Demonstrating Safety and Security Program Value to Executive Management with Metrics

Return to Security Metrics
Created by Dean Correia, Security Executive Council Emeritus Faculty

Healthcare security professionals can learn from their business counterparts who use metrics to demonstrate that security and safety are not cost centers, but profit centers. In this article, the author shows how to use metrics to demonstrate the value of the security function to the C-Suite by better protecting people and assets in order to optimize profit

One of the biggest challenges facing many safety and security practitioners today is effectively and consistently communicating the value of their security program. For many, exposure to the C-suite generally occurs as a result of a critical incident that impacts the company. Then, once the incident is under control, the practitioner may be forgotten until the next major event. Why are safety and security practitioners regularly excluded from the table? And what has changed for them in today’s business environment?

Our research has found that for many years, the safety and security function within a healthcare corporation was thought of as a “business necessity.” What is interesting is that in many instances, security practitioners are not held to the same performance standards as their peer leaders who work in other departments in the business. Business leaders within a corporation’s manufacturing, engineering, or information technology groups have typically been measured by corporate leadership on the value that they create within the corporate infrastructure. As such, most leaders within these areas have learned how to effectively measure and communicate the value and effectiveness of their individual organization.

These leaders routinely produce metrics that “tell their stories” in regard to profitability, productivity, quality, cycle time and unit cost. It is an expectation that a leader in one of these areas would be able to artfully articulate all aspects of their business using metrics and be able to hold their own in any financial discussion regarding their business. Why are many CSOs not held to the same expectation?
In today’s business environment, safety and security practitioners need to be business enablers first, with an expertise is safety and security second. They should speak the language of the organization and be able to clearly articulate how safety and security’s major annual objectives drive the success of the company by accomplishing its major objectives. If you are being asked to demonstrate the value of your function by the upper management of your organization, it may mean that management has already lost confidence in your performance. Before senior management asks this, be ready with performance metrics. Proactively focus on communicating meaningful and actionable information gleaned from your programs.

Metrics should address questions such as:

  • What does security do for the business?
  • Are you managing the function well?
  • What would the business impact be if your function didn’t exist?
  • What if your function did half as much as it does?
  • Who uses your services?
  • What is your impact on risk?
  • Could the business get better results by allocating a portion of security’s budget elsewhere?

The following diagram illustrates a process that many practitioners have successfully used to create and/or enhance their metrics program. Throughout the process, keep in mind that in order for your metrics program to be sustainable and resonate with Leadership, it must continuously improve, align with the business and deliver the benefits for your company and its security mission.

Many security leaders start out by counting activities, events or tasks. The next critical step in the evolution of your Metrics Program is to demonstrate operational excellence. The table below illustrates an example of various safety and security activity counts, which is a start, but there are metrics that will be more powerful to the business side. Presenting these to senior management that may leave them with more questions than answers. Management`s comment after seeing this table may be “So what?”

Your metrics must answer management’s pressing questions, such as “What is the cost per investigation or accident? What are retention rates? What is the impact on risk? What are the root causes? How well do you do your job? Is the risk picture improving? Simple counting seldom answers these questions. But remember, safety and security does not own the risk. Its role is to identify, assess, and offer various risk mitigation options. Your function needs to demonstrate and articulate meaningful information to the owners of the risk.
As security professionals, telling our value story remains one of our biggest challenges. Rightly or wrongly, we are often perceived as a cost center, not a profit center. I have had success getting a seat at the table over my retail loss prevention career by making it a priority to build relationships and having my teams and I have a very hands-on approach to the business. Be seen as a business enabler. Show your stakeholders how your function can make their programs even more impactful by better protecting people and assets in order to optimize profit and brand impact. Be part of their strategic planning meetings. Tour your facilities with stakeholders outside of the security function- morning, noon, and night. Go to another function’s huddle and talk about security. Engage with your stakeholders outside of a critical incident.

Constantly challenge yourself and your team to add value to multiple functions in your organizations as part of your department’s daily mission. By taking the time to learn the business from multiple perspectives, your ability to develop and drive metrics that enable the business will increase, thus enhancing safety and security’s brand value to your organization consistently.

Return to Security Metrics