The Handbook of Security [Sample Pages 586-609 Corporate Security by Dennis Challinger]

25Corporate Security: A Cost or Contributorto the Bottom Line?Dennis Challinger

1 Security – a given in the corporate world

Every business corporation understands that security is an inevitable expense– the fact that they all keep their premises physically secure is evidence ofthat. However not every corporation would embrace Dalton’s recent view ‘thatsecurity management is not an odd-but-necessary back-lot function, but isinstead a vital business function that is essential to any organisation’s contin-ued viability’ (Dalton, 2003: xii). More likely they would agree that security isa ‘necessary evil (and they) really have no choice’ (Kovacich and Halibozek,2003: 63).

In this chapter, a corporation is defined as any organization that employs anumber of people to achieve a common purpose, whether as a commercialcompany or a government instrumentality. The word corporation therefore sub-sumes retailers, manufacturers, banks and hotels as well as hospitals, schools,universities and public transport, etc.

While quite different in output, all these corporations must operate in a finan-cially responsible way and obviously that includes protecting their assets. In thischapter it will be assumed that is done through what will be called a corporatesecurity department (although in practice a small corporation may not need aseparate department). At a minimum, the corporate security department willimplement measures to physically secure business premises and assets. Howeverany further security measures that may be implemented within a corporationwill usually result from further internal corporate decision-making.

Regrettably, internal decision-making about security may lack the careful con-sideration that is taken when other issues – most notably income-generatingactivities – are considered. Some security decisions appear to be made after abreach of security has occurred. Some are made when it is simplistically assumedthat continued security is no longer needed. Some are made when it is fearedthat business will be lost if security is not in place to reassure customers orclients. Some may be made when management observe that a competitor hassome security equipment in place that they do not have. And fortunately, someare made on the recommendation of the head of corporate security.

586

In some corporations the head of corporate security does not have a lot ofinfluence. However there are others where the role of corporate security is openlyacknowledged. One example of the latter is Wal-Mart, the world’s largest retailer,where the head of their corporate security department – the Vice President of lossprevention – reports directly to the CEO. As the CEO has put it:

Politics being what they are, it’s too easy for decisions (about security) to bemisguided when you allow internal politics to enter in. With loss preventionreporting to me, that allows me to set the tone, the discipline, about whateffective loss prevention is. (Lee, 2002: 17)

However in general much corporate decision-making about security does notappear to be soundly or evidence-based. That is not sensible as corporate management should want to ensure their security is the best possible for theircorporation.

The difficulty is that some corporate managers still hold entrenched viewsregarding security, its funding and its impact. There are also problems appreciat-ing what a corporate security department does, what it is capable of, and how itcontributes to the corporation’s bottom line. These are the topics which will bediscussed in this chapter.

2 Deciding the best security for a corporation

The best security keeps all the corporation’s assets secure – and therein lies aparadox. The success of corporate security is measured by the absence of activi-ties which would have negative effects on the corporation if they occurred. Putanother way, a highly-effective security manager may become the victim of hisor her own success.

It can be hard for the head of corporate security to acquire further necessaryfunds within the corporation because, if the department has been doing areally good job, its achievements are effectively invisible and a need for moreresources seems unwarranted. On the other hand, if the security has been poorand there have been many incidents causing loss to the company, a strongercase can be made for more funds to prevent further losses (that is, if the head of corporate security withstands the accusations that he or she is a badperformer).

Within a corporation there are other departments that also measure fewer inci-dents as signs of success. Occupational Health and Safety is seen as successfulwhen there are reductions in workplace accidents and fewer worker’s compensa-tion claims. Facilities managers are doing a great job when there are no lossesdue to fires because fire prevention equipment is installed and working.

However each of those departments has an advantage over security in thatthere is generally legislation in place requiring their continued existence. By law,workplace environments must be made safe and buildings must have the correctfire fighting equipment in place.

Dennis Challinger 587

In general then security is not legally mandated. However the absence of work-place sabotage or workplace theft is as beneficial to the corporation as, or evenmore beneficial than, an absence of workplace accidents. The difficulty is thatthe absence of thefts is based on an assumption that many (more) would haveoccurred if security measures had not been in place.

Long-time security consultant Dalton has stated that:

(the security) profession … is largely based on assumptions. We make manage-ment and financial decisions based on a great number of unproven assump-tions. Ours is a profession that is both uncodified and largely unproven. Weassume that security officers provide some deterrent value. We assume thatstate-of-the-art technologies are effective in preventing loss of assets and life… (Dalton, 2003: xxviii)

If corporate decision makers do not also accept assumptions such as these thenthere is plainly going to be problems deciding on the best security. If for instancethey do not accept the assumption that internal thefts are a likely activity thentheir view of what may be the best security is not going to accord with the viewsof their corporate security head. They may end up making decisions based onviews about corporate security that are simply wrong.

3 Corporate management’s view of security

Management has a number of views of corporate security that are generally erro-neous and which can be said to place the security function at a disadvantage.They include the following:

Security is not a major corporate priority

The bulk of effort in most corporations goes to generating more business to makemore profit. That can mean that insufficient time is given to consideration ofsecurity requirements and they are not as rigorously considered as they shouldbe. Yates (2003) points out:

many organizations have not integrated security into their culture. For many,it has been addressed by simplistic measures such as employing a formerpolice officer as a security guard or putting out a memo. Specifically there hasbeen a major failure

• to enhance security rather than simply overlaying security onto existingpractices

• to identify and incorporate best security practice• of visible CEO leadership on security• to implement reinforcing behaviour in organizations such as regular secu-

rity updates, security education and reward system for security consciousbehaviour

588 The Handbook of Security

• to provide security training, education and competence• to prepare the groundwork for effective local law enforcement co-operation

(Yates, 2003: 75)

Security is not worth doing

There are some activities conducted by the corporate security department whichmay not be seen by other parts of the corporation as necessary or worth doing.One pointed example of this is the matter of internal theft or fraud which somemanagement may not see as issues for them, still believing myths about theprevalence of that behaviour (Albrecht and Searcy, 2001).

On the other hand, some corporations may ‘consider employee theft as anunpreventable, unpleasant situation which is part of doing business (and) …expect employees to steal’ (Oliphant and Oliphant, 2001: 443). But because theextent of employee theft is unknown, management cannot decide ‘which costsare greater – to catch a thief or accept it as the inevitable’ (ibid.: 443). If then theyaccept the inevitability of internal theft – tantamount to an encouragement forstaff to steal – it follows that they do not wish corporate security to pursue suchdeviance. In their opinion that would not be worthwhile, however that positionwould simply condone theft by workers.

Security is a nuisance

Some management view security as an impediment to good business andefficiency. If for instance a business meeting is delayed because of securityrequirements to access a particular part of a building, then security may besaid to be jeopardizing business. The fact that the security requirements are well publicized and the majority of corporation staff have no trouble orga-nizing their schedules around those requirements may be disregarded by acomplainer.

