25

Corporate Security: A Cost or Contributor

to the Bottom Line?
Dennis Challinger
1 Security a given in the corporate world
Every business corporation understands that security is an inevitable expense
the fact that they all keep their premises physically secure is evidence of
that. However not every corporation would embrace Daltons recent view that
security management is not an odd-but-necessary back-lot function, but is
instead a vital business function that is essential to any organisations contin-
ued viability (Dalton, 2003: xii). More likely they would agree that security is
a necessary evil (and they) really have no choice (Kovacich and Halibozek,
2003: 63).
In this chapter, a corporation is dened as any organization that employs a
number of people to achieve a common purpose, whether as a commercial
company or a government instrumentality. The word corporation therefore sub-
sumes retailers, manufacturers, banks and hotels as well as hospitals, schools,
universities and public transport, etc.
While quite different in output, all these corporations must operate in a nan-
cially responsible way and obviously that includes protecting their assets. In this
chapter it will be assumed that is done through what will be called a corporate
security department (although in practice a small corporation may not need a
separate department). At a minimum, the corporate security department will
implement measures to physically secure business premises and assets. However
any further security measures that may be implemented within a corporation
will usually result from further internal corporate decision-making.
Regrettably, internal decision-making about security may lack the careful con-
sideration that is taken when other issues most notably income-generating
activities are considered. Some security decisions appear to be made after a
breach of security has occurred. Some are made when it is simplistically assumed
that continued security is no longer needed. Some are made when it is feared
that business will be lost if security is not in place to reassure customers or
clients. Some may be made when management observe that a competitor has
some security equipment in place that they do not have. And fortunately, some
are made on the recommendation of the head of corporate security.
586
In some corporations the head of corporate security does not have a lot of
inuence. However there are others where the role of corporate security is openly
acknowledged. One example of the latter is Wal-Mart, the worlds largest retailer,
where the head of their corporate security department the Vice President of loss
prevention reports directly to the CEO. As the CEO has put it:
Politics being what they are, its too easy for decisions (about security) to be
misguided when you allow internal politics to enter in. With loss prevention
reporting to me, that allows me to set the tone, the discipline, about what
effective loss prevention is. (Lee, 2002: 17)
However in general much corporate decision-making about security does not
appear to be soundly or evidence-based. That is not sensible as corporate
management should want to ensure their security is the best possible for their
corporation.
The difculty is that some corporate managers still hold entrenched views
regarding security, its funding and its impact. There are also problems appreciat-
ing what a corporate security department does, what it is capable of, and how it
contributes to the corporations bottom line. These are the topics which will be
discussed in this chapter.
2 Deciding the best security for a corporation
The best security keeps all the corporations assets secure and therein lies a
paradox. The success of corporate security is measured by the absence of activi-
ties which would have negative effects on the corporation if they occurred. Put
another way, a highly-effective security manager may become the victim of his
or her own success.
It can be hard for the head of corporate security to acquire further necessary
funds within the corporation because, if the department has been doing a
really good job, its achievements are effectively invisible and a need for more
resources seems unwarranted. On the other hand, if the security has been poor
and there have been many incidents causing loss to the company, a stronger
case can be made for more funds to prevent further losses (that is, if the
head of corporate security withstands the accusations that he or she is a bad
performer).
Within a corporation there are other departments that also measure fewer inci-
dents as signs of success. Occupational Health and Safety is seen as successful
when there are reductions in workplace accidents and fewer workers compensa-
tion claims. Facilities managers are doing a great job when there are no losses
due to res because re prevention equipment is installed and working.
However each of those departments has an advantage over security in that
there is generally legislation in place requiring their continued existence. By law,
workplace environments must be made safe and buildings must have the correct
re ghting equipment in place.
Dennis Challinger 587
In general then security is not legally mandated. However the absence of work-
place sabotage or workplace theft is as benecial to the corporation as, or even
more benecial than, an absence of workplace accidents. The difculty is that
the absence of thefts is based on an assumption that many (more) would have
occurred if security measures had not been in place.
Long-time security consultant Dalton has stated that:
(the security) profession is largely based on assumptions. We make manage-
ment and nancial decisions based on a great number of unproven assump-
tions. Ours is a profession that is both uncodied and largely unproven. We
assume that security ofcers provide some deterrent value. We assume that
state-of-the-art technologies are effective in preventing loss of assets and life
(Dalton, 2003: xxviii)
If corporate decision makers do not also accept assumptions such as these then
there is plainly going to be problems deciding on the best security. If for instance
they do not accept the assumption that internal thefts are a likely activity then
their view of what may be the best security is not going to accord with the views
of their corporate security head. They may end up making decisions based on
views about corporate security that are simply wrong.
3 Corporate managements view of security
Management has a number of views of corporate security that are generally erro-
neous and which can be said to place the security function at a disadvantage.
They include the following:
Security is not a major corporate priority
The bulk of effort in most corporations goes to generating more business to make
more prot. That can mean that insufcient time is given to consideration of
security requirements and they are not as rigorously considered as they should
be. Yates (2003) points out:
many organizations have not integrated security into their culture. For many,
it has been addressed by simplistic measures such as employing a former
police ofcer as a security guard or putting out a memo. Specically there has
been a major failure
to enhance security rather than simply overlaying security onto existing
practices
to identify and incorporate best security practice
of visible CEO leadership on security
to implement reinforcing behaviour in organizations such as regular secu-
rity updates, security education and reward system for security conscious
behaviour
588 The Handbook of Security
to provide security training, education and competence
to prepare the groundwork for effective local law enforcement co-operation
(Yates, 2003: 75)
Security is not worth doing
There are some activities conducted by the corporate security department which
may not be seen by other parts of the corporation as necessary or worth doing.
One pointed example of this is the matter of internal theft or fraud which some
management may not see as issues for them, still believing myths about the
prevalence of that behaviour (Albrecht and Searcy, 2001).
On the other hand, some corporations may consider employee theft as an
unpreventable, unpleasant situation which is part of doing business (and)
expect employees to steal (Oliphant and Oliphant, 2001: 443). But because the
extent of employee theft is unknown, management cannot decide which costs
are greater to catch a thief or accept it as the inevitable (ibid.: 443). If then they
accept the inevitability of internal theft tantamount to an encouragement for
staff to steal it follows that they do not wish corporate security to pursue such
deviance. In their opinion that would not be worthwhile, however that position
would simply condone theft by workers.
Security is a nuisance
Some management view security as an impediment to good business and
efciency. If for instance a business meeting is delayed because of security
requirements to access a particular part of a building, then security may be
said to be jeopardizing business. The fact that the security requirements
are well publicized and the majority of corporation staff have no trouble orga-
nizing their schedules around those requirements may be disregarded by a
complainer.
