PROTECTION
OF ASSETS
SECURITY MANAGEMENT
PROTECTION
OF ASSETS
SECURITY MANAGEMENT
PROTECTION
OF ASSETS
SECURITY MANAGEMENT
ASIS International | 1625 Prince Street | Alexandria, VA 22314 USA | www.asisonline.org
Copyright © 2012 by ASIS International
ISBN 978-1-934904-25-1
Protection of Assets is furnished with the understanding that the publisher is not engaged in
rendering legal, accounting, or other professional services. It is designed as a ready reference and
guide to the covered subjects. While every effort has been made to ensure accuracy of contents
herein, it is not an official publication and the publisher can assume no responsibility for errors or
omissions.
All rights reserved. No part of this publication may be reproduced, translated into another
language, stored in a retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording, or otherwise without the prior written consent of the
copyright owner.
Printed in the United States of America.
10 9 8 7 6 5 4 3 2 1
ACKNOWLEDGMENTS
ASIS International (ASIS), the world’s leading society for security professionals, originally founded
in 1955 as the American Society for Industrial Security, acquired Protection of Assets in December
2003. The acquisition of this work underscores the Society’s leadership role in professional
education. It is the sincere desire of ASIS and its editorial staff to continue to enhance the value of
this important reference.
Protection of Assets, which has been in existence since 1974, is recognized as the premier reference
for security professionals and the publisher wishes to acknowledge the two founding authors and
subsequent editors.
Timothy J. Walsh, CPP Richard J. Healy, CPP
Timothy L. Williams, CPP
Managing Editor
Editorial Associates
David G. Aggleton, CPP
Milton E. Moritz, CPP
Mike Hodge, J.D.
Sanford Sherizon, Ph.D., CISSP
Timothy J. Walsh, CPP, Editor Emeritus
As we move forward, confronted with issues that present a challenge to the security industry, our
mission is to ensure that Protection of Assets provides the strategic solutions necessary to help
professionals meet the demands of the 21st century and beyond. We also pledge to assemble a
group of subject matter experts who will enhance this reference as necessary to achieve our
mission.
Michael E. Knoke, CPP
Managing Editor
Eva Giercuszkiewicz, MLS, Project Manager
Evangeline Pappas, Production Manager
Peter E. Ohlhausen, Technical Editor
PREFACE
OBJECTIVES OF PROTECTION OF ASSETS
Protection of Assets (POA) is intended for a security professional to find current, accurate, and
practical treatment of the broad range of asset protection subjects, strategies, and solutions in a
single source.
The need for such a comprehensive resource is quite widespread according to the editors, writers,
and many professional colleagues whose advice has been sought in compiling this text. The
growing size and frequency of all forms of asset losses, coupled with the related increasing cost
and complexity of countermeasures selection, demand a systematic and unified presentation of
protection doctrine in all relevant areas, as well as standards and specifications as they are issued.
Of course, it would be presumptuous to assume that any small group of authors could present
such material unaided. It is, therefore, a fundamental objective of Protection of Assets to draw upon
as large a qualified source base as can be developed. The writers, peer reviewers, and editors
attempt to distill from the available data, common or recurrent characteristics, trends, and other
factors, which identify or signal valid protection strategies. The objective is to provide a source
document where information on any protection problem can be obtained.
Protection of Assets Ɣ Copyright © 2012 by ASIS International v
READERSHIP
Protection of Assets is intended for a wide readership: all security professionals and business
managers with asset protection responsibility. The coherent discussion and pertinent reference
material in each subject area should help the reader conduct unique research that is effective and
organized. Of particular significance are the various forms, matrices, and checklists that give the
reader a practical start toward application of the security theory to his or her own situation. POA
also serves as a central reference for students pursuing a program in security or asset protection.
DIALOGUE
We hope that Protection of Assets becomes an important source of professional insight for those
who read it and that it stimulates serious dialogue between and among security professionals. Any
reader who is grappling with an unusual, novel, or difficult security problem and would appreciate
the opinions of others is encouraged to write a succinct statement describing the problem and
send it to us at ASIS [[email protected]]. At the reader’s request his identity will
not be disclosed, but the problem will be published with invitations for comment. Readers are also
encouraged to communicate agreement or disagreement with strategies or applications recom-
mended in POA and to suggest alternatives. We reserve the right to publish or refrain from
publishing submitted material. The editors also solicit statements of reader opinion on matters of
asset protection policy in which a cross-sectional view would be helpful.
