In today's changing business environment, there are only a few things that are certain. One of them is that the main function of managers is to make decisions. The other is that such decisions are seldom made with all the elements of judgment. Most of the time, decisions must be made with only a few known elements. And it is in this territory dominated by uncertainty where business is done today. Some successful, others less so, but all more or less, have gone through decision-making under conditions of uncertainty.
And in Corporate Security, the procedure is more or less similar. Decisions are also made based on scarce, fragmented or worse, erroneous information. Given that information is the main input that security managers or consultants have to make operational decisions, it is vitally important that it be as complete as possible, as far as possible free of errors and relevant, in such a way facilitate the decision-making process. In some other article I will refer to what a self-respecting consultant should do to obtain information that meets these characteristics.
One of the first tasks that the corporate security consultant delves into is the analysis of the risk inherent in the company that is under analysis. It is nothing new to say that a correct interpretation and identification of the risks that the company incurs is the substrate on which all subsequent work, and subsequent decision-making, will be sustained, with the economic costs that this entails. Hence, it is essential that before beginning to identify risks, it is evaluated whether the information available to do so is adequate, sufficient, timely, truthful and mainly objective (capable of being measured).
So, analyzing the risks and the decisions that will be made is the process of carefully considering these information-related drawbacks.
Let us suppose that a team of consultants has developed a risk matrix for the crime of theft that has indicated that a certain company has a high probability of being robbed and the consequences of these are very serious. The information to build this matrix was obtained from successive meetings that the consultants held with different relevant actors of the company. This is because there is no record of previous events.
Once this result is obtained, the consultants focus on the design of the solution, which in this case consists in the company having to make investments to replace the old anti-intrusion system with a new one, with better benefits.
If we were to present this solution to the manager responsible for the company, the first question he would ask us is, how did you know then that the company has a high probability of being robbed? There would be uncertainty, reasonable for the rest, regarding the investment and most importantly, regarding the results that would be obtained. Is it worth making this investment based on the data presented? Judge for yourself.
Every time a decision must be made in an environment of uncertainty, there are 5 factors that must be taken into account:
a) The existing alternatives. What are the alternatives to the decision?
b) Any fact based on uncertainty. If we do not know if an event can occur, we must think that it can occur.
c) The benefits obtained in each pair of events and possible alternatives.
d) The probabilities that the events will occur.
e) A decision criterion, that is, a method to decide between different alternatives.
Now, if we assume that the company has a record of the historical information of criminal events committed within its facilities, our consultants could have a solid starting point. They could determine, among other things, what events have affected the company, when and how much they have represented in terms of economic losses for the company. This information may be contrasted with interviews or other methods.
After having this information and having processed it properly, the most convenient solutions to the problem that afflicts the company can be elaborated. However, special care should be taken in how the solution will be presented to the business owner or manager. In my opinion, a correct presentation should contain at least the following:
a) The problem that has been identified, duly assessed with the information obtained.
b) A classification matrix of the different investment alternatives, if it is required to invest in equipment or other elements.
c) A comparative economic evaluation of the alternatives in order to present the one that has the best benefits and means less investment.
d) A projection of the expected results, which also contains an economic valuation of the costs that the company has stopped losing as a result of the events suffered.
