Security Management: Living in Two Worlds - Essay Example

Security Management: Living in Two Worlds Abstract: Security management is a major challenge faced by many organizations and listed companies all over the world. Even though, it is an integral part of the organizational management, security management is dislocated in many organizations. The security management of the company is limited to the security officers only whereas the board members and HRD people are not very much involved in the security issue. The paper thus emphasizes the importance of an integrated approach towards security management and it argues for a more centralized role for the security management team. It examines the role of corporate security risk assessment focusing the Turnbull, Sarbanes Oxley and the Combined Codes on corporate governance. Introduction: There is a tendency for bigger organizations to undermine the importance of security management as much of the importance is placed on their commercial activities. This leads to an apparent dislocation in many organizations between the outward facing commercial activities of a company and its inward looking security/risk department and issues connected with security appear to be sophisticated issues in the eyes of the board and senior management. So, security department, to be more effective, should engage senior management and board members in all the security related issues: thus the security department has to reinforce how fundamental is their role to the well-being of the company and how their work is more attune to the management of risk than many board members. Thus, the dislocation between the board and corporate security needs mending and the initiative should be taken by the security by redefining their changed role in the organization by proving themselves to be the key group in the organization/company. The senior management must be very much aware of what ‘security’ is doing and their activities should be auditable. The security task includes an efficient system of risk management and this risk management should be based on the corporate governance requirements. There should be an integrated approach whereby the whole process of risk management, security activities, corporate governance code etc are managed and directed properly for better efficiency and effectiveness. The Turnbull approach and the sarbanes- Oxley Act can take us very much closer to a combined code on corporate governance where the role and the importance of the security department is clearly mentioned and where there are no dislocation in the duties discharged by the security department and the senior management personnel including the board members. The role of security: The role of security professionals has become more complex and has greater significance today. Rather than merely remaining as security personnels, their duty is one of strategical implementation, integration of various departments and of identification and elimination of risk/security problem: “In the modern era, the role of the security professional is to be an integration and an strategist to advice and maintain an ongoing awareness of the host organization’s strategic security programme. T o be successful, the discipline of security must be at the heart of the company.” (Wyllie, B., & Kidd, S. 2006). The security department of a company should never remain as an isolated, compartmentalized unit and there shouldn’t be scope for a communication gap between the corporate securities and the top-level management unit. The idea underlined is that security is a partnership activity rather than a one sided procedure: “The overriding lesson to be learned by the Corporate Security Director or manager is a simple one. Their role is not to enforce security. Rather it is to use their specialist skills and experience to assist all members of the organization in making the company’s security regime work. Security is the partnership activity. The need to protect the organization’s assets, people and operations leaves no room for stovepipe communication or internal empire building.” (Wyllie, B., & Kidd, S. 2006). Thus the security department of a company plays myriads of roles for the smooth functioning of the organization, and very often the already stated problem of dislocation makes it ineffective and inactive to perform its duties to the maximum. Factors responsible for dislocation: The major set back for the effective functioning of security department is the lack of importance given to it by the boards members and senior management. The dislocation between the security department and the board members sterns from factors like corporate government issues, lack of an integrated approach, lack of a combined code on corporate governance etc. a) Corporate governance Issues: Corporate governance issues do affect the work of security personnels. Turnbull effectively deals with the issue of corporate governance: he deals with the methodology of how a company manages the risk effectively and embeds internal controls in the business process, by which a company pursues its objectives. He also deals with variety of risk issues that the security departments come across on a daily basis. Turnbull’s paper makes clear the importance of having a clearly defined corporate governance policy. He stated that a risk management policy document is to set out clearly for employees showing the board’s attitude to risk and the appetite for risk, which it is prepared to accept. It is also an opportunity to demonstrate to all levels of the company that the board takes the risk management seriously. Thus, turnbull’s guidance is about a ‘risk based’ approach for establishing internal control and reviewing its effectiveness. He warns that the consequence of non-compliance to the corporate governance policy is very severe: “There are penalties for non-compliance. If a company fails to comply with the above provisions, every officer in the company is guilty of an offence unless (s) he shows that (s) he acted honestly and that under the circumstances the default was excusable.” (Mr. Katz, Jonathan. G. 2005). Turnbull’s guidance should not be seen as some negative, time-consuming imposition; instead such risk based commercial decisions protect against losses, help seize opportunities, gain advantage over competitions and prepares for a range of unforeseen events. A risk-based culture, however, in even a small business also means better management focus on activities, better communication and a good level of board involvement in all the company’s activities-especially security. Thus, the number of companies that have no written and mandated security policy lead to breach of good governance. b) The combined Code on Corporate Governance: The legal position on the issues related to security can be found in The Companies Act of 2004.This new act is the UK government’s equivalent of the US Sarbanes- Oxley Act. The code, however, is about reporting: “The Combined Code contains broad principles and more specific provisions. Listed companies are required to report on how they have applied the principles of the Code, and either to confirm that they have complied with the Code's provisions or - where they have not - to provide an explanation.” (Smith, R. 2006). Thus, the code ensures the formation of right policies and strategies to manage the various risks identified by the companies and this can improve the crisis management system and thereby reduce the possibilities of dislocation. c) The integrated Approach: Another major factor that hampers good governance in the security department is the lack of an integrated approach whereby the security unit is doomed to function independent of the board members involvement in the security issues. For this the senior management also has to be engaged in the issues: the board members also should be members of the Crisis Management Team: they should know the actual nature of the risks involved because “Knowing more about the risk, one is better prepared to decide what to do about it — accept the risk as now assessed … or do something to reduce the risk to an acceptable level.” (Ozier, Will). By this means the security department and its staff can create a heightened awareness of the range of sophisticated issues they deal with. Conclusion: Security dislocation is thus a major threat to the proper functioning of the whole business of the security department and it is important that such dislocations are identified and solved at the right time. It is the duty of the security risk manager to see that the best strategy presentation is made to the board, to lay down the groundwork for the future by suggesting the right risk exercises that can be extended to a corporate wide activity. Such endeavors can always foster better understanding that would result in an integrated effort where there is no scope for dislocation. Works Cited Wyllie, B., & Kidd, S. (2006). Living in Two Worlds. Security Management Today. p.55-56. Ozier, Will. Chapter 3-1-1. Risk Analysis and Assessment. Domain 3 Risk Management and Business Continuity Planning. Retrieved May 17, 2007, from http://www.ccert.edu.cn/education/cissp/hism/223-228.html Smith, R. (2006). Combined Code. Financial Reporting Council. Retrieved May 17, 2007, from http://www.frc.org.uk/corporate/combinedcode.cfm Mr. Katz, Jonathan. G. (2005). Financial Reporting Council. Retrieved May 17, 2007, from http://www.sec.gov/news/press/4-497/dflint033105.pdf Read More