SUPPLEMENTAL TRAINING
Readers with supervisory or management responsibility for other security and asset protection
personnel will find POA to be a useful resource from which to assign required readings. Such
readings could be elements of a formal training syllabus and could be assigned as part of related
course sessions.
With all these objectives in mind, we present to you Protection of Assets, in the sincere belief it will
enhance your expertise in the security field.
Michael E. Knoke, CPP
Managing Editor
vi Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONTRIBUTORS
The success of this publication is directly related to the peer review process recognized by most
professions. Security professionals, members of academia, and other subject matter experts were
involved in contributing current information, conducting research, reviewing submissions, and
providing constructive comments so that we are able to provide a publication that is recognized as
the “go to” reference for security professionals worldwide.
It is with sincere appreciation that I wish to thank the below-named individuals who contributed
to Protection of Assets.
Teresa M. Abrahamsohn, CPP Lucien G. Canton, CPP Donald J. Fergus
Sean A. Ahrens, CPP James P. Carino, Jr., CPP Eugene F. Ferraro, CPP, PCI
Marene N. Allison Sue Carioti James H. Fetzer, III, CPP
Randy I. Atlas, CPP James S. Cawood, CPP, PCI, PSP Michael T. Flachs, CPP
George J. Barletta, CPP Steve Chambers, CPP, PSP Linda Florence, Ph.D., CPP
Mark H. Beaudry, CPP Richard E. Chase, CPP Richard H. Frank, CPP
Regis W. Becker, CPP John C. Cholewa, III, CPP Kenneth M. Freeman, CPP
Brent Belcoff, CPP Tom M. Conley, CPP Peter J. French, CPP
Howard J. Belfor, CPP Geoffrey T. Craighead, CPP Mary Lynn Garcia, CPP
Adolfo M. Benages, CPP Michael A. Crane, J.D., CPP John W. Gehrlein, CPP
Lawrence K. Berenson, CPP Bruce A. Dean, CPP Eva Giercuszkiewicz, MLS
Alexander E. Berlonghi Fritz X. Delinski Gregory A. Gilbert, CPP
Raymond J. Bernard, PSP Edward P. De Lise, CPP Frederick G. Giles, CPP
Henri A. Berube David A. Dobbins, PSP Timothy D. Giles, CPP, PSP
Martin T. Biegelman, J.D. Colin Doniger, CPP, PSP David H. Gilmore, CPP
Daniel E. Bierman, CPP, PSP Clifford E. Dow, CPP Christopher Giusti, CPP
Patrick C. Bishop, CPP Christina M. Duffey, CPP Leo Gonnering, PSP
Dennis R. Blass, CPP, PSP Brandon Dunlap Brian D. Gouin, PSP
Keith C. Blowe, CPP Nick Economou Richard P. Grassie, CPP
Paul F. Boyarin, CPP, PCI Cheryl D. Elliott, CPP, PCI Benjamin P. Greer
Tom Boyer James W. Ellis, CPP, PSP Steven R. Harris
Pete Brake, Jr., CPP William R. Etheridge Ronald D. Heil, CPP
Darryl R. Branham, CPP Gregory Alan Ewing, CPP, PSP Ed Heisler, CPP, PSP
Joseph P. Buckley, III Kenneth G. Fauth, CPP Richard J. Heffernan, CPP
Jason Caissie, CPP, PSP Lawrence J. Fennelly Chris A. Hertig, CPP
Protection of Assets Ɣ Copyright © 2012 by ASIS International vii
William T. Hill, CPP Owen J. Monaghan, CPP Charles A. Sennewald, CPP
Ronald W. Hobbs, CPP Wayne Morris, CPP, PSP Dennis Shepp, CPP, PCI
Mark D. Hucker, CPP Patrick M. Murphy, CPP, PSP Shari Shovlin
W. Geoffrey Hughes, PCI Carla Naude, CPP Marc Siegel, Ph.D.
John L. Hunepohl James W. Nelson Laurie Simmons, CPP, PSP
Gregory L. Hurd, CPP Robert L. Oatman, CPP Dennis Smith, CPP
Gregory W. Jarpey, PSP Gerald A. O’Farrell, CPP Stan Stahl, Ph.D.
