Security in business organisations
Talking security
with Patrick Bhunu
SECURITY can be traced to as far back as humanity itself. There is, however, no specific definition for security although there have been a number of attempts to give a scientific definition to the concept of security. Perhaps one of the reasons why it is difficult to give a working definition to security is that it is multi-dimensional in nature and diverse in practice. In essence, it is a pragmatic concept that is determined by the context and nature of discipline.
Traditionally security is viewed as the provision of private services in the protection of people, information and institutional assets and for the betterment of the society at large. Security is a very broad subject which we can talk about to eternity. Like what I have mentioned above that the security industry is so diverse that it incorporates a number of multidisciplined actors. It ranges from individual protection to State/national security. For the purposes of this and many other articles to follow, I will mainly dwell on security in business organisations.
Gone are the days when, at the mention of the word security, one would envisage a security guard (button and handcuffs clinging onto a web belt) opening a boom gate for vehicles or carrying out body searches. While these are duties within the security mandate, there is more to security than just the traditional physical aspects.
Security is a complex and important mandate which should be given due recognition by any serious organisation. Most organisations today find themselves in loss making positions, partly because of lack of appropriate and relevant security systems and controls. They tend to protect the wrong things and in some instances they protect the correct things but in a wrong way.
There are mainly three types of security, depending on the type of organisation. The first one is proprietary security, commonly known as internal security. This is when organisation have their own internal set-ups and personnel.
The second one in called contracted security. This is when organisation contract private security companies to render security services to their organisation.
Lastly, there is a hybrid set-up, which is a combination of the proprietary and contracted security set-ups. I will not dwell much on the three types for today but will leave it as a topic for another day. It is up to organisations to select a set-up which fits well into their objective and which can easily be included in the enterprise-wide risk management.
Enterprise risk management entails that an organisation’s internal systems of control takes the form of an integrated framework in order to provide a more robust and extensive focus on the objectives of the organisation.
It is effected by people at every level of the whole production process and thus gives assurances that security systems in place are both pro-active and effective. It is equally important to note that a wellcrafted and effective security system is one that is proactive.
Pro-active systems are those systems that are set and implemented before an occurrence happen. They are preventive in nature. Once an organisation has put up security systems that deter people from committing acts that are deviant in nature, then it can have enough assurances that it is in a position to achieve its objectives.
However, because there is no security system the world over which is completely foolproof, a good security system should be able to detect that a breach has occurred and, where possible, recover the loss that has been incurred by the organisation.
It is, therefore, imperative for those who have the responsibility of designing security systems, policies and procedures to ensure that the three aspects of prevention, detection and recovery are always present.
This should be done, taking in cognisance the fact that different systems may apply in different situations. ‘‘One size certainly does not fit all’’. For example, what may be an effective security measure for the finance department may not be applicable to, say, the distribution department.
Depending on the size of the organisation, it is always ideal to have an integrated security set-up. Integration is when different security measures are applied throughout the organisation in order to have an almost waterproof set-up.
For example, an organisation may apply a combination of human guards, CCTV, biometric access control, vehicle log books, vehicle tracking systems and other monitoring devices with all these complementing each other. The nature of business of an organisation also determines the kind of security system that it may implement.