Security procedures may also require that accurate and current records are keptof corporate assets so that, in the event of theft, an investigation will be expe-dited. But if those requirements are seen as onerous, or just a nuisance, they toomay be ignored.

The alleged nuisance value of security is sometimes used by staff who develop amindset that causes them to go out of their way to not abide by security require-ments – they may decline to wear their corporation ID badge, or argue aboutsigning in a visitor. Support for corporate security from senior management isvital to create a security-aware workplace.

Security is the enemy

In some cases a view may be held by part of the workforce that the securitydepartment is their enemy. Such sentiments may arise when the result of securityactivity has been to identify some staff engaging in inappropriate behaviour thathas led to their being disciplined (or even dismissed). This can particularly arisewhere management sends mixed messages about behaviour as illustrated by thediscussion of internal theft above.


The situation may be made even more difficult in instances where undercoversecurity operatives may have been employed to deal with dishonesty amongststaff. The use of an undercover operative posing as a patient in a hospital to iden-tify the staff member stealing patients’ money is an example. (Healthcare RiskManagement, 2002). It might be thought that honest staff would not be at allconcerned at this practice given that it removes a thief from the workplace butthis approach by the security department may be seen by them as underhandand acting in a way that doubts the honesty and trustworthiness of all staff(Ironically the undercover staff who were used in the cited example also hadroles in auditing and monitoring the security staff to ensure they were perform-ing effectively).

Even the implementation of security systems aimed at protecting staff can beseen as invasive and confirming that corporate security is the enemy. Anexample of this is the radio frequency-based tracking systems that can locate anyworker at a corporation’s facility. As an example, one such system has beeninstalled in a Las Vegas hospital to ensure the safety of hospital staff and to keepout intruders and prevent infant abductions (Taylor, 2002).

However because the system is also

capable of logging in when employees arrive for work and leave the hospitalas well as tracking when they go into a restroom or step out for a smoke …(some staff) fear the intrusion of an unseen Big Brother (Taylor, 2002: 14).

Such attitudes could possibly lead to those staff adopting a negative stancetowards security in general.

Security is an unskilled occupation

Many in a corporation appear to believe that anyone can ‘do’ security and that itneeds no particular training or aptitude. It is therefore seen as a corporate func-tion of no great merit. This view probably comes from observations or interac-tions with base-grade, often uniformed, security staff who operate access pointsor guard property.

It is plainly inappropriate to judge the security function on those staff alonebut they are the ‘front line’ for the corporate security department. The reality isthat those staff may be lowly paid and may sometimes be unimpressive. But theyhave issues to deal with that others may find exceedingly uncomfortable and beunwilling to do. For instance, Button (2003) reports high levels of verbal abuseand threats of violence experienced by security staff at a British shopping andleisure complex where ‘40 per cent had experienced assault (slight bruising/bleeding) in the past year’ (Button, 2003: 235). It is a credit to those who train, orskill-up, these staff that major problems arise only infrequently.

Correcting management misunderstandings

The above clearly indicate possible sources of real strain between security and othersin the corporation. Many managers do not seem to understand the value of, or con-


tribution to the corporation from the security department. They see security as aburden or a cost. However such managers should think about the consequencesthere might be for the corporation if it did not have a sound level of security.

On the other hand, the corporate security department must ensure that thereasons for the various security requirements are explained. Somerson (2003)puts this elegantly with respect to access control,

employees need to be told that the ID card is not intended to unduly inhibittheir ingress or egress, nor is it intended to identify their presence or other-wise invade their privacy. Instead, the purpose of the ID card is to signifyclearly that staff is authorized to be at the facility and to discourage anyoneelse from entering. (Somerson, 2003: 158)

The corporate security department must change the corporation’s mindset aboutsecurity and remove any lack of understanding of the role and activities of thedepartment. It may be that at present, many security professionals are not goodcommunicators, or lack the commercial awareness to see that they need to ‘sell’their function.

4 What corporate security does

The corporate security smorgasbord

The range of activities undertaken by corporate security varies from corporationto corporation – a typical list appears in Kovacich and Halibozek (2003: 161).However the only real exposure to security for many staff relates to accesscontrol and ID passes, and those activities can lead to strains if not aggravation,as catalogued above.

While not a complete list, the following outlines many of the activities that acorporate security department undertakes in a typical corporation.

• controlling ID pass issue and access (including reward programmes for staffcompliance)

• managing a security control room monitoring CCTV and alarms• recommending and managing physical security hardware for corporation sites• managing on-site parking (including after-hours escorts and citations) • managing uniformed manpower (including after-hours patrols)• co-ordinating emergency evacuations• responding to on-site incidents• writing and publishing corporate security policies • developing and delivering security awareness programmes for employees• developing workplace violence prevention procedures• developing and maintaining fraud prevention strategies• providing executive protection services for management (including travel

briefings) • implementing security at residences of senior executives


• providing personal and domestic security guides for staff • overseeing security for off-site events such as AGMs• dealing with public demonstrations impacting on corporation sites • collaborating with Information Technology security counterparts • collaborating with Occupational Health and Safety practitioners• dealing with information leaks• investigating criminal incidents (including thefts by and from staff)• investigating harmful external activities like product counterfeiting• maintaining and analysing incident and intelligence databases• liaising with local law enforcement (when necessary)

This list more than adequately demonstrates the considerable contribution thatcorporate security makes to the corporation. Yet the list is not, and should notbe, static. Indeed it should change as potential threats to the corporationchange.

For instance, since the 9/11 terrorist attack in New York, corporate securitydepartments in many corporations have been tasked with developing particularplans for dealing with the risk of random and targeted acts of terrorism. Suchplans should result from continuous assessment of security risk, the other mainactivity of corporate security.

Security risk assessment

Any corporate security department should be proficient at undertaking securityrisk assessments so that they can target their activities to address the greatestrisks to the interests of the corporation. Having identified the risks to the corpo-ration it is necessary to develop countermeasures or options to mitigate them.They include reducing the risk (for instance by installing security equipment orimplementing new policies), transferring the risk (for instance by insuringagainst it or contracting others to manage it), or ‘simply accepting the risk as acost of doing business’ (ASIS International, 2003: 14).

Security risk assessment comprises a particularly important contribution tothe corporation from the corporate security department. The risk assessmentprocess provides a way of prioritizing threats faced by the corporation. That requires some necessarily subjective qualitative judgements to be madeof the likelihood of the threat and its impact on the corporation if it were tooccur.

The corporate security manager is clearly in the best position to make thosejudgements as they ‘belong’ to the corporation and in their day-to-day workinglife are exposed to the range of the corporation’s activities. Those managers havea real advantage over an outside security consultant who may, and in practiceoften does, recommend a broad raft of security solutions that may be unneces-sary because they are geared towards problems that the corporation does nothave, or which are relatively unimportant.

