Planning for Change
Created by Marleah Blades
Stronger Influence and Better SecurityBy all accounts, a good strategic plan will earn the security leader credibility in the eyes of senior management. They are more likely to trust someone who has been proven a strategic thinker, and they will be more apt to ask him or her for counsel. The career implications of this boost can’t be overstated, and neither can its impact on organizational protection. A leader with the ear of management is in a better position to propose and win support for far-reaching, security-enhancing initiatives.
The benefits of strategic planning also extend to the rest of the security staff and the strength of the entire function. “[My strategic plan] brought unity to the group that I was leading,” says Lex. “There was a common language, goal, purpose, and really a common how-to in our approach. It helped tremendously in the cohesiveness of the group.”
“It helps to develop the people within the department at all levels,” states Panduit’s Woodward. A good strategic plan is communicated all the way through the ranks and (directly or indirectly) sets performance expectations for each role, says Woodward. “It improves individual employees’ performance in their jobs and makes the entire department stronger.” In the long run, this all means better security.
Other benefits might include improved continuity during leadership changes (the management-approved plan gives new security leadership a point of reference for program development and focus) and support for staffing decisions (employee X is promoted over employee Y for her consistent contribution to meeting the department’s documented strategic goals).
These benefits, of course, are only attained when the strategic plan is well crafted. Some security professionals who jump the first hurdle and endeavor to write strategic plans miss the mark on the quality of the plans they develop.
If a strategic plan is written in such a way that it cannot be approved, or that it cannot be followed, or if the writer doesn’t actually intend to follow the plan but is only writing it to appease the boss, its utility will be limited, to put it lightly. In fact, it may do more harm than good. Focusing on two sometimes-neglected aspects of strategic planning might help avoid these pitfalls: alignment and flexibility.
Align, Align, AlignA security strategic plan, like a strategic plan in any business function, must line up with the organization’s strategic plan. The importance of this cannot be overstated. “Our goals have to be in line with the company’s goals, because our main purpose is to support and enable the business,” says CNA’s Phillips. “So our strategies support and mirror the corporation’s strategies. That’s the first thing security folks need to get out front on.” Because CNA’s business, as the country’s seventh-largest commercial insurance writer, is in risk and providing a marketplace for risk transfer, its security function draws goals and strategies around how to enable the business to be more effective and efficient in that mission. Says Phillips, “We examine operational risk, so our strategies are how we identify, examine and work with the risk the organization faces.”
Alignment need not end with the organization-wide strategy, emphasizes Woodward. “The thing that’s helped me the most is aligning to everything possible in the organization—core competencies, smart goals, service to employees, EHS programs, the lean program. We’ve aligned to our marketing strategy for our product, and that’s helped a great deal in pushing our plans through and getting our capital approved.”
Aligning means keeping connected to what the business is doing at all times. When the business changes or its plans change, an aligned function will ensure that its corresponding plans will change if necessary to remain aligned. This is where flexibility comes in.
Security as a Nimble FunctionThe U.S. and international recessions, multiple wars, terrorism and political uncertainty have caused businesses worldwide to hunker down, says Bruce Meglino, Professor of Organizational Behavior and Management at the Moore School of Business, University of South Carolina. “Generally as things become more uncertain, organizations take a shorter-term view because they’re not sure what’s going to happen. Organizations abhor uncertainty,” he says.
In an environment in which many companies are moving away from annual budgeting and toward rolling forecasts for many of these same reasons, a five-year strategic plan is rendered practically useless. Security strategic plans must be flexible. “We need more anticipation, we need more business knowledge, and we need more nimbleness,” says Lex. “The business executives who are best at strategy tend to design their strategies with several options. They’re not willing to ride one strategy into the ground and crash and burn because it isn’t working anymore. If they see their strategy isn’t working, they apply some nimbleness and shift the strategy.
“For instance, you can lay out your budgeting based on last year’s budget, but you also plan for a 30% contingency and a 50% contingency. In other words, what are you going to be able to provide to the organization if your budget’s cut in half or cut by a third?” asks Lex. This helps the security department shift gears quickly if the budget cuts come to pass, and in some instances it also helps the security leader defend against those cuts. If the executive staff asks the security leader whether they could expect the same level of service under such cuts, the security leader has an honest and documented answer prepared in his or her strategic plan. Some security organizations have been successful by planning strategy at a less granular level in order to accommodate changes that impact the business direction or budget. This method must be used carefully, however, because if the strategy becomes too high-level, it may become vague and lose its ability to provide practical guidance.
The good news is that flexibility is one area in which security functions should have an advantage in planning. “For security to be effective, we have to be forecasting,” says Phillips. Monitoring and analyzing intelligence can serve the dual functions of risk management and business alignment through strategic planning, he says. The security function that is already collecting and analyzing intelligence on risks that may impact the business is more equipped to predict (and prevent where possible) business-changing events. In addition, security more than other functions should recognize the value of backup plans and business continuity.
Security leaders who carefully craft aligned, flexible strategic plans will reap the benefits of increased influence, greater effectiveness, and stronger departmental unity. If you haven’t yet been asked by management to present your security strategic plan, don’t wait. Begin now and ask trusted peers within and outside the business to assist you.
For more information on this topic see Security Program Strategy & Operations: Strategic Planning/Management
Watch our 3-minute video to learn about how the SEC works with security leaders. Contact us at: contact @secleader.com.
Copyright Security Executive Council. Last Updated: August 23, 2018
You can download a PDF of this resource below.