets are protected or secured. The personnel and assets to protect and secure becomes clear and are downsized to include only the crucial ones. Second, rightsizing as downsizing will typically involve lower square feet or lower square meters of floor area to monitor or s, lower number of persons to secure, fewer number of gates to secure, fewer number of buildings. We often do not need to overemphasise the importance of physical security. According to Antonellis (2008, p. 33), physical security is even at the core of information security. In turn information security is extremely important for managing company secrets like formula, design, patent, financial, and other secrets that would allow the firm to remain competitive. Unfortunately, physical security is also one of the most commonly ignored by information security professionals (Antonellis 2009, p. 33). Third, downsizing in the 21st century may likely emphasise on the use of technology for monitoring and addressing security. This can mean the use of closed circuit television for monitoring security, internet-based security monitoring, use of cellular phones and wireless technologies and the like. The changes can imply a smaller manpower to monitor although there has to be investments in technological expenditures. Should security be labour intensive or capital intensive? In my opinion, this matter must be examined empirically or decisions should be made based on data or evidence. My impression, however, is that the technology for security has become cheaper compared to the labour in the last several decades. Using technological innovations to address security concerns, however, has this downside: technology requires specialized skills for technological advantages to be maximised. Fortunately, learning many of today’s technology is usually not difficult and in the United Kingdom, for example, the Office of Public Sector Information provided guidelines for cyber security (Cabinet Office 2009). Douglas (2005, p. 27) pointed out that “the rise of terrorism in the modern world necessitates a closer look at the vulnerability of the power grid to physical and cyber assaults. The Douglas (2005) perspective highlights that the benefits associated with downsizing that can come through the use of technology-intensive rather than human-intensive technologies can be associated with new costs: the organisation must have the manpower skills to use the technology as well as the skills to implement cyber and other security systems to protect computer networks and power grids. At the same time, implementing security systems for these also require rightsizing (Lam 2005, p. 1). In rightsizing, we must ensure that the key elements of am organisation are maintained. For instance, according to Pirontti (2005, pp. 1-6), the key elements of an information security program cover vulnerability assessments, incident response strategy, policies and procedures, governance, architecture and design, technology and evaluation, key performance and effectiveness analysis, oversight review, and organisational elements. All these must be considered in any security management programs. In The Changing Nature of Business Organisation: the implications for security managers (p. 14), however, the bias is to “reduce corporate overheads” by making security non-technology oriented and more labour-intensive instead. The material believes that reducing corporate overheads represents an opportunity for manned guarding companies (The Changing Nature of Business Organisation: the implications for security managers, p. 14). This was in 2002, however, and in my opinion this deserves to be reviewed because it appears that technology for security has become more inexpensive. Several decades ago, computers represent higher overhead compared to typewriters. However, in time, managers have probably recognized the higher benefit-cost ratio of using computers over typewriters. More important, several decades ago, only large business firms have computers and then only the richest households in any nation. In the 21st century, however, many of the lower middle classes appear to have computers. Thus, in many offices of the 21st century, computers are used rather than typewriters even if computers are slightly more expensive than typewriters. Similarly, the technology for security is probably in the same boat: there may be higher benefit-cost ratio in using CCTV and other computer technologies for security compared to the benefit-cost ratio in using labour-intensive technologies like maintaining too many human security personnel. To be consistent with firm or business organisation overall rightsizing programmes, rightsizing must be implemented in security management. There are at least five benefits from rightsizing in managing security. First, we maintain only the crucial personnel for security. We also become highly selective on the personnel we maintain for security. Second, we maintain only the crucial technology for security management; we become highly selective on the technology we use for security management. Third, we are forced to reinvent our security management structure into one that is lean but mean to security threats. Fourth, we are compelled by rightsizing to identify the core of our business and firm operations. Security managers, therefore, become compelled in identifying the core elements in business and firm operations to protect the most. For instance, one of the core elements may the firm’s or business corporate image. Thus, if this is the case, security management can have information or news management or news outflow management as one of the foci of its core responsibilities. Take f a bank, for example. Will the public patronize a bank if it knows that there is a security leak or vulnerability of any kind? Obviously, no one will eventually want to become a client of that bank. Thus, security management can define that one of its core missions is to see to it that there is no bad publicity of any kind on the bank’s vulnerability to any type of risk. A closer link between security and corporate image management becomes a priority therefore of security management. Fifth, for greater organisational flexibility and enhancement of the security manager’s capability to enforce compliance, a security manager may have to identify what aspects of security can be outsourced. For example, periphery security can be outsourced while security within the corporate or firm compound can be entrusted to personnel whom we can monitor over time and whose loyalty and devotion to service have been tested over time. Related to the fifth point and as identified by The Changing Nature of Business Organisation: the implications for security managers (p. 9), some of the reasons for outsourcing are for reducing and controlling operating costs, improving company focus, gaining access to world-class capabilities, freeing internal resources for other purposes, accelerating reengineering benefits, promoting managerial conveniences, making capital funds available, and facilitating infusion of capital. One of the learning points of The Changing Nature of Business Organisation: The implication for security managers (p. 16) is that “in-house traditional security location at corporate headquarters makes it vulnerable to cutbacks during a widespread current move to devolve autonomy to the discreet business units.” According to the material, vulnerability “will be reduced if security ensures that its services are cost-effective, reflects the true corporate needs, and satisfy the demands of its internal customers” (The Changing Nature of Business Organisation: the implications for security managers, p. 16). Based on the statements mentioned, I argue that the matter can be viewed as one of the benefits of right-sizing to security. In other words, rightsizing will force security management to become cost-effective and reflective of true corporate needs, taking care that the demands of management and investors or equity holders of the firm are genuinely and efficiently addressed. Moreover, the material The Changing Nature of Business Organisation: The implication for security managers (p. 17) further said that the implication on security of prioritizing on consumers is that the “market pressures are likely to intensify the scrutiny by senior management of the cost-benefit ratio of the security function.” This means that rightsizing will likely improve the efficiency of security and profitability of the security management will therefore lie on the ability of security managers to deliver security efficiently or at low cost-benefit ratios. In conclusion, we can assert that the primary risk, danger, cost, or penalty of rightsizing to security management is that threats to security or security management can come from labour or employees that have been dislocated by a rightsizing program. However, if a rightsizing program has been implemented correctly or correctly in the sense of Becker (2007) or Calzone and McReynolds (2008), especially if employees or some of the workforce have been encouraged to accept downsizing as legitimate, given incentives, or have been convinced to voluntarily change their employment status from regular to less than regular, it is possible that the risks or threats to security associated with rightsizing will no longer emerge. In contrast, however, the benefits of rightsizing to security management are many: possibly lower floor area and personnel to monitor, optimal use of security technology, operational efficiency, identification of the most important core elements of the business operations, higher focus on the most crucial core elements of business, and adherence to organisational flexibility. Yet, these are only some of the benefits as actual benefits may vary from situation to situation. References Antonellis, C., 2008. Managing physical security. ISSA Journal, March, 33-35. Ashton, J., 1998. Cost efficiency, economies of scale and economies of scope in the British retail banking sector. Working Paper 13. Bournemouth University Talbot Campus: Working Paper Series. Becker, C., 2007. Rightsizing the right way. Available in: http://www.bowmanbeckerconsultancy.com/Articles/Rightsizing.pdf (accessed 30 August 2011). Budros, A., 1999. A conceptual framework for analyzing why organizations downsize. Inform, 10 (1), 69-82. Cabinet Office, 2009. Cyber security strategy of the United Kingdom. UK Office of Public Sector Information: UK Office of Cyber Security. Calzone, D. and McReynolds, B., 2008. Rightsizing the right way. Available in: www.vmclaw.com (accessed 30 August 2011). Damanpour, F., 1991. Organizational innovation: A meta-analysis of effects of determinants and moderators. Academy of Management Journal, 34, 555-590. Davison, B., 2002. The difference between rightsizing and wrongsizing. Journal of Business Strategy, 23 (4), 31-35. Deloitte, 2009a. Managing talent in a turbulent economy: Leaning into the recovery. Deloitte Development LLC. Deloitte, 2009b. Intelligent right-sizing and workforce transition in consumer products. Deloitte. Douglas, J., 2005. Grid security in the 21st century. EPRI Journal, Summer, 26-33. Gamberoni, J., Ostergard, M., and Bailey, M., 2011. Rightsizing public budgets. Accenture. Hernandez, J. and Noruzi, M., 2010. How intellectual capital and learning organisation can foster organisational effectiveness. International Journal of Business and Management, 5 (4), 183-193. Hitt, M., Keat, B., and DeMarie, S., 1998. Navigating in the new competitive landscape: Building strategic flexibility and competitive advantage in the 21st century. Academy of Management, 12 (4), 22-42. Lam, A., 2005. IT rightsizing. Available in: www.targahk.com/officestation (accessed 31 August 2011). Naiman, R., 2000. “Righsizing” the IMF, the World Bank, and the WTO. Development, 43, 97-100. Pirontti, J., 2005. Key elements of an information security program. Information Systems Control Journal, 1, 1-6. Ranft, V. and Ranft, A., 1999. Rightsizing the multi-dimension firm: Individual response to change across division. Management, 2 (3), 195-208. Scott, R. (Ed.), 2010. Rightsizing local & regional government: Methods and models for representative governance. California: Economic Alliance of San Fernando Valley. Read More