Security procedures may also require that accurate and current records are kept
of corporate assets so that, in the event of theft, an investigation will be expe-
dited. But if those requirements are seen as onerous, or just a nuisance, they too
may be ignored.
The alleged nuisance value of security is sometimes used by staff who develop a
mindset that causes them to go out of their way to not abide by security require-
ments they may decline to wear their corporation ID badge, or argue about
signing in a visitor. Support for corporate security from senior management is
vital to create a security-aware workplace.
Security is the enemy
In some cases a view may be held by part of the workforce that the security
department is their enemy. Such sentiments may arise when the result of security
activity has been to identify some staff engaging in inappropriate behaviour that
has led to their being disciplined (or even dismissed). This can particularly arise
where management sends mixed messages about behaviour as illustrated by the
discussion of internal theft above.
Dennis Challinger 589
The situation may be made even more difcult in instances where undercover
security operatives may have been employed to deal with dishonesty amongst
staff. The use of an undercover operative posing as a patient in a hospital to iden-
tify the staff member stealing patients money is an example. (Healthcare Risk
Management, 2002). It might be thought that honest staff would not be at all
concerned at this practice given that it removes a thief from the workplace but
this approach by the security department may be seen by them as underhand
and acting in a way that doubts the honesty and trustworthiness of all staff
(Ironically the undercover staff who were used in the cited example also had
roles in auditing and monitoring the security staff to ensure they were perform-
ing effectively).
Even the implementation of security systems aimed at protecting staff can be
seen as invasive and conrming that corporate security is the enemy. An
example of this is the radio frequency-based tracking systems that can locate any
worker at a corporations facility. As an example, one such system has been
installed in a Las Vegas hospital to ensure the safety of hospital staff and to keep
out intruders and prevent infant abductions (Taylor, 2002).
However because the system is also
capable of logging in when employees arrive for work and leave the hospital
as well as tracking when they go into a restroom or step out for a smoke
(some staff) fear the intrusion of an unseen Big Brother (Taylor, 2002: 14).
Such attitudes could possibly lead to those staff adopting a negative stance
towards security in general.
Security is an unskilled occupation
Many in a corporation appear to believe that anyone can do security and that it
needs no particular training or aptitude. It is therefore seen as a corporate func-
tion of no great merit. This view probably comes from observations or interac-
tions with base-grade, often uniformed, security staff who operate access points
or guard property.
It is plainly inappropriate to judge the security function on those staff alone
but they are the front line for the corporate security department. The reality is
that those staff may be lowly paid and may sometimes be unimpressive. But they
have issues to deal with that others may nd exceedingly uncomfortable and be
unwilling to do. For instance, Button (2003) reports high levels of verbal abuse
and threats of violence experienced by security staff at a British shopping and
leisure complex where 40 per cent had experienced assault (slight bruising/
bleeding) in the past year (Button, 2003: 235). It is a credit to those who train, or
skill-up, these staff that major problems arise only infrequently.
Correcting management misunderstandings
The above clearly indicate possible sources of real strain between security and others
in the corporation. Many managers do not seem to understand the value of, or con-
590 The Handbook of Security
tribution to the corporation from the security department. They see security as a
burden or a cost. However such managers should think about the consequences
there might be for the corporation if it did not have a sound level of security.
On the other hand, the corporate security department must ensure that the
reasons for the various security requirements are explained. Somerson (2003)
puts this elegantly with respect to access control,
employees need to be told that the ID card is not intended to unduly inhibit
their ingress or egress, nor is it intended to identify their presence or other-
wise invade their privacy. Instead, the purpose of the ID card is to signify
clearly that staff is authorized to be at the facility and to discourage anyone
else from entering. (Somerson, 2003: 158)
The corporate security department must change the corporations mindset about
security and remove any lack of understanding of the role and activities of the
department. It may be that at present, many security professionals are not good
communicators, or lack the commercial awareness to see that they need to sell
their function.
4 What corporate security does
The corporate security smorgasbord
The range of activities undertaken by corporate security varies from corporation
to corporation a typical list appears in Kovacich and Halibozek (2003: 161).
However the only real exposure to security for many staff relates to access
control and ID passes, and those activities can lead to strains if not aggravation,
as catalogued above.
While not a complete list, the following outlines many of the activities that a
corporate security department undertakes in a typical corporation.
controlling ID pass issue and access (including reward programmes for staff
compliance)
managing a security control room monitoring CCTV and alarms
recommending and managing physical security hardware for corporation sites
managing on-site parking (including after-hours escorts and citations)
managing uniformed manpower (including after-hours patrols)
co-ordinating emergency evacuations
responding to on-site incidents
writing and publishing corporate security policies
developing and delivering security awareness programmes for employees
developing workplace violence prevention procedures
developing and maintaining fraud prevention strategies
providing executive protection services for management (including travel
briengs)
implementing security at residences of senior executives
Dennis Challinger 591
providing personal and domestic security guides for staff
overseeing security for off-site events such as AGMs
dealing with public demonstrations impacting on corporation sites
collaborating with Information Technology security counterparts
collaborating with Occupational Health and Safety practitioners
dealing with information leaks
investigating criminal incidents (including thefts by and from staff)
investigating harmful external activities like product counterfeiting
maintaining and analysing incident and intelligence databases
liaising with local law enforcement (when necessary)
This list more than adequately demonstrates the considerable contribution that
corporate security makes to the corporation. Yet the list is not, and should not
be, static. Indeed it should change as potential threats to the corporation
change.
For instance, since the 9/11 terrorist attack in New York, corporate security
departments in many corporations have been tasked with developing particular
plans for dealing with the risk of random and targeted acts of terrorism. Such
plans should result from continuous assessment of security risk, the other main
activity of corporate security.
Security risk assessment
Any corporate security department should be procient at undertaking security
risk assessments so that they can target their activities to address the greatest
risks to the interests of the corporation. Having identied the risks to the corpo-
ration it is necessary to develop countermeasures or options to mitigate them.
They include reducing the risk (for instance by installing security equipment or
implementing new policies), transferring the risk (for instance by insuring
against it or contracting others to manage it), or simply accepting the risk as a
cost of doing business (ASIS International, 2003: 14).
Security risk assessment comprises a particularly important contribution to
the corporation from the corporate security department. The risk assessment
process provides a way of prioritizing threats faced by the corporation.
That requires some necessarily subjective qualitative judgements to be made
of the likelihood of the threat and its impact on the corporation if it were to
occur.
The corporate security manager is clearly in the best position to make those
judgements as they belong to the corporation and in their day-to-day working
life are exposed to the range of the corporations activities. Those managers have
a real advantage over an outside security consultant who may, and in practice
often does, recommend a broad raft of security solutions that may be unneces-
sary because they are geared towards problems that the corporation does not
have, or which are relatively unimportant.