Sheila D. Johnson, CPP, PSP Peter E. Ohlhausen Paul J. Steiner, Jr., CPP
Thomas R. Jost Leonard Ong, CPP Pamela M. Stewart, PCI
Diane Horn Kaloustian Harm J. Oosten, CPP Dan E. Taylor, Sr., CPP
Cathy M. Kimble, CPP S. Steven Oplinger Lynn A. Thackery, CPP, PSP
R. Michael Kirchner, CPP Denis A. O’Sullivan, CPP Mark L. Theisen, CPP
Glen W. Kitteringham, CPP Jaime P. Owens, CPP Dave N. Tyson, CPP
Michael E. Knoke, CPP Gerard P. Panaro, J.D. Joann Ugolini, CPP, PSP
Terrence J. Korpal James F. Pastor, Ph.D. Darleen Urbanek
James M. Kuehn, CPP David G. Patterson, CPP, PSP Mike VanDrongelen, CPP, PCI, PSP
David Lam, CPP John T. Perkins, CPP Karim Vellani, CPP
Rich LaVelle, PSP Karl S. Perman Barry J. Walker, CPP
Robert F. Leahy, CPP, PSP Kevin E. Peterson, CPP Michael W. Wanik, CPP
Robert E. Lee Charlie R. A. Pierce Roger D. Warwick, CPP
Jeff Leonard, CPP, PSP Doug Powell, CPP, PSP Fritz Weidner
Todd P. Letcher Patrick K. Quinn, CPP Richard C. Werth, CPP
Emblez Longoria, CPP, PSP Roy A. Rahn, CPP Allan R. Wick, CPP, PSP
Cynthia Long John D. Rankin, CPP Anthony S. Wilcox, CPP
Richard E. Maier, CPP William G. Rauen, CPP Donald S. Williams, CPP
Loye A. Manning, CPP, PSP David L. Ray, LL.B. Reginald J. Williams, CPP
Robert L. Martin, CPP Joseph Rector, CPP, PCI, PSP Richard F. Williams, CPP
Ron Martin, CPP Ty L. Richmond, CPP Timothy L. Williams, CPP
Roger B. Maslen, CPP Lisa M. Ruth Coleman L. Wolf, CPP
Judith G. Matheny, CPP Jeffrey J. Ryder, Jr., CPP, PSP Richard P. Wright, CPP
Edward F. McDonough, Jr., CPP Mark A. Sanna, CPP Richard Y. Yamamoto, CPP
Richard A. Michau, CPP Stephen Saravara, III, J.D., CPP Scott S. Young, CPP
Bonnie S. Michelman, CPP
viii Protection of Assets Ɣ Copyright © 2012 by ASIS International
TABLE OF CONTENTS
PREFACE
CONTRIBUTORS
Chapter 1. ADMINISTRATIVE MANAGEMENT PRINCIPLES . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Organizational Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2.1 Developing the Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2.2 Communicating the Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3 Principles of Business Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3.1 Human Resource Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3.2 Knowledge Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.3.3 Corporate Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.4 Conclusion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 2. FINANCIAL MANAGEMENT. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
2.1 Financial Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.2 Financial Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.1 Income Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2.2 Balance Sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.2.3 Cash Flow Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.3 Financial Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.3.1 Profitability Ratios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.3.2 Risk Ratios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
2.4 Limitations of Financial Statement Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.5 Budgets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.5.1 Return on Investment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.5.2 Creating a Budget . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.6 Implementing Financial Strategy and Financial Controls . . . . . . . . . . . . . . . . . . . . . 30
Chapter 3. STANDARDS IN SECURITY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.1 Introduction to Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.1.1 Characteristics of Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.1.2 Benefits of Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.1.3 Standards Development Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.2 Development of International Standards: ISO Example . . . . . . . . . . . . . . . . . . . . . . 38
3.2.1 Characteristics of ISO Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
3.2.2 ISO Standards Development Process . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
3.3 Development of National Standards: