How to Utilize Governance for Security Decision-Making
Decision-making is a vital process that organizations must engage in on a daily basis. Executives in particular face pressure to make the right decisions that will move the company forward, best utilize resources, improve efficiency, and grow the performance of the company.
A key component to making informed decisions well is proper governance.
In a recent LinkedIn poll, we asked our audience if their security organization has a documented governance plan in place that addresses incident management, communication, and escalation.
75% said yes. If you are in the 25% of organizations that don’t, then keep reading to learn more about why this is critical. And even if you are in the 75%, you might want to see if it is time to update your governance plan.
Mission, Strategy, and Key Objectives
There are several steps to successful governance. The first step is to attach it to your mission, strategy, and key objectives as an organization.
Mission – Why does your organization exist and who does it serve?
Strategy – What steps does your organization take to achieve its goals, and who are the people important to that success?
Key Objectives – What are the benchmarks along the way, and how will you know whether you are succeeding or failing?
All three must work together to ensure that operations stay on track with expected outcomes. By establishing a strong governance system with an effective mission, strategy, and key objectives, organizations can increase their chances of long-term success.
Governance is a team sport! Every person in the organization plays a role in connecting governance to these three things, from the top of the organization all the way down to the bottom. Without this broad-based thinking, the governance plan won’t work.
Often, governance is seen as a cost-incurring activity rather than a revenue-generating one. And this is true from a strictly accounting standpoint. However, it only tells part of the story.
What are we losing by not making the right decisions?
Are you able to quantify how a lack of governance is costing your business?
Examples could include:
- Loss of reputation
- Security risks
- Safety risks
- Financial losses
- Missed growth opportunities
What can we gain through effective governance?
How would your bottom line benefit if governance was a consideration in every part of your business?
Examples could include:
- Ability to attract talent
- Successful partnerships and opportunities
- Improved efficiency and use of resources
- Financial growth
- A high level of security and safety for both employees and clients
What is the value of these items?
Are you able to assign a measurable dollar value to these items? How could this change your business for the better?
Answering these questions will help get buy-in from all the relevant stakeholders and create a vision for your business where governance works.
Step 1: Form a Governance Leadership Team
It is critical that your security team has a seat at this table. Otherwise, you may end up with systems or processes that are either ineffective at reaching your goals, or so onerous to implement on a practical basis that they are never enforced.
This team will establish the authority and scope, the approved standards, and the process to make corrections along the way.
Step 2: Engage All Levels of People, Process, and Technology
Governance must include all these areas of a business in order to be successful.
If you miss one area, the rest of the governance planning can break down.
Step 3: Build Your Governance Framework
Be aware of your organizational structure and how to build your governance accordingly. Too many organizations have a flat governance structure that is overly reliant on one segment of your team.
This can end up in a security director being called every time an incident occurs, rather than being able to attend to the important strategic analysis of the security department as a whole.
- Operational Level – Makes day-to-day operational decisions that have been previously defined in the governance plan and escalate non-standard items
- Working Team – Applies leadership guidance on a local and regional level to resolve non-standard operations and escalates high-impact or strategic items
- Core Team – Executes strategy to achieve the vision and provides strategic-level problem resolution
- Executive Team – Defines vision, direction, and the strategic plan
Utilizing this structure and making sure that every individual knows where they fit will ensure appropriate application.
Step 4: Expect and Design for Change
Your governance plan must include a plan for the inevitable and constant changes that come with business functioning.
Create a robust decision-making process that includes assessment and impact analysis and know how and when to escalate.
- Is there a framework for how and when to ask for upgrades?
- Does each person know how and where to report breakdowns in the systems?
- Are team members empowered to take responsibility and know how and when to escalate issues?
You should approach governance as a multi-year plan that you update every year. This allows you to work in a big-picture way, while still responding to a changing environment.
Keys to Successful Governance Planning for Decision-Making
Building relationships throughout your organization matters. Sometimes in the details and technical work of governance planning this is missed. Open communication, combined with strategic decision-making, are powerful tools.
Utilize steering committees and small work teams when possible so that you can streamline your efforts.
Governance can be a powerful tool in your toolbox for effective decision-making. It can help position your business as a leader in their field. However, it takes a commitment by the entire organization in order to be successful.
Atriade Atriade has worked on over 500+ projects, in 60+ industries, in 30+ countries. If you are ready to get expert assistance in creating your governance plan that will set you apart from your competitors, we are here to help. Our management team carries a lifetime of experience in all areas of Physical Security and Electronic Security that we are ready to put to work for your unique business and team.
Visit us online at Atriade.com
Connect with us on LinkedIn
Subscribe to our LinkedIn Newsletter: Take A Risk