The standard risk assessment approach has long been used in nancial manage-
ment (e.g. by banks in assessing foreign exchange trading) and engineering (e.g.
592 The Handbook of Security
assessing the level of reinforcement needed in a high-rise building) but in many
respects is in its infancy in the (corporate) security area (but see Chapter 22).
Arguably 9/11 has much to do with this new focus on the risk assessment process.
Now corporations are aware that security risks must be part of their future risk
assessment activities and that good security is essential.
In the US corporate risk assessment has actually been mandated by the
Sarbanes Oxley Act of 2002 which was a legislative response to the accounting
scandals caused by the fall of some publicly held companies like Enron and
WorldCom. The Act requires compliance with a comprehensive reform of
accounting procedures for publicly held corporations to promote and improve
the quality and transparency of nancial reporting by both internal and external
independent auditors.
The Act aims to minimize the risk of corporate malfeasance, but
there are several links between Sarbanes-Oxley requirements and a companys
security program. They include: ensuring appropriate awareness of company
security policies and commitment by management; designing and implement-
ing appropriate security controls; and documenting and auditing security poli-
cies and making sure they are understood by management and end-users.
(Williams, 2003).
5 Impact of good corporate security
Commercial impact
The immediate impact of good security on the commercial health of a corpora-
tion is that it keeps the corporations assets secure. The assets are therefore able
to be utilized, the additional expenses involved in replacing them are avoided,
and the possibly greater losses through loss of business or inability to service
clients are forestalled.
Good security may actually increase business opportunities for a corporation.
For instance a shopping mall which is known to have good security in place can
actually attract customers from other malls where customers may feel less safe.
These intangible sorts of benets are picked up by Yates (2003) with what he has
termed the security dividend.
The concept of a security dividend
As Yates puts it (t)he key to making security sustainable is to ensure that all
stakeholders get a dividend for their security investment (Yates, 2003: 100).
Yates is an engineer who has reviewed the issue of security of Australias critical
infrastructure. His concern is seeing security embedded more formally in busi-
ness operations, and for that to happen he suggests there needs to be a good
return on any investment in security. Good corporate security will deliver a divi-
dend for all stakeholders, in this case particularly the corporation and its staff
and customers (who are part of the public at large).
Dennis Challinger 593
The security dividend for the corporation
The security dividend from good security in a corporation includes the following
(adapted from Yates, 2003: 101)
The corporations business efciency increases because good security is geared
towards preventing incidents that may cause loss. Indeed the change of title in
retailing from security to loss prevention was to emphasize the focus on pre-
venting bad events occurring a far more desirable outcome than addressing
the results of those bad events later on.
The corporation becomes more attractive to customers leading to an increase
in business. The converse of this is the loss of business that can occur in the
absence of security. In one English city it was estimated that 650 jobs were
lost within the retail and leisure sectors and turnover was reduced by
24 million (in 1990) as a result of avoidance behaviour which was caused by
the publics concern about crime in that city (Holden and Stafford, 1997: 5).
Indeed the impact of crime on shopping habits can be profound and include
postponement of purchases, less recreational shopping, and less shopping at
night (see Halverson, 1996).
The corporation increases its employee retention rate because people prefer to
work in a safe workplace. The nancial benet of reducing employee turnover
in a corporation cannot be understated. One study in 2000 found that the
annual cost of employee turnover in the supermarket industry exceeds indus-
try prots by more than 40% (Meyer, 2000: 40) so increased retention in that
industry would be most benecial.
The corporation demonstrates that it is a good corporate citizen, partly
because its investment in security reduces the demand on police services
allowing them to deal with more urgent matters. In a time when corporate
citizenship and ethical investing are becoming important considerations,
such a corporation becomes more attractive to investors and may increase its
shareholder loyalty.
The corporations exposure to legal liability claims is reduced when it is able
to show that it had taken care to incorporate appropriate security measures
into its business practices.
The security dividend for the public at large
The security dividend for the public from good corporate security takes a number
of forms but is very much related to the way in which that security impinges on
the public sphere. The use of attractive planter boxes on paths at the local shop-
ping centre as security against ram raids can contribute to the amenity of the
area. The installation of grafti-proof surfacing on new buildings can ensure a
more pleasant environment and greater use by the public while creating less
attractive sites for offenders. The re-design, installation of security lighting and
employment of attendants in public carparks have been shown to reassure users
and deter thieves (Oc and Tiesdell, 1998). And the employment of uniformed
594 The Handbook of Security
safety ofcers on public transport has been shown to make an important
contribution to cutting petty crime (van Andel, 1989: 55).
However, there is always the possibility that somehow introduced security
measures will lead to a negative public reaction, and therefore a negative security
dividend. For instance, the widespread use of opaque roll-down security shutters
can turn a strip shopping centre into a hostile environment and can convey a
message that the area is prone to crime (Beck and Willis, 1995: 206).
And recent research concerning young people in public places noted that
the cumulative impact of adverse interactions with police, security guards or
teachers can leave youth with a sense of betrayal by adults and powerless to
challenge such behaviour it may be that the long-term price of aggressive
policing and other forms of surveillance is a less cohesive community (Fine et
al., 2003: 155, emphasis added).
In turn that could lead to negative attitudes towards CCTV, at least from this
section of the public.
When a head of corporate security installs some surveillance at their workplace
which does overlook a public area, they would not normally consider the poss-
ibility that it would add to the cumulative impact mentioned above. They would
be even more unlikely to consider their security approach as possibly contribut-
ing to a less cohesive community in the future.
The impact of private security on the community at large is seriously discussed
by Zedner (2003) who writes whilst security is posited as a public good, its
pursuit is inimical to the good society (Zedner, 2003: 171). This is not the place
to deal with that argument but it is obviously important to consider the possibil-
ity of deleterious effects on the public from corporate security initiatives. Apart
from anything else, not being sensitive to the local community could lead to the
corporation losing business.
6 Impact of bad corporate security
The impact of bad security on a corporation can be swift, immediate and telling
and can arise in the following three ways.
Direct losses
The direct losses that affect the corporation commence with the nancial costs
associated with an incident, however even they may not be accurately counted.
Consider the burglary of a warehouse on a rainy night. The thieves remove
roong and drive off with stolen products in a corporation truck. Management
in many corporations would record the losses from that incident as comprising
the cost of the stolen product, the truck and repairs to the roof.
However the costs are considerably more than that, and it is incumbent on
corporate security to ensure that management appreciates the full extent of
damage to the corporation. The full costs are even more important to report
Dennis Challinger 595
accurately and completely when it is time to consider nancial measures relating
to corporate security (to be discussed later).
In the above burglary, the losses to the corporation do of course commence with
the value of the stock, the truck, and repairing the damages. In addition there is:
the cost of lost business because (the stolen) stock cannot be provided to
customers (who then go elsewhere);
the value of stock damaged by being left exposed to rain coming through the
hole in the roof the burglars left;
the cost of hiring a truck to enable deliveries to continue;
the cost of employee and management time spent clearing up, dealing with
the police, ordering replacement stock, etc instead of performing their usual
duties;
the cost of buying a new truck and tting it out in the corporations livery;
and so on.
Over and above the immediate costs resulting from a criminal incident, there are
other sources of increased costs. First, there are costs for increased security as
invariably management will decide to increase security at the site of the incident
(and sometimes adopt recommendations from corporate securitys earlier secu-
rity risk review of the site). And further direct costs may arise when the corpora-
tions insurance premiums are increased after a claim is lodged for the incident.
Indirect losses
The most serious indirect losses occur because of damage to the corporations
image or reputation. Plainly a hotel that is known to be frequented by drug
dealers and is the scene of drug overdoses will become unpopular. A hospital
which has suffered (even) one infant abduction, or has a record of thefts from
patients, will not be the rst choice for many patients. A shopping centre which
was the scene of an armed robbery where bystanders were shot may well be
avoided by many shoppers.
The negative media coverage that such incidents attract can fuel a long-term
negative consumer perception of the corporation and its brand. That can lead to
considerable public relations costs by the corporation in an effort to overcome
poor image problems.
But apart from the public, the corporations employees can also be gravely
affected by incidents occurring as a result of failed security. Stress or trauma-
related workers compensation claims may be made, and morale (thus productiv-
ity) may drop. Staff turnover may increase and industrial action may involve
strikes or working-to-rule, possibly generating even more damaging publicity. It
might also be necessary to offer higher wages in order to attract future employees
because of general negative perceptions of the workplace.
Legal action against the corporation
Corporations get involved in more than their fair share of litigation and bad
security can add to that burden. Public or premises liability cases are a major
596 The Handbook of Security
source of cost for corporations.
1
While investigations by corporate security iden-
tify some of these as fraudulent slip-and-fall cases in supermarkets are a good
example expensive payouts do occur, often due to a lack of duty of care.
Retailing corporations in particular are fairly frequent recipients of liability
writs. Some years ago it was said that the moment a retailer invites a customer to
park his car and enter their doors, that they are essentially creating entrapment,
and are therefore liable in case something happens to that shopper (Cockerham,
1994: 38).
Today,
the courts throughout North America have made it clear that property and
business owners have a duty to provide appropriate security and safety mea-
sures at each site. Because we live in a strong data-centric economic and busi-
ness environment, demonstrating this due regard almost invariably requires
providing credible documentation (Dalton, 2003: 580).
Most importantly, that documentation has to show that reasonable measures to
keep people safe and secure had been implemented by the defendant corporation.
To ensure that the measures are reasonable, the corporation needs profes-
sional advice from its corporate security department. It is not only incumbent
on the department to do that, it should be an objective of theirs to substan-
tially limit general liability exposure and the associated cost of premises liability
litigation (Figlio, 2002: 57). Figlio suggests that this is the second major objec-
tive of a corporate security department after the establishment of a good return
on investment for the corporation (an issue to be discussed later).
Even with good security in place some litigants will try it on in the hope that
the corporation might fold and settle, rather than run the risk of bad publicity. If
the security in place is bad they always stand a chance. That is why it is essen-
tial that corporate security provide the very best advice and their operatives
always conduct themselves efciently.
Of course there will always be bizarre liability claims. One was initiated in con-
nection with the rape of an American hospital patient, a 44-year-old woman suf-
fering from cerebral palsy, in hospital for chemotherapy and unable to defend
herself. The rapist was sentenced to ten years imprisonment. But he is now suing
the hospital for $2 million for its inadequate security in protecting visitors as
well as their patients, as that caused him pain and suffering.
2
Liability matters aside, another raft of litigation arises from defective security
practices. Most notable are false arrest or false imprisonment cases that result
from members of the public being erroneously apprehended for shoplifting. A
recent survey of 235 such lawsuits found that nearly all the suits were led for
justiable reasons (Patrick and Gabbidon, 2004: 49).
Many large judgements have been made to false-arrest plaintiffs who have
been inappropriately dealt with, or in some cases have actually died, after what is
often appalling behaviour by store security staff. There is not a better example of
the necessity for security operatives to be comprehensively trained and to
comply with the corporations security policy and procedures.
Dennis Challinger 597
A nal area of litigation is action for defamation. A recent Australian case
involved two contractors who were dismissed for stealing from a corporation
which incidentally had listed its impeccable reputation on its website as a key
value for success.
3
After dismissing the men, notices had been posted at corpo-
ration locations saying they had been dismissed for stealing. The notice also read
in part theft of any kind is unacceptable, is deemed serious conduct (sic) and will
result in instant dismissal. The men had not faced any criminal action. A jury
found they had been defamed and they were awarded $500,000.
7 How can corporate security demonstrate its value?
The above sections have given a good indication of the extent of corporate
securitys activities and outlined why it is important that they engage in good
practices. But measuring the corporate security departments actual value to the
whole corporation is not straightforward.
Separating out securitys impact
In many corporate settings, separating out the impact of security is difcult. As an
example consider a factory where the theft of workers personal property has
dropped over the past year. While corporate security had introduced awareness
programmes and had new lockers installed for staff, those actions alone may not
explain the drop. It may be that new staff rosters had been introduced along with a
new time-keeping system which could accurately list workers on-site at any time.
Perhaps an employee assistance programme with counselling for drug abuse and
gambling had been commenced. And the new factory manager with his habit of
walking around the factory daily may have had particular impact. It would have to
be said that at best corporate security could claim only some of the credit.
Worse, if workers in that factory had decided to stop reporting personal thefts
because they simply did not want to draw more management attention to them-
selves, the actual number of thefts may not even have dropped. This illustrates
how difcult it is to measure the very thing that corporate security is trying to
address.
The retail sector provides the best example of being able to measure the effect
of security on its operations. Regular six-monthly stocktakes provide a measure
of losses the retail corporation has suffered. But as with the above example, cor-
porate security cannot claim all the credit, though invariably they are blamed for
any increase in shrinkage that might have occurred.
A further complication arises if security decisions are actually made by others.
DiLonardos (1997) study of the use of electronic article surveillance (EAS) systems
in retail stores provides a good example. It shows that reductions in store shrinkage
occurred when EAS was introduced and sustained. It also shows the experience in
stores where, after shrinkage had reduced, management decided to remove the EAS
systems because the shrinkage had been achieved (and they wanted to put the
equipment in other stores which now had greater shrinkage). It is an important
nding that shrinkage in those stores increased after the EAS equipment was
removed, and reduced again when the equipment was re-installed.
598 The Handbook of Security
That episode also proved that the security measure did work and although the
decisions to withdraw it were not made by the security department, at the end of
the day the result reected well on them.
Evaluating corporate securitys preventive impact
It is a central tenet of corporate security that many of the security solutions it
implements will prevent incidents from occurring. But in broad terms there is a
paucity of hard data to support that belief.
Take one of the mainstays of corporate security, the uniformed security opera-
tive, found on corporation reception counters or access points worldwide. Dalton
wonders
(w)hat, if any, is the crime prevention value of a uniformed security ofcer?
Preventative value has been a long-standing issue, even in law enforcement.
From studies that have been done, it would appear that the presence of
uniformed personnel has little deterrent value (Dalton, 2003: 284).
This is perhaps a little harsh (see Gill, 2004). Intuitively, some people trying to
enter a corporations ofces without authority are going to be unsettled by a
uniformed operative who they must pass. Not that in reality that operative is
necessarily going to physically attempt to stop them, the mere presence of the
operative may cause the potential intruder to leave.
It is interesting that even without rm validation of the impact of uniformed
staff, one of the knee-jerk reactions to intruder problems is often for manage-
ment to insist on more uniformed operatives being deployed.
It may well be that uniformed or private security staff have an even wider
impact on the public. One recent study by econometricians found that private
security does produce some general deterrence impact on the incidence of crime
in the community at large, but statistically only for rape (Benson and Mast, 2001:
741). That research does however caution that obvious uniformed security
guards, signs and noticeable video cameras may simply displace some crime,
leading to a fall in the local crime statistics.
Mainstream research into crime prevention is not all that more convincing. In
one review of 13 physically-based (or situational) crime prevention programmes
Welsh and Farrington (1999) found that only eight of them returned clear-cut
benet-cost ratios. That is, the value of such activities as surveillance or target-
hardening was able to be demonstrated in some cases. Note however that pro-
grammes aimed at employee theft, fraud or shoplifting were excluded from their
review because the primary victim was a business, not a person or household
(Welsh and Farrington, 1999: 346).
Value to government
In discussion of the security dividend it was pointed out that government
received a benet from the presence of corporate security because it could free up
police resources for more serious or urgent matters. That would certainly arise
when there was a risk of a corporation being subject to some sort of political
Dennis Challinger 599
protest and minimal police resources were necessary to complement private secu-
rity resources on-site. This demonstrates the value of corporate security in a
broader sense.
The complementary nature of the relationship between police and corporate
security is also apparent when police take advantage of corporate assets, for
instance using a corporations security cameras to monitor activity on a public
street outside their premises.
This relationship between police and corporate security might be expected to
ourish in the future because as Sarre and Prenzler (1999) point out traditional
police (are now) very much secondary players in responding to crime because
security resources in most western countries outnumber traditional police by at
least two to one (Sarre and Prenzler, 1999: 17).
8 Funding corporate security
The return on investment (ROI) in corporate security
According to Figlio the rst fundamental objective of a loss prevention programme
is to demonstrate convincingly the return on investment of the organisations
security programs. (Figlio, 2002: 57) This is achievable when a particular security
solution is to be assessed for dealing with a particular problem, even though that
may still require acceptance of the sort of assumptions referred to earlier.
As a case in point, PricewaterhouseCoopers established that EAS systems
installed in retail stores to lower shrinkage, have a sound ROI. But that was based
on acceptance of inventory shortage gures as a sound and reliable measure of
in-store thefts (DiLonardo, 2003).
Demonstrating a sound ROI for a total corporate security department with all
the activities listed in section 4 is however a real challenge. It also sits awkwardly
with the measure of a successful corporate security department the absence of
problems.
Figlio is right however, modern management requires return on investment
(ROI) gures or some such to allocate funding within the corporation. Ultimately
all departments receive funding on the basis of that sort of nancial evaluation,
but the corporate security department is at a real disadvantage.
What the department has to do is to somehow convert the previously
described security dividend into dollars and then use them in its ROI calculation.
Once again that will require acceptance of a number of assumptions.
If those assumptions are not accepted by management, it is well nigh imposs-
ible to present a ROI for most of the security departments activities. Consider
the access control system which has successfully prevented strangers from enter-
ing the corporations premises. Assumptions would have to be made about the
number of intruders there would have been without that access control. And
further assumptions would have to be made about what those intruders would
have done while they were on corporation premises. Would they have stolen cor-
poration assets or worse, assaulted corporation workers? And what would the
value of the losses to the corporation have likely been?
600 The Handbook of Security
Or what of the fact that no burglaries have occurred on the corporations
premises, surely a clear sign that the security in place was effective. Here at least
there may be local police statistics showing the numbers of similar buildings in
the neighbourhood have been burgled. However any number of reasons could be
put forward to explain why those police gures do not provide a suitable bench-
mark those other buildings store different assets, they are unoccupied for
longer periods, etc.
And what of the factory burglary previously described? As discussed the total
costs associated with it were far greater than the value of the stolen property and
the damage done. If the corporate security department had faithfully costed all
recent burglaries, how relevant would that data be as a basis for ROI calculations?
What if the burglary had occurred on a ne rather than a rainy night?
In all likelihood, the nance department would be reluctant to accept an ROI
based on either the police statistics or detailed incident costs calculated by corpo-
rate security. So a corporate security head might take refuge in mounting a scare
campaign indicating the dire consequences that might follow if sufcient
funding is not provided. This move is a double-edged sword insofar as manage-
ment might see this as a sign of professional inability to protect corporate assets
and look for another director.
Even where relevant data is available there may be difculties using it to calcu-
late an ROI. As described earlier, in retailing, the levels of shrinkage revealed after
the six-monthly stocktake provide a metric that reects the activities of the secu-
rity (or loss prevention) department. Even here, however, there are any number
of internal and external factors that could have impacted upon the losses suf-
fered in a store (the new store layout makes it harder for thieves to get out
without payment, local police have clamped down on undesirable activity in the
local shopping precinct, etc).
But a greater difculty is that because the stocktakes are only conducted every
six months, the security department is trying to prove the value of having done
something six months previously. In the following months other things may
have happened to mitigate the impact of the security team.
It is not only the expenditure side of the ROI model where assumptions and
predictions need to be made. The corporate security head may have to forecast
changing patterns of offending against the corporation which will introduce new
costs. For instance, it may be that an increase on attacks on un-reinforced
vending machines on railway stations is predicted on the basis of recent target
hardening of vending machines in shopping centres.
