APPRECIATING THE PROBLEM AREAS
A deeply rooted fallacy among business managers is that security or loss prevention begins and ends with the security officer at the gate or entrance. These mangers feel that security is the responsibility of the uniformed security service, and any losses can be attributed to performance failures on the part of the security staff rather than the administrative or operating departments. This is very far from the truth as the assets protection department has no responsibility for audit of the internal control systems and is usually only brought into the picture after major loss event has already occurred. Theft investigation may be less productive as various groups unite to protect their own interests. Even though some employees may face the corporate equivalent of capital punishment, which is termination of employment the underlying conditions which led to the dishonest acts will remain. Perhaps theft will not occur in exactly the same way next time, but the losses and their negative affect on the morale of the employees and the profitability of the enterprise will continue.
THE CHANGING CONTEXT OF OPERATIONS
Today's, modern business enterprise has fundamentally changed many traditional checks and balances present in the older system. For example the dependence on information technology and database systems has brought with it significant changes in internal controls and loss control techniques. Essential business information is concentrated in fewer hands, and the potential risk of major losses has been significantly increased. Data manipulators or 'hackers' have a greater capability to steal from a company on a grand scale without ever carrying an ounce of contraband past a perimeter security control point. This loss of the ability to deal with such matters on a human scale makes it imperative for the security department to recognize its dependence upon the other elements within the organization and to adapt itself accordingly.
Exclusive reliance on electronic surveillance and control systems may create more security problems than it resolves. Some employees may even sabotage such electronic systems in protest. For example, a few drops of epoxy on a stick can disable most card access control systems with insert or aperture type readers. Quite often these actions by employee are not motivated by hostility to the company or an attempt to steal. At one time or another we have all witnessed (or perhaps engaged in) an animated monologue by an individual to a vending machine which just swallowed some coins without delivering a product. Verbal abuse often shifts to physical attack, and there are numerous vending machines that bear the marks of angry blows delivered by dissatisfied customers. A fundamental change is needed in how the assets protection organization is perceived.
A major obstacle to overcome is the reluctance of management to evaluate the assets protection organization in other than statistical terms losses reported, cases solved, etc. A year is considered good when reported losses are lower than the prior year, although that may be the least important criterion in evaluating the assets protection program. There may not even be a mandated loss reporting system covering inventory shortages or other forms of mysterious disappearances. Most important, the statistics collected may not address a dishonesty environment developing in the workplace. Altering production numbers to "make the boss look good" is only a short step away from altering other records to cause valuable materials first to disappear on paper and then to disappear physically as well.
TRACING POTENTIAL VULNERABILITIES
A recurring pattern in many theft investigations is the degree to which the established control systems have been circumvented or ignored by line and middle management supervisors. In many cases, it can be convincingly argued that employees have been so well trained in how to "beat the system" by their own supervisors that it is just a modest step for them to apply the same techniques for their own personal gain.
For example, in one case, major losses from a locked storeroom occurring over an extended period of time, were traced back to a second-shift supervisor who had devised a tool to open the door to the storeroom in order to fulfill production needs. On a routine basis, he sent an employee to the area to get stock items necessary for the job. In time, all of the employees learned how to enter the locked storeroom, and some began to remove other items for their own personal use or for sale if they had an outside market value. The supervisor, an individual with a high sense of personal integrity, was shocked to learn of the role that he had played in the theft, when it was finally uncovered.
Every department has unscheduled emergencies at one time or another, which require some degree of "walking around the system." However, often these do-it-yourself shortcuts are later used by unscrupulous employees for their own personal gain, to the detriment of the employer. There is a need for greater personal accountability by all employees for material and equipment which are furnished to them. But minor losses are often not reported to security in a timely manner, if at all. The identification of company property is a problem in itself, and is usually honored more in the breach than in the practice at the line supervisor's level. This oversight leads to unreported "borrowing" between employees and departments, the development of the impression that the company does not know or care how such matters are handled and an "every man for himself" attitude. New materials and equipment are ordered, and that is the end of it in most cases.
DEVELOPING A LOSS PREVENTION ENVIRONMENT
It is in this area that the unique skills of the professional assets protection manager can be effectively utilized. Rather than wait for the losses to occur, management should actively work to create a climate in which every employee accepts personal responsibility for the integrity of the work area. Supervisors should be instructed to report every instance of a mysterious disappearance to the assets protection organization, and higher levels of supervision should not approve the purchase of replacement equipment or tools unless they have been assured that the supervisor has formally reported the loss. Security, like safety, should become a performance measure of the supervisor. Just as the safety engineer provides safety support, so should the professional assets protection manager provide security support. But the ultimate responsibility for the internal security in a department must rest with the line supervisor. Whenever such a direct line of accountability exists, many of the so-called "mysterious disappearance" losses suddenly cease.
Effectively documenting losses requires a degree of formality, which is not usually found in most security programs. The supervisor is required to do more than make a brief verbal report but must completely document the loss and forward the report to the assets protection organization through the next level of supervision. A copy of the loss report must accompany any purchase request for replacement tools or materials. As cumbersome as this system may appear on the surface, it is designed to motivate supervisors to exercise the kinds of tight controls within their respective departments that will avoid the necessity of filing lengthy reports, which will go against their department performance record. Again, prevention is the goal not the detection and apprehension of the offender after the loss has occurred. The assets protection manager will have the opportunity to make a favorable impact upon the internal control system in a manner, which could never be achieved during the course of a typical internal theft investigation.
In every workforce there is a group of employees who would not steal under any circumstances. At the other end of the spectrum there is a group of employees who will attempt to steal under any circumstances. Between these two groups there is a large group of basically honest employees who, if sufficiently tempted, may cross the line into dishonesty. An effective assets protection program must have at least two elements; the first to deter theft by educating the employees and the second to implement internal controls to stop theft. The basically honest employee will respond to the educational effort. The employee who is determined to steal must be dealt with through detection, investigation, termination of employment and possibly criminal prosecution.
Gamal Newry is President of Preventative Measures a Security and Law Enforcement Training and Consulting Company. Comments are welcomed and can be sent to P.O. Box N3154 Nassau , Bahamas or Email: firstname.lastname@example.org or visit us at www.preventativemesures.net