The standard risk assessment approach has long been used in financial manage-ment (e.g. by banks in assessing foreign exchange trading) and engineering (e.g.


assessing the level of reinforcement needed in a high-rise building) but in manyrespects is in its infancy in the (corporate) security area (but see Chapter 22).Arguably 9/11 has much to do with this new focus on the risk assessment process.Now corporations are aware that security risks must be part of their future riskassessment activities and that good security is essential.

In the US corporate risk assessment has actually been mandated by theSarbanes Oxley Act of 2002 which was a legislative response to the accountingscandals caused by the fall of some publicly held companies like Enron andWorldCom. The Act requires compliance with a comprehensive reform ofaccounting procedures for publicly held corporations to promote and improvethe quality and transparency of financial reporting by both internal and externalindependent auditors.

The Act aims to minimize the risk of corporate malfeasance, but

there are several links between Sarbanes-Oxley requirements and a company’ssecurity program. They include: ensuring appropriate awareness of companysecurity policies and commitment by management; designing and implement-ing appropriate security controls; and documenting and auditing security poli-cies and making sure they are understood by management and end-users.(Williams, 2003).

5 Impact of good corporate security

Commercial impact

The immediate impact of good security on the commercial health of a corpora-tion is that it keeps the corporation’s assets secure. The assets are therefore ableto be utilized, the additional expenses involved in replacing them are avoided,and the possibly greater losses through loss of business or inability to serviceclients are forestalled.

Good security may actually increase business opportunities for a corporation.For instance a shopping mall which is known to have good security in place canactually attract customers from other malls where customers may feel less safe.These intangible sorts of benefits are picked up by Yates (2003) with what he hastermed the ‘security dividend’.

The concept of a security dividend

As Yates puts it ‘(t)he key to making security sustainable is to ensure that allstakeholders get a dividend for their security investment’ (Yates, 2003: 100).Yates is an engineer who has reviewed the issue of security of Australia’s criticalinfrastructure. His concern is seeing security embedded more formally in busi-ness operations, and for that to happen he suggests there needs to be a goodreturn on any investment in security. Good corporate security will deliver a divi-dend for all stakeholders, in this case particularly the corporation and its staffand customers (who are part of the public at large).


The security dividend for the corporation

The security dividend from good security in a corporation includes the following(adapted from Yates, 2003: 101)

• The corporation’s business efficiency increases because good security is gearedtowards preventing incidents that may cause loss. Indeed the change of title inretailing from security to loss prevention was to emphasize the focus on pre-venting bad events occurring – a far more desirable outcome than addressingthe results of those bad events later on.

• The corporation becomes more attractive to customers leading to an increasein business. The converse of this is the loss of business that can occur in theabsence of security. In one English city it was ‘estimated that 650 jobs werelost within the retail and leisure sectors and turnover was reduced by £24 million (in 1990) as a result of avoidance behaviour which was caused bythe public’s concern about crime in that city’ (Holden and Stafford, 1997: 5).Indeed the impact of crime on shopping habits can be profound and includepostponement of purchases, less recreational shopping, and less shopping atnight (see Halverson, 1996).

• The corporation increases its employee retention rate because people prefer towork in a safe workplace. The financial benefit of reducing employee turnoverin a corporation cannot be understated. One study in 2000 found that the‘annual cost of employee turnover in the supermarket industry exceeds indus-try profits by more than 40%’ (Meyer, 2000: 40) so increased retention in thatindustry would be most beneficial.

• The corporation demonstrates that it is a good corporate citizen, partlybecause its investment in security reduces the demand on police servicesallowing them to deal with more urgent matters. In a time when corporate citizenship and ‘ethical investing’ are becoming important considerations,such a corporation becomes more attractive to investors and may increase itsshareholder loyalty.

• The corporation’s exposure to legal liability claims is reduced when it is ableto show that it had taken care to incorporate appropriate security measuresinto its business practices.

The security dividend for the public at large

The security dividend for the public from good corporate security takes a numberof forms but is very much related to the way in which that security impinges onthe public sphere. The use of attractive planter boxes on paths at the local shop-ping centre as security against ram raids can contribute to the amenity of thearea. The installation of graffiti-proof surfacing on new buildings can ensure amore pleasant environment and greater use by the public while creating lessattractive sites for offenders. The re-design, installation of security lighting andemployment of attendants in public carparks have been shown to reassure usersand deter thieves (Oc and Tiesdell, 1998). And the employment of uniformed


safety officers on public transport has been shown to make an ‘important contribution to cutting petty crime’ (van Andel, 1989: 55).

However, there is always the possibility that somehow introduced securitymeasures will lead to a negative public reaction, and therefore a negative securitydividend. For instance, the widespread use of opaque roll-down security shutterscan turn a strip shopping centre into a ‘hostile environment and can convey amessage that the area is prone to crime’ (Beck and Willis, 1995: 206).

And recent research concerning young people in public places noted that

the cumulative impact of adverse interactions with police, security guards orteachers can leave youth with a sense of betrayal by adults and powerless tochallenge such behaviour … it may be that the long-term price of aggressivepolicing and other forms of surveillance is a less cohesive community (Fine etal., 2003: 155, emphasis added).

In turn that could lead to negative attitudes towards CCTV, at least from thissection of the public.

When a head of corporate security installs some surveillance at their workplacewhich does overlook a public area, they would not normally consider the poss-ibility that it would add to the cumulative impact mentioned above. They wouldbe even more unlikely to consider their security approach as possibly contribut-ing to a less cohesive community in the future.

The impact of private security on the community at large is seriously discussedby Zedner (2003) who writes ‘whilst security is posited as a public good, itspursuit is inimical to the good society’ (Zedner, 2003: 171). This is not the placeto deal with that argument but it is obviously important to consider the possibil-ity of deleterious effects on the public from corporate security initiatives. Apartfrom anything else, not being sensitive to the local community could lead to thecorporation losing business.

6 Impact of bad corporate security

The impact of bad security on a corporation can be swift, immediate and tellingand can arise in the following three ways.

Direct losses

The direct losses that affect the corporation commence with the financial costsassociated with an incident, however even they may not be accurately counted.Consider the burglary of a warehouse on a rainy night. The thieves removeroofing and drive off with stolen products in a corporation truck. Managementin many corporations would record the losses from that incident as comprisingthe cost of the stolen product, the truck and repairs to the roof.

However the costs are considerably more than that, and it is incumbent oncorporate security to ensure that management appreciates the full extent ofdamage to the corporation. The full costs are even more important to report


accurately and completely when it is time to consider financial measures relatingto corporate security (to be discussed later).

In the above burglary, the losses to the corporation do of course commence withthe value of the stock, the truck, and repairing the damages. In addition there is:

• the cost of lost business because (the stolen) stock cannot be provided to customers (who then go elsewhere);

• the value of stock damaged by being left exposed to rain coming through thehole in the roof the burglars left;

• the cost of hiring a truck to enable deliveries to continue;• the cost of employee and management time spent clearing up, dealing with

the police, ordering replacement stock, etc instead of performing their usualduties;

• the cost of buying a new truck and fitting it out in the corporation’s livery;and so on.

Over and above the immediate costs resulting from a criminal incident, there areother sources of increased costs. First, there are costs for increased security asinvariably management will decide to increase security at the site of the incident(and sometimes adopt recommendations from corporate security’s earlier secu-rity risk review of the site). And further direct costs may arise when the corpora-tion’s insurance premiums are increased after a claim is lodged for the incident.

Indirect losses

The most serious indirect losses occur because of damage to the corporation’simage or reputation. Plainly a hotel that is known to be frequented by drugdealers and is the scene of drug overdoses will become unpopular. A hospitalwhich has suffered (even) one infant abduction, or has a record of thefts frompatients, will not be the first choice for many patients. A shopping centre whichwas the scene of an armed robbery where bystanders were shot may well beavoided by many shoppers.

The negative media coverage that such incidents attract can fuel a long-termnegative consumer perception of the corporation and its brand. That can lead toconsiderable public relations costs by the corporation in an effort to overcomepoor image problems.

But apart from the public, the corporation’s employees can also be gravelyaffected by incidents occurring as a result of failed security. Stress or trauma-related workers’ compensation claims may be made, and morale (thus productiv-ity) may drop. Staff turnover may increase and industrial action may involvestrikes or working-to-rule, possibly generating even more damaging publicity. Itmight also be necessary to offer higher wages in order to attract future employeesbecause of general negative perceptions of the workplace.

Legal action against the corporation

Corporations get involved in more than their fair share of litigation and badsecurity can add to that burden. Public or premises liability cases are a major


source of cost for corporations.1 While investigations by corporate security iden-tify some of these as fraudulent – slip-and-fall cases in supermarkets are a goodexample – expensive payouts do occur, often due to a lack of duty of care.

Retailing corporations in particular are fairly frequent recipients of liabilitywrits. Some years ago it was said that ‘the moment a retailer invites a customer topark his car and enter their doors, that they are essentially creating entrapment,and are therefore liable in case something happens to that shopper’ (Cockerham,1994: 38).

Today,

the courts throughout North America have made it clear that property andbusiness owners have a duty to provide appropriate security and safety mea-sures at each site. Because we live in a strong data-centric economic and busi-ness environment, demonstrating this due regard almost invariably requiresproviding credible documentation … (Dalton, 2003: 580).

Most importantly, that documentation has to show that reasonable measures tokeep people safe and secure had been implemented by the defendant corporation.

To ensure that the measures are reasonable, the corporation needs profes-sional advice from its corporate security department. It is not only incumbenton the department to do that, it should be an objective of theirs ‘to substan-tially limit general liability exposure and the associated cost of premises liabilitylitigation’ (Figlio, 2002: 57). Figlio suggests that this is the second major objec-tive of a corporate security department after the establishment of a good returnon investment for the corporation (an issue to be discussed later).

Even with good security in place some litigants will ‘try it on’ in the hope thatthe corporation might fold and settle, rather than run the risk of bad publicity. Ifthe security in place is ‘bad’ they always stand a chance. That is why it is essen-tial that corporate security provide the very best advice and their operativesalways conduct themselves efficiently.

Of course there will always be bizarre liability claims. One was initiated in con-nection with the rape of an American hospital patient, a 44-year-old woman suf-fering from cerebral palsy, in hospital for chemotherapy and unable to defendherself. The rapist was sentenced to ten years imprisonment. But he is now suingthe hospital for $2 million for its ‘inadequate security in protecting visitors aswell as their patients’, as that caused him pain and suffering.2

Liability matters aside, another raft of litigation arises from defective securitypractices. Most notable are false arrest or false imprisonment cases that resultfrom members of the public being erroneously apprehended for shoplifting. Arecent survey of 235 such lawsuits found that ‘nearly all the suits were filed forjustifiable reasons’ (Patrick and Gabbidon, 2004: 49).

Many large judgements have been made to false-arrest plaintiffs who havebeen inappropriately dealt with, or in some cases have actually died, after what isoften appalling behaviour by store security staff. There is not a better example ofthe necessity for security operatives to be comprehensively trained and tocomply with the corporation’s security policy and procedures.


A final area of litigation is action for defamation. A recent Australian caseinvolved two contractors who were dismissed for stealing from a corporationwhich incidentally had listed its ‘impeccable reputation’ on its website as a key‘value for success’.3 After dismissing the men, notices had been posted at corpo-ration locations saying they had been dismissed for stealing. The notice also readin part ‘theft of any kind is unacceptable, is deemed serious conduct (sic) and willresult in instant dismissal’. The men had not faced any criminal action. A juryfound they had been defamed and they were awarded $500,000.

7 How can corporate security demonstrate its value?

The above sections have given a good indication of the extent of corporate security’s activities and outlined why it is important that they engage in goodpractices. But measuring the corporate security department’s actual value to thewhole corporation is not straightforward.

Separating out security’s impact

In many corporate settings, separating out the impact of security is difficult. As anexample consider a factory where the theft of workers’ personal property hasdropped over the past year. While corporate security had introduced awarenessprogrammes and had new lockers installed for staff, those actions alone may notexplain the drop. It may be that new staff rosters had been introduced along with anew time-keeping system which could accurately list workers on-site at any time.Perhaps an employee assistance programme with counselling for drug abuse andgambling had been commenced. And the new factory manager with his habit ofwalking around the factory daily may have had particular impact. It would have tobe said that at best corporate security could claim only some of the credit.

Worse, if workers in that factory had decided to stop reporting personal theftsbecause they simply did not want to draw more management attention to them-selves, the actual number of thefts may not even have dropped. This illustrateshow difficult it is to measure the very thing that corporate security is trying toaddress.

The retail sector provides the best example of being able to measure the effectof security on its operations. Regular six-monthly stocktakes provide a measureof losses the retail corporation has suffered. But as with the above example, cor-porate security cannot claim all the credit, though invariably they are blamed forany increase in shrinkage that might have occurred.

A further complication arises if security decisions are actually made by others.DiLonardo’s (1997) study of the use of electronic article surveillance (EAS) systemsin retail stores provides a good example. It shows that reductions in store shrinkageoccurred when EAS was introduced and sustained. It also shows the experience instores where, after shrinkage had reduced, management decided to remove the EASsystems because the shrinkage had been achieved (and they wanted to put theequipment in other stores which now had greater shrinkage). It is an importantfinding that shrinkage in those stores increased after the EAS equipment wasremoved, and reduced again when the equipment was re-installed.


That episode also proved that the security measure did work and although thedecisions to withdraw it were not made by the security department, at the end ofthe day the result reflected well on them.

Evaluating corporate security’s preventive impact

It is a central tenet of corporate security that many of the security solutions itimplements will prevent incidents from occurring. But in broad terms there is apaucity of hard data to support that belief.

Take one of the mainstays of corporate security, the uniformed security opera-tive, found on corporation reception counters or access points worldwide. Daltonwonders

(w)hat, if any, is the crime prevention value of a uniformed security officer? …Preventative value has been a long-standing issue, even in law enforcement.From studies that have been done, it would appear that the presence of uniformed personnel has little deterrent value (Dalton, 2003: 284).

This is perhaps a little harsh (see Gill, 2004). Intuitively, some people trying toenter a corporation’s offices without authority are going to be unsettled by a uniformed operative who they must pass. Not that in reality that operative isnecessarily going to physically attempt to stop them, the mere presence of theoperative may cause the potential intruder to leave.

It is interesting that even without firm validation of the impact of uniformedstaff, one of the knee-jerk reactions to intruder problems is often for manage-ment to insist on more uniformed operatives being deployed.

It may well be that uniformed or private security staff have an even widerimpact on the public. One recent study by econometricians found that privatesecurity does produce some ‘general deterrence impact’ on the incidence of crimein the community at large, but statistically only for rape (Benson and Mast, 2001:741). That research does however caution that obvious uniformed securityguards, signs and noticeable video cameras may simply displace some crime,leading to a fall in the local crime statistics.

Mainstream research into crime prevention is not all that more convincing. Inone review of 13 physically-based (or situational) crime prevention programmesWelsh and Farrington (1999) found that only eight of them returned clear-cutbenefit-cost ratios. That is, the value of such activities as surveillance or target-hardening was able to be demonstrated in some cases. Note however that pro-grammes aimed at employee theft, fraud or shoplifting were excluded from theirreview because ‘the primary victim … was a business, not a person or household’(Welsh and Farrington, 1999: 346).

Value to government

In discussion of the security dividend it was pointed out that governmentreceived a benefit from the presence of corporate security because it could free uppolice resources for more serious or urgent matters. That would certainly arisewhen there was a risk of a corporation being subject to some sort of political


protest and minimal police resources were necessary to complement private secu-rity resources on-site. This demonstrates the value of corporate security in abroader sense.

The complementary nature of the relationship between police and corporatesecurity is also apparent when police take advantage of corporate assets, forinstance using a corporation’s security cameras to monitor activity on a publicstreet outside their premises.

This relationship between police and corporate security might be expected toflourish in the future because as Sarre and Prenzler (1999) point out ‘traditionalpolice (are now) very much secondary players in responding to crime’ becausesecurity resources in most western countries outnumber traditional police by atleast two to one (Sarre and Prenzler, 1999: 17).

8 Funding corporate security

The return on investment (ROI) in corporate security

According to Figlio the first fundamental objective of a loss prevention programmeis ‘to demonstrate convincingly the return on investment of the organisation’ssecurity programs’. (Figlio, 2002: 57) This is achievable when a particular securitysolution is to be assessed for dealing with a particular problem, even though thatmay still require acceptance of the sort of assumptions referred to earlier.

As a case in point, PricewaterhouseCoopers established that EAS systemsinstalled in retail stores to lower shrinkage, have a sound ROI. But that was basedon acceptance of inventory shortage figures as a sound and reliable measure ofin-store thefts (DiLonardo, 2003).

Demonstrating a sound ROI for a total corporate security department with allthe activities listed in section 4 is however a real challenge. It also sits awkwardlywith the measure of a successful corporate security department – the absence ofproblems.

Figlio is right however, modern management requires return on investment(ROI) figures or some such to allocate funding within the corporation. Ultimatelyall departments receive funding on the basis of that sort of financial evaluation,but the corporate security department is at a real disadvantage.

What the department has to do is to somehow convert the previouslydescribed security dividend into dollars and then use them in its ROI calculation.Once again that will require acceptance of a number of assumptions.

If those assumptions are not accepted by management, it is well nigh imposs-ible to present a ROI for most of the security department’s activities. Considerthe access control system which has successfully prevented strangers from enter-ing the corporation’s premises. Assumptions would have to be made about thenumber of intruders there would have been without that access control. Andfurther assumptions would have to be made about what those intruders wouldhave done while they were on corporation premises. Would they have stolen cor-poration assets or worse, assaulted corporation workers? And what would thevalue of the losses to the corporation have likely been?


Or what of the fact that no burglaries have occurred on the corporation’spremises, surely a clear sign that the security in place was effective. Here at leastthere may be local police statistics showing the numbers of similar buildings inthe neighbourhood have been burgled. However any number of reasons could beput forward to explain why those police figures do not provide a suitable bench-mark – those other buildings store different assets, they are unoccupied forlonger periods, etc.

And what of the factory burglary previously described? As discussed the totalcosts associated with it were far greater than the value of the stolen property andthe damage done. If the corporate security department had faithfully costed allrecent burglaries, how relevant would that data be as a basis for ROI calculations?What if the burglary had occurred on a fine rather than a rainy night?

In all likelihood, the finance department would be reluctant to accept an ROIbased on either the police statistics or detailed incident costs calculated by corpo-rate security. So a corporate security head might take refuge in mounting a scarecampaign indicating the dire consequences that might follow if sufficientfunding is not provided. This move is a double-edged sword insofar as manage-ment might see this as a sign of professional inability to protect corporate assetsand look for another director.

Even where relevant data is available there may be difficulties using it to calcu-late an ROI. As described earlier, in retailing, the levels of shrinkage revealed afterthe six-monthly stocktake provide a metric that reflects the activities of the secu-rity (or loss prevention) department. Even here, however, there are any numberof internal and external factors that could have impacted upon the losses suf-fered in a store (the new store layout makes it harder for thieves to get outwithout payment, local police have clamped down on undesirable activity in thelocal shopping precinct, etc).

But a greater difficulty is that because the stocktakes are only conducted everysix months, the security department is trying to prove the value of having donesomething six months previously. In the following months other things mayhave happened to mitigate the impact of the security team.

It is not only the expenditure side of the ROI model where assumptions andpredictions need to be made. The corporate security head may have to forecastchanging patterns of offending against the corporation which will introduce newcosts. For instance, it may be that an increase on attacks on un-reinforcedvending machines on railway stations is predicted on the basis of recent targethardening of vending machines in shopping centres.

The assumption that thieves will likely move to the soft targets, and that fundswould therefore need to be available to prevent losses from that, makes sense tocorporate security. However the finance department may again not be impressedby the lack of hard data.

All is not lost however. The key thing is to make sure the corporation, and particu-larly its finance department, appreciate the range of activities undertaken by cor-porate security and appreciate the ways in which it makes sense to calculate benefits.The ROI task is hard but can be achieved with goodwill and understanding.


Outsourcing corporate security

Invariably corporations are looking for ways to reduce the costs of running theirbusiness. In particular they look at internal departments – such as corporate secu-rity – whose functions could be outsourced because that would be cheaper.

But focusing on the issue of cost while ignoring performance is short-sighted.Security professionals are split on whether outsourced security operativesperform poorly. Dalton dispenses with myths about outsourced security staff, hesays ‘they come from the same labour pool (as internally employed staff), theycan be loyal as loyalty is fostered by trust and acceptance, (and) higher turnoverhas not been proved’ (Dalton, 2003: 81). Nevertheless, if outsourced security staffare actually paid less – and how else can they be cheaper? – they may simply bedisinclined or unwilling to do the job well.

In practice it is usually base-grade security services that are outsourced. Intheir discussion of contract (outsourced) security Button and George (1998)focused on corporations’ use of contract static guards. They found that themajority of their small sample of British corporations did outsource guard ser-vices, but they also found that over four to five years about 30 percent of thesample had changed their mix of in-house and contract guards over time. Thisindicates that continuous oversight of the performance – and value – of the contract guards is undertaken.

The major hidden cost of outsourcing lies in the burden of managing the con-tract relating to those staff. Without close management, the contractor providingthe security operatives can get away with providing a lesser service than that setdown in the contractual agreement.

The potential risk of a ‘bad’ incident occurring as a result of that lesser servicedelivery is a real concern. If litigation were to arise as a result of that incident,the fact that the corporation had tolerated poor or sub-standard service deliverywould be particularly damaging.

The inclusion of performance-based payments and punitive clauses in a con-tract would assist in more rigorously dealing with shortfalls in performance. Butthat requires close contract management, and there is a direct cost to the corpo-ration in doing that. Indeed the costs of doing so may well be greater than anynotional savings from using contract staff rather than in-house staff.

At the end of the day, the decision about using contract security staff is not asimple matter of comparing costs. Hidden costs and risks need to be considered.But more importantly there is a judgement to be made about the sort of securityresource that a corporation wants. A dedicated in-house security staff which isprofessional, well-managed and part of the corporation’s culture has an inherentvalue beyond the apparent cost-savings from using contract labour, howevermany corporations ‘can best be served by an appropriate blend of full- and part-time and in-house and contract security personnel’ (Sennewald, 2003: 157).

Re-organization of corporate security

Another model for funding the corporate security department can be foundwhere a corporation has made all of its departments independent but with each


charging the others for their services. This shared services model may be good intheory but in practice can lead to fragmentation of the corporate culture.

Consider what might occur in practice. Senior executives from one of the busi-ness units in the corporation are going overseas and the corporation securitypolicy requires them to receive a security travel briefing. When they learn thatthey have to pay (usually less than market) internal fees for this briefing, theydecide to forego it because their expenses would increase if they did so.

Now corporate security is faced with a policy breach, as well as their ownbudget shortfall. The business unit has acted in a way that is not in the bestinterests of the corporation as a whole. After all if those executives were to cometo grief on their trip, the corporation might appear badly in the eyes of thepublic and would also have to meet any unbudgeted expenses.

Another example of re-organizing corporate security is provided by the 5200independently owned and operated Ace Hardware stores in the US. That groupcreated a wholly owned subsidiary company to provide loss prevention servicesto their members – it effectively privatized its corporate security department.‘The nine-person (subsidiary) staff offers Ace retailers a variety of security serviceson a voluntary fee-for-service basis. The program has succeeded not only inreducing shrinkage but also in generating revenues’ (Falk, 1996: 47).

Again, the re-organization occurred to fund the operation of the corporate secu-rity department. It appears in the Ace case, member stores were keen to buy secu-rity expertise (and may have done so from a private supplier in the absence oftheir own subsidiary). The risk in a big and formalized corporation is that securitywill be relegated to nice-to-have rather than the essential service that it is.

9 Corporate security as a contributor to the bottom line

The discussion to date has clearly indicated the many ways in which corporatesecurity adds value to the corporation. Its actual contribution to the financialbottom line are necessarily indirect. For example preventing losses avoids strip-ping money directly from the bottom line. And providing a secure and safe work-place which reduces staff turnover and minimizes poor (and unproductive)morale, averts unnecessary expenses for the corporation.

However the challenge for corporate security is presenting such contributionsin a way that modern management accepts. The difficulty in doing that in afinancial framework has been discussed in the context of establishing an ROI forthe corporate security department as a whole. And it is from the financial per-spective that the notion of corporate security being seen as a profit centre hasemerged.

The fundamental feature of a profit centre is that it is capable of generatingrevenue which exceeds its operating costs. This is not a traditional role of a secu-rity department and it would be a mistake to require it, as it could readily divertthe department from its important role of preventing other revenue in the cor-poration from being lost. In any event, actual revenue generators in a corporatesecurity setting are few.


One revenue generator could be the revenue from car-parking violations whereit is the corporate security department’s task to manage car-parking. Anothercould be the sale of access control tokens, especially replacement tokens forwhich a surcharge might apply. In each case the security department would beengaging in an ‘unpopular’ enforcement-type role and it is plain that the damagethat could be done to the standing of corporate security within the corporationcould be substantial.

It has been suggested that civil recovery could act as a revenue source, but thatis a programme for the corporate victim of an offence to recoup some of thefunds they expended in dealing with a particular offender. While most fre-quently used for shop thieves, civil recovery is also used by some corporationswhen dealing with internal thefts. While civil recovery procedures can contribute‘revenue’ to the organization they should never be used as a means of generatinga profit. In any event as Bamfield points out, ‘the proper role of private profit incrime prevention and in dealing with offenders is a vexatious issue’ (Bamfield,1998: 263).

In summary then, there are three positions impacting the bottom line that acorporate security department can adopt within a corporation.

• If corporate security remains as a department within the corporation chargedwith minimizing losses to the corporation as a whole, then it cannot operateas a profit centre. In strict terms it remains a cost centre but as Millwee haspointed out, ‘(w)hat was once considered by some to be a cost center hasbecome a business benefit center, as the safety and security of our co-workershas redefined the mission of security practitioners all over the world.’(Millwee, 2002: 122).

• If corporate security becomes part of a shared service model, then by selling itsservices within the organization it becomes a cost-recovery department. Itshould not be expected to raise revenue over and above its actual costs, fromits internal clients. Imagine the internal outcry if in order to increase itsrevenue stream the department increased the price of ID passes because thatwas one of the few revenue raising devices it had.

• If corporate security becomes an arms-length supplier of security advice tothe corporation it would cease to be part of, or tied to, the corporation. The risk is that business units in the corporation might go elsewhere ordecline to use its, or any other, services. The good news is that with the AceHardware example described above: ‘Originally, the board of directorswanted to break even with the company, but the service has paid for itselfover the past year and surpassed its financial expectations’ (Falk, 1996: 47,emphasis added).

Overall, corporate security must gain recognition for its contribution to the bottom line. It can do that if it can ‘convince employees and executivesthat security matters to them, to the company, and to the community; that it helps to protect the bottom line and, thus, their jobs’ (Somerson, 2003:158).


10 Corporate security moving forward

Embedding security in the corporation

Corporate security in the past has often been seen as somehow separate from therest of the corporation. In part this may have been caused by the enforcementrole the department had. But often their role was unappreciated and their contri-bution to the fiscal value of the corporation was seen as a negative – a cost.

There is no doubt that ‘security professionals have missed important opportun-ities to make security an integral part of the corporate team’ (Millwee, 1999: 118).And it is certainly true that the time is here for corporate security departments to‘break away from what has become the conventional approach to asset protectionand seek new venues for value added contributions.’ (Dalton, 2003: xxvi).

In some corporations, management are not aware, and do not consider, waysin which security might contribute to the business of the corporation. A fineexception to this is provided by American retailer Wal-Mart whose CEO statesthat the VP of loss prevention is

required to sit in on every single management meeting that we have. They area part of that management group’s core decisions that are made about what’sright for the business. They have to look at anything that we’re doing as thefirst line of thought from a loss prevention standpoint, because most mer-chants and operators aren’t given to go there first (Lee, 2002: 20).

One example of where corporate security can make a valuable contributionrelates to proposals for new business initiatives or new products. Corporate secu-rity is able to identify ways in which the new initiative might be compromisedand lead to loss for the corporation. That would allow modifications or safe-guards to be built into the proposal to prevent those losses from happening inthe first place.

Playing that role can sometimes support and give weight to new proposals. Forinstance when an Australian supermarket corporation was planning to introduceEFTPOS facilities for customers, corporate security was able to point out thatincreasing the use of ‘plastic card’ payment at store checkouts would have realsecurity benefits. Customers paying with ‘plastic’ and being able to make cashwithdrawals would reduce the amount of cash in checkout tills thus makingthem far less attractive targets for snatch thieves. Additionally the need for deliv-eries of cash to stores by armoured cars would reduce and the likelihood ofarmed robberies in and around stores would decrease. Both of these were strongpoints in favour of introduction of EFTPOS not foreseen by store operations.

Corporate security’s involvement in mainstream corporate activities is mostimportant. Joining with HR, safety teams and operations groups is part of that.But the key is to become a versatile player.

(S)ecurity professionals must develop, refine and adopt a broader managerialoutlook. They must practice the same managerial competencies required bygeneral managers running their respective businesses.4


They must also become thoughtful and clever communicators to ensure thatmanagement understands the benefits of security for the corporation.

Can’t measure – can’t manage

The difficulties of providing hard data that would be accepted by the corporationto justify funding corporate security have been discussed above. But of coursehaving hard data also allows corporate security to make sensible decisions aboutits own activities. Figlio gives examples of the range of data that a retail loss pre-vention manager might use to make ‘future data-driven decisions truly possible’(Figlio, 2002: 57). He suggests that site-specific data is necessary including neigh-bourhood crime vulnerability, specific detailed shortage (shrinkage) data anddetails of security measures and programmes in use at the site.

But not only should hard security-related data be collected where possible, itshould not be kept hidden away. Yates suggests that corporations should reporton their security performance in their Annual Reports in addition to the com-mentaries on their social, economic and environmental performance – the com-monly referred to triple bottom line. He notes that ‘the advantage of integratingsecurity into the triple bottom line reporting approach is that security is seen inthe context of the other main business drivers, rather than isolated and uncon-nected’ (Yates, 2003: 106).

Yates also suggests that corporate security needs a suite of measuring devicesincluding security impact statements, minimum security standards and otherbenchmarks. That would leave the way open for insurance companies to offerdiscounts off premiums for corporations whose security practices, especiallythose related to terrorism, meet the standards.

The more corporate security can measure its activities the more it can illustrateits value to the corporation. But more than that, it can use the data it collects to better manage its day-to-day activities and to confirm that its security programmes are efficient and meeting the corporation’s needs.

A new corporate security focus

In his appraisal of the security world since 9/11 Dalton asks ‘what is a corpora-tion’s most valuable asset?’ because obviously that should be the focus for corpo-rate security. Somewhat surprisingly he opts not for its employees or its customerbase. He suggests:

that in terms of the survivability of a corporation, the most valued asset is thecompany’s intellectual property, that which positions them in the market-place and allows them to remain competitive. Employees serve as the catalystfor assuring that this asset – intellectual property – is developed, used and pro-tected. IP … defines the organisation’s ability to stay profitable … Only withprofitability comes the assurance of continuity, which translates into job secu-rity … Employees, including the most senior executives, are replaceable. Thisdoes not mean that they are not important, and perhaps even critical … secu-rity’s role is not to abandon the protection of people and tangible assets(Dalton, 2003: 72).


That position leads Dalton to suggest a new model for a global security functionwhich would be largely advisory and have the following three pillars:

1 Business Risk analysis comprising: current business risks; new partner productand market due diligence; major fraud investigations; data security invest-igations; strategic fraud prevention; special request enquiries; competitiveintelligence protection; intellectual property protection; e-commerce threatmanagement and geo-political business profiling.

2 Human Resource Security comprising: strategic partner qualification; securityawareness and ownership; international HR security; new hire qualificationsand orientation; executive protection; workplace violence prevention; ethicalbusiness practices.

3 Global Operations support comprising: corporate policy development; secu-rity standards and guidelines; uniformed security services; site compliance andquality assurance; systems design and research; special projects managementand special events management. (pp. 174–5)

The activities listed under those headings encompass the corporate security ofold, but place them in a new perspective which may resonate with modern cor-poration management. This is an example of weaving corporate security into thecorporation culture (Millwee, 1999).

This does not overcome the difficulty of making a financial case for the corpo-rate security department. Nor does it overcome the need to develop metrics ofsuccess. However it does clearly indicate the valuable contribution that corporatesecurity makes to the continued business success of any corporation.

Notes1 See Chapter 6 by Dan Kennedy.2 ‘What, me, responsible?’ (2002) The American Enterprise, July–August, Vol. 13, No. 5,

p. 10.3 ‘Employees Win $500,000 in Defamation Case’ (2003) The Age, 21 November, p. 4.4 ‘A Discontinuity in the Security Field’ (2002) POA Bulletin, August, pp. 1–5.

Key readingsFor a good security text which canvasses the issues in an uncomplicated way see Kovacich, G.L. and Halibozek, E.P. (2003) The Manager’s Handbook For Corporate Security:Establishing and Managing a Successful Assets Protection Program, New York: Butterworth-Heinemann. For a good and accessible example of the sort of hard data needed to make a casefor security, see Figlio, R. (2002) ‘Using Data to Measure the Effectiveness of LP Programs andLimit Your Liability’, LossPrevention, May–June, pp. 57–8. A more academic piece demonstrat-ing reductions in employee theft has been written by Oliphant, B.J. and Oliphant, G.C.(2001) ‘Using a Behavior-Based Method to Identify and Reduce Employee Theft’, InternationalJournal of Retail and Distribution Management, Vol. 29, No. 10, pp. 442–51. While for a critiqueof security which should get most practitioners thinking see Zedner, L. (2003) ‘Too MuchSecurity’, International Journal of the Sociology of Law, Vol. 31, No. 3, pp. 155–84.

ReferencesAlbrecht, W.S. and Searcy, D. (2001) ‘Top 10 Reasons Why Fraud is Increasing in the U.S.’,

Strategic Finance, Vol. 82, No. 11, pp. 58–61.


ASIS International (2003) General Security Risk Assessment Guideline, Alexandria Virginia.Bamfield, J. (1998) ‘Retail Civil Recovery: Filling a Deficit in the Criminal Justice System’,

International Journal of Risk, Security and Crime Prevention, Vol. 2, No. 4, pp. 257–67.Beck, A. and Willis, A. (1995) Crime and Security: Managing The Risk to Safe Shopping,

Leicester: Perpetuity Press.Benson, B.L. and Mast, B.D. (2001) ‘Privately Produced General Deterrence’, Journal of Law

and Economics, Vol. 44, No. 2(2), pp. 725–46.Button, M. (2003) ‘Private Security and the Policing of Quasi-Public Space’, International

Journal of the Sociology of Law, Vol. 31, No. 3, pp. 227–37.Button, M. and George, B. (1998) ‘Why Some Organisations Prefer Contract to In-House

Security Staff’, in M. Gill (ed.), Crime At Work Vol 2, Leicester: Perpetuity Press, pp. 201–14.

Cockerham, P.W. (1994) ‘Safe Shopping’, Stores, June, pp. 38–9.Dalton, D.R. (2003) Rethinking Corporate Security in the Post 9/11 Era, New York:

Butterworth-Heinemann.DiLonardo, R.L. (1997) ‘The Economic Benefit of Electronic Article Surveillance’, in

R.V. Clarke (ed.), Situational Crime Prevention, New York: Harrow and Heston, pp. 122–31.DiLonardo, R.L. (2003) ‘The Economics of EAS: Rethinking Cost Justification for Apparel

Retailers’, LossPrevention, November–December, pp. 20–6.Falk, J.P. (1996) ‘Nailing Down Hardware Store Security’, Security Management, December,

pp. 46–51.Figlio, R. (2002) ‘Using Data to Measure the Effectiveness of LP Programs and Limit Your

Liability’, LossPrevention, May–June, pp. 57–8.Fine, M., Freudenberg, N., Payne, Y., Perkins, T., Smith, K. and Wanzer, K. (2003) ‘Anything

Can Happen With Police Around: Urban Youth Evaluate Strategies of Surveillance inPublic Places’, Journal of Social Issues, Vol. 59, No. 1, pp. 141–58.

Gill, M. (2004) Uniformed Retail Security Officers, Leicester: Perpetuity Research andConsultancy International.

Halverson, R. (1996) ‘Crime Steals Shoppers’ Confidence’, Discount Store News, Vol. 35, No. 9, pp. 70, 72.

Holden, T. and Stafford, J. (1997) Safe And Secure Town Centres: A Good Practice Guide,Westminster: Association of Town Centre Management.

Kovacich, G.L. and Halibozek, E.P. (2003) The Manager’s Handbook for Corporate Security:Establishing and Managing a Successful Assets Protection Program, New York: Butterworth-Heinemann.

Lee, J. (2002) ‘The View From The Top’, LossPrevention, March–April, pp. 17–20, 56–8.Meyer, S. (2000) ‘Employee Turnover: It’s Big…It’s There’, MMR, March 20, p. 40.Millwee, S. (1999) ‘How Can Security Get Inside the Door?’, Security Management,

December, pp. 116–18.Millwee, S. (2002) ‘Focus on ASIS’, Security Management, February, p. 122.Oc, T. and Tiesdell, S. (1998) ‘City Centre Management and Safer City Centres: Approaches

in Coventry and Nottingham’, Cities, Vol. 15, No. 2, pp. 85–103.Oliphant, B.J. and Oliphant, G.C. (2001) ‘Using a Behavior-Based Method to Identify and

Reduce Employee Theft’, International Journal of Retail and Distribution Management, Vol. 29, No. 10, pp. 442–51.

Patrick, P.A. and Gabbidon, S.L. (2004) ‘What’s True About False Arrests’, SecurityManagement, October, pp. 49–56.

‘Private Security Firms Go Undercover in Your Hospital’ (2002) Healthcare Risk Management,June, pp. 67–8.

Sarre, R. and Prenzler, T. (1999) ‘The Regulation of Private Policing: Reviewing Mechanismsof Accountability’, Crime Prevention and Community Safety, Vol. 1, No. 1, pp. 17–28.

Sennewald, C.A. (2003) Effective Security Management 4th edn, New York: Butterworth-Heinemann.


Somerson, I.S. (2003) ‘Are Security Awareness Programs Undervalued?’, SecurityManagement, August, pp. 175–8.

Taylor, M. (2002) ‘Systems Help Hospitals Ensure Patient, Staff Security’, Business Insurance,December 16, pp. 14–16.

van Andel, H. (1989) ‘Crime Prevention That Works: The Case of Public Transport in theNetherlands’, British Journal of Criminology, Vol. 29, No. 1, pp. 47–56.

Welsh, B.C. and Farrington, D.P. (1999) ‘Value for Money? A Review of the Costs andBenefits of Situational Crime Prevention’, British Journal of Criminology, Vol. 39, No. 3, pp. 345–68.

Williams, F. (2003) ‘Sarbanes, Oxley and You’, CSO Magazine, October, at http://www.csoonline.com/read/100103/counsel.html.

Yates, A. (2003) Engineering a Safer Australia: Securing Critical Infrastructure and the BuiltEnvironment, Engineers Australia, Barton ACT.

Zedner, L. (2003) ‘Too Much Security’, International Journal of the Sociology of Law, Vol. 31,No. 3, pp. 155–84.


The Handbook of Security [Sample Pages 586-609 Corporate Security by Dennis Challinger]

Documents

Transcript of The Handbook of Security [Sample Pages 586-609 Corporate Security by Dennis Challinger]