The assumption that thieves will likely move to the soft targets, and that funds
would therefore need to be available to prevent losses from that, makes sense to
corporate security. However the nance department may again not be impressed
by the lack of hard data.
All is not lost however. The key thing is to make sure the corporation, and particu-
larly its nance department, appreciate the range of activities undertaken by cor-
porate security and appreciate the ways in which it makes sense to calculate benets.
The ROI task is hard but can be achieved with goodwill and understanding.
Dennis Challinger 601
Outsourcing corporate security
Invariably corporations are looking for ways to reduce the costs of running their
business. In particular they look at internal departments such as corporate secu-
rity whose functions could be outsourced because that would be cheaper.
But focusing on the issue of cost while ignoring performance is short-sighted.
Security professionals are split on whether outsourced security operatives
perform poorly. Dalton dispenses with myths about outsourced security staff, he
says they come from the same labour pool (as internally employed staff), they
can be loyal as loyalty is fostered by trust and acceptance, (and) higher turnover
has not been proved (Dalton, 2003: 81). Nevertheless, if outsourced security staff
are actually paid less and how else can they be cheaper? they may simply be
disinclined or unwilling to do the job well.
In practice it is usually base-grade security services that are outsourced. In
their discussion of contract (outsourced) security Button and George (1998)
focused on corporations use of contract static guards. They found that the
majority of their small sample of British corporations did outsource guard ser-
vices, but they also found that over four to ve years about 30 percent of the
sample had changed their mix of in-house and contract guards over time. This
indicates that continuous oversight of the performance and value of the
contract guards is undertaken.
The major hidden cost of outsourcing lies in the burden of managing the con-
tract relating to those staff. Without close management, the contractor providing
the security operatives can get away with providing a lesser service than that set
down in the contractual agreement.
The potential risk of a bad incident occurring as a result of that lesser service
delivery is a real concern. If litigation were to arise as a result of that incident,
the fact that the corporation had tolerated poor or sub-standard service delivery
would be particularly damaging.
The inclusion of performance-based payments and punitive clauses in a con-
tract would assist in more rigorously dealing with shortfalls in performance. But
that requires close contract management, and there is a direct cost to the corpo-
ration in doing that. Indeed the costs of doing so may well be greater than any
notional savings from using contract staff rather than in-house staff.
At the end of the day, the decision about using contract security staff is not a
simple matter of comparing costs. Hidden costs and risks need to be considered.
But more importantly there is a judgement to be made about the sort of security
resource that a corporation wants. A dedicated in-house security staff which is
professional, well-managed and part of the corporations culture has an inherent
value beyond the apparent cost-savings from using contract labour, however
many corporations can best be served by an appropriate blend of full- and
part-time and in-house and contract security personnel (Sennewald, 2003: 157).
Re-organization of corporate security
Another model for funding the corporate security department can be found
where a corporation has made all of its departments independent but with each
602 The Handbook of Security
charging the others for their services. This shared services model may be good in
theory but in practice can lead to fragmentation of the corporate culture.
Consider what might occur in practice. Senior executives from one of the busi-
ness units in the corporation are going overseas and the corporation security
policy requires them to receive a security travel brieng. When they learn that
they have to pay (usually less than market) internal fees for this brieng, they
decide to forego it because their expenses would increase if they did so.
Now corporate security is faced with a policy breach, as well as their own
budget shortfall. The business unit has acted in a way that is not in the best
interests of the corporation as a whole. After all if those executives were to come
to grief on their trip, the corporation might appear badly in the eyes of the
public and would also have to meet any unbudgeted expenses.
Another example of re-organizing corporate security is provided by the 5200
independently owned and operated Ace Hardware stores in the US. That group
created a wholly owned subsidiary company to provide loss prevention services
to their members it effectively privatized its corporate security department.
The nine-person (subsidiary) staff offers Ace retailers a variety of security services
on a voluntary fee-for-service basis. The program has succeeded not only in
reducing shrinkage but also in generating revenues (Falk, 1996: 47).
Again, the re-organization occurred to fund the operation of the corporate secu-
rity department. It appears in the Ace case, member stores were keen to buy secu-
rity expertise (and may have done so from a private supplier in the absence of
their own subsidiary). The risk in a big and formalized corporation is that security
will be relegated to nice-to-have rather than the essential service that it is.
9 Corporate security as a contributor to the bottom line
The discussion to date has clearly indicated the many ways in which corporate
security adds value to the corporation. Its actual contribution to the nancial
bottom line are necessarily indirect. For example preventing losses avoids strip-
ping money directly from the bottom line. And providing a secure and safe work-
place which reduces staff turnover and minimizes poor (and unproductive)
morale, averts unnecessary expenses for the corporation.
However the challenge for corporate security is presenting such contributions
in a way that modern management accepts. The difculty in doing that in a
nancial framework has been discussed in the context of establishing an ROI for
the corporate security department as a whole. And it is from the nancial per-
spective that the notion of corporate security being seen as a prot centre has
emerged.
The fundamental feature of a prot centre is that it is capable of generating
revenue which exceeds its operating costs. This is not a traditional role of a secu-
rity department and it would be a mistake to require it, as it could readily divert
the department from its important role of preventing other revenue in the cor-
poration from being lost. In any event, actual revenue generators in a corporate
security setting are few.
Dennis Challinger 603
One revenue generator could be the revenue from car-parking violations where
it is the corporate security departments task to manage car-parking. Another
could be the sale of access control tokens, especially replacement tokens for
which a surcharge might apply. In each case the security department would be
engaging in an unpopular enforcement-type role and it is plain that the damage
that could be done to the standing of corporate security within the corporation
could be substantial.
It has been suggested that civil recovery could act as a revenue source, but that
is a programme for the corporate victim of an offence to recoup some of the
funds they expended in dealing with a particular offender. While most fre-
quently used for shop thieves, civil recovery is also used by some corporations
when dealing with internal thefts. While civil recovery procedures can contribute
revenue to the organization they should never be used as a means of generating
a prot. In any event as Bameld points out, the proper role of private prot in
crime prevention and in dealing with offenders is a vexatious issue (Bameld,
1998: 263).
In summary then, there are three positions impacting the bottom line that a
corporate security department can adopt within a corporation.
If corporate security remains as a department within the corporation charged
with minimizing losses to the corporation as a whole, then it cannot operate
as a prot centre. In strict terms it remains a cost centre but as Millwee has
pointed out, (w)hat was once considered by some to be a cost center has
become a business benet center, as the safety and security of our co-workers
has redened the mission of security practitioners all over the world.
(Millwee, 2002: 122).
If corporate security becomes part of a shared service model, then by selling its
services within the organization it becomes a cost-recovery department. It
should not be expected to raise revenue over and above its actual costs, from
its internal clients. Imagine the internal outcry if in order to increase its
revenue stream the department increased the price of ID passes because that
was one of the few revenue raising devices it had.
If corporate security becomes an arms-length supplier of security advice to
the corporation it would cease to be part of, or tied to, the corporation.
The risk is that business units in the corporation might go elsewhere or
decline to use its, or any other, services. The good news is that with the Ace
Hardware example described above: Originally, the board of directors
wanted to break even with the company, but the service has paid for itself
over the past year and surpassed its nancial expectations (Falk, 1996: 47,
emphasis added).
Overall, corporate security must gain recognition for its contribution to
the bottom line. It can do that if it can convince employees and executives
that security matters to them, to the company, and to the community; that
it helps to protect the bottom line and, thus, their jobs (Somerson, 2003:
158).
604 The Handbook of Security
10 Corporate security moving forward
Embedding security in the corporation
Corporate security in the past has often been seen as somehow separate from the
rest of the corporation. In part this may have been caused by the enforcement
role the department had. But often their role was unappreciated and their contri-
bution to the scal value of the corporation was seen as a negative a cost.
There is no doubt that security professionals have missed important opportun-
ities to make security an integral part of the corporate team (Millwee, 1999: 118).
And it is certainly true that the time is here for corporate security departments to
break away from what has become the conventional approach to asset protection
and seek new venues for value added contributions. (Dalton, 2003: xxvi).
In some corporations, management are not aware, and do not consider, ways
in which security might contribute to the business of the corporation. A ne
exception to this is provided by American retailer Wal-Mart whose CEO states
that the VP of loss prevention is
required to sit in on every single management meeting that we have. They are
a part of that management groups core decisions that are made about whats
right for the business. They have to look at anything that were doing as the
rst line of thought from a loss prevention standpoint, because most mer-
chants and operators arent given to go there rst (Lee, 2002: 20).
One example of where corporate security can make a valuable contribution
relates to proposals for new business initiatives or new products. Corporate secu-
rity is able to identify ways in which the new initiative might be compromised
and lead to loss for the corporation. That would allow modications or safe-
guards to be built into the proposal to prevent those losses from happening in
the rst place.
Playing that role can sometimes support and give weight to new proposals. For
instance when an Australian supermarket corporation was planning to introduce
EFTPOS facilities for customers, corporate security was able to point out that
increasing the use of plastic card payment at store checkouts would have real
security benets. Customers paying with plastic and being able to make cash
withdrawals would reduce the amount of cash in checkout tills thus making
them far less attractive targets for snatch thieves. Additionally the need for deliv-
eries of cash to stores by armoured cars would reduce and the likelihood of
armed robberies in and around stores would decrease. Both of these were strong
points in favour of introduction of EFTPOS not foreseen by store operations.
Corporate securitys involvement in mainstream corporate activities is most
important. Joining with HR, safety teams and operations groups is part of that.
But the key is to become a versatile player.
(S)ecurity professionals must develop, rene and adopt a broader managerial
outlook. They must practice the same managerial competencies required by
general managers running their respective businesses.
4
Dennis Challinger 605
They must also become thoughtful and clever communicators to ensure that
management understands the benets of security for the corporation.
Cant measure cant manage
The difculties of providing hard data that would be accepted by the corporation
to justify funding corporate security have been discussed above. But of course
having hard data also allows corporate security to make sensible decisions about
its own activities. Figlio gives examples of the range of data that a retail loss pre-
vention manager might use to make future data-driven decisions truly possible
(Figlio, 2002: 57). He suggests that site-specic data is necessary including neigh-
bourhood crime vulnerability, specic detailed shortage (shrinkage) data and
details of security measures and programmes in use at the site.
But not only should hard security-related data be collected where possible, it
should not be kept hidden away. Yates suggests that corporations should report
on their security performance in their Annual Reports in addition to the com-
mentaries on their social, economic and environmental performance the com-
monly referred to triple bottom line. He notes that the advantage of integrating
security into the triple bottom line reporting approach is that security is seen in
the context of the other main business drivers, rather than isolated and uncon-
nected (Yates, 2003: 106).
Yates also suggests that corporate security needs a suite of measuring devices
including security impact statements, minimum security standards and other
benchmarks. That would leave the way open for insurance companies to offer
discounts off premiums for corporations whose security practices, especially
those related to terrorism, meet the standards.
The more corporate security can measure its activities the more it can illustrate
its value to the corporation. But more than that, it can use the data it collects
to better manage its day-to-day activities and to conrm that its security
programmes are efcient and meeting the corporations needs.
A new corporate security focus
In his appraisal of the security world since 9/11 Dalton asks what is a corpora-
tions most valuable asset? because obviously that should be the focus for corpo-
rate security. Somewhat surprisingly he opts not for its employees or its customer
base. He suggests:
that in terms of the survivability of a corporation, the most valued asset is the
companys intellectual property, that which positions them in the market-
place and allows them to remain competitive. Employees serve as the catalyst
for assuring that this asset intellectual property is developed, used and pro-
tected. IP denes the organisations ability to stay protable Only with
protability comes the assurance of continuity, which translates into job secu-
rity Employees, including the most senior executives, are replaceable. This
does not mean that they are not important, and perhaps even critical secu-
ritys role is not to abandon the protection of people and tangible assets
(Dalton, 2003: 72).
606 The Handbook of Security
That position leads Dalton to suggest a new model for a global security function
which would be largely advisory and have the following three pillars:
1 Business Risk analysis comprising: current business risks; new partner product
and market due diligence; major fraud investigations; data security invest-
igations; strategic fraud prevention; special request enquiries; competitive
intelligence protection; intellectual property protection; e-commerce threat
management and geo-political business proling.
2 Human Resource Security comprising: strategic partner qualication; security
awareness and ownership; international HR security; new hire qualications
and orientation; executive protection; workplace violence prevention; ethical
business practices.
3 Global Operations support comprising: corporate policy development; secu-
rity standards and guidelines; uniformed security services; site compliance and
quality assurance; systems design and research; special projects management
and special events management. (pp. 1745)
The activities listed under those headings encompass the corporate security of
old, but place them in a new perspective which may resonate with modern cor-
poration management. This is an example of weaving corporate security into the
corporation culture (Millwee, 1999).
This does not overcome the difculty of making a nancial case for the corpo-
rate security department. Nor does it overcome the need to develop metrics of
success. However it does clearly indicate the valuable contribution that corporate
security makes to the continued business success of any corporation.
Notes
1 See Chapter 6 by Dan Kennedy.
2 What, me, responsible? (2002) The American Enterprise, JulyAugust, Vol. 13, No. 5,
p. 10.
3 Employees Win $500,000 in Defamation Case (2003) The Age, 21 November, p. 4.
4 A Discontinuity in the Security Field (2002) POA Bulletin, August, pp. 15.
Key readings
For a good security text which canvasses the issues in an uncomplicated way see
Kovacich, G.L. and Halibozek, E.P. (2003) The Managers Handbook For Corporate Security:
Establishing and Managing a Successful Assets Protection Program, New York: Butterworth-
Heinemann. For a good and accessible example of the sort of hard data needed to make a case
for security, see Figlio, R. (2002) Using Data to Measure the Effectiveness of LP Programs and
Limit Your Liability, LossPrevention, MayJune, pp. 578. A more academic piece demonstrat-
ing reductions in employee theft has been written by Oliphant, B.J. and Oliphant, G.C.
(2001) Using a Behavior-Based Method to Identify and Reduce Employee Theft, International
Journal of Retail and Distribution Management, Vol. 29, No. 10, pp. 44251. While for a critique
of security which should get most practitioners thinking see Zedner, L. (2003) Too Much
Security, International Journal of the Sociology of Law, Vol. 31, No. 3, pp. 15584.
References
Albrecht, W.S. and Searcy, D. (2001) Top 10 Reasons Why Fraud is Increasing in the U.S.,
Strategic Finance, Vol. 82, No. 11, pp. 5861.
Dennis Challinger 607
ASIS International (2003) General Security Risk Assessment Guideline, Alexandria Virginia.
Bameld, J. (1998) Retail Civil Recovery: Filling a Decit in the Criminal Justice System,
International Journal of Risk, Security and Crime Prevention, Vol. 2, No. 4, pp. 25767.
Beck, A. and Willis, A. (1995) Crime and Security: Managing The Risk to Safe Shopping,
Leicester: Perpetuity Press.
Benson, B.L. and Mast, B.D. (2001) Privately Produced General Deterrence, Journal of Law
and Economics, Vol. 44, No. 2(2), pp. 72546.
Button, M. (2003) Private Security and the Policing of Quasi-Public Space, International
Journal of the Sociology of Law, Vol. 31, No. 3, pp. 22737.
Button, M. and George, B. (1998) Why Some Organisations Prefer Contract to In-House
Security Staff, in M. Gill (ed.), Crime At Work Vol 2, Leicester: Perpetuity Press,
pp. 20114.
Cockerham, P.W. (1994) Safe Shopping, Stores, June, pp. 389.
Dalton, D.R. (2003) Rethinking Corporate Security in the Post 9/11 Era, New York:
Butterworth-Heinemann.
DiLonardo, R.L. (1997) The Economic Benet of Electronic Article Surveillance, in
R.V. Clarke (ed.), Situational Crime Prevention, New York: Harrow and Heston, pp. 12231.
DiLonardo, R.L. (2003) The Economics of EAS: Rethinking Cost Justication for Apparel
Retailers, LossPrevention, NovemberDecember, pp. 206.
Falk, J.P. (1996) Nailing Down Hardware Store Security, Security Management, December,
pp. 4651.
Figlio, R. (2002) Using Data to Measure the Effectiveness of LP Programs and Limit Your
Liability, LossPrevention, MayJune, pp. 578.
Fine, M., Freudenberg, N., Payne, Y., Perkins, T., Smith, K. and Wanzer, K. (2003) Anything
Can Happen With Police Around: Urban Youth Evaluate Strategies of Surveillance in
Public Places, Journal of Social Issues, Vol. 59, No. 1, pp. 14158.
Gill, M. (2004) Uniformed Retail Security Ofcers, Leicester: Perpetuity Research and
Consultancy International.
Halverson, R. (1996) Crime Steals Shoppers Condence, Discount Store News, Vol. 35,
No. 9, pp. 70, 72.
Holden, T. and Stafford, J. (1997) Safe And Secure Town Centres: A Good Practice Guide,
Westminster: Association of Town Centre Management.
Kovacich, G.L. and Halibozek, E.P. (2003) The Managers Handbook for Corporate Security:
Establishing and Managing a Successful Assets Protection Program, New York: Butterworth-
Heinemann.
Lee, J. (2002) The View From The Top, LossPrevention, MarchApril, pp. 1720, 568.
Meyer, S. (2000) Employee Turnover: Its BigIts There, MMR, March 20, p. 40.
Millwee, S. (1999) How Can Security Get Inside the Door?, Security Management,
December, pp. 11618.
Millwee, S. (2002) Focus on ASIS, Security Management, February, p. 122.
Oc, T. and Tiesdell, S. (1998) City Centre Management and Safer City Centres: Approaches
in Coventry and Nottingham, Cities, Vol. 15, No. 2, pp. 85103.
Oliphant, B.J. and Oliphant, G.C. (2001) Using a Behavior-Based Method to Identify and
Reduce Employee Theft, International Journal of Retail and Distribution Management,
Vol. 29, No. 10, pp. 44251.
Patrick, P.A. and Gabbidon, S.L. (2004) Whats True About False Arrests, Security
Management, October, pp. 4956.
Private Security Firms Go Undercover in Your Hospital (2002) Healthcare Risk Management,
June, pp. 678.
Sarre, R. and Prenzler, T. (1999) The Regulation of Private Policing: Reviewing Mechanisms
of Accountability, Crime Prevention and Community Safety, Vol. 1, No. 1, pp. 1728.
Sennewald, C.A. (2003) Effective Security Management 4
th
edn, New York: Butterworth-
Heinemann.
608 The Handbook of Security
Somerson, I.S. (2003) Are Security Awareness Programs Undervalued?, Security
Management, August, pp. 1758.
Taylor, M. (2002) Systems Help Hospitals Ensure Patient, Staff Security, Business Insurance,
December 16, pp. 1416.
van Andel, H. (1989) Crime Prevention That Works: The Case of Public Transport in the
Netherlands, British Journal of Criminology, Vol. 29, No. 1, pp. 4756.
Welsh, B.C. and Farrington, D.P. (1999) Value for Money? A Review of the Costs and
Benets of Situational Crime Prevention, British Journal of Criminology, Vol. 39, No. 3,
pp. 34568.
Williams, F. (2003) Sarbanes, Oxley and You, CSO Magazine, October, at http://
www.csoonline.com/read/100103/counsel.html.
Yates, A. (2003) Engineering a Safer Australia: Securing Critical Infrastructure and the Built
Environment, Engineers Australia, Barton ACT.
Zedner, L. (2003) Too Much Security, International Journal of the Sociology of Law, Vol. 31,
No. 3, pp. 15584.
Dennis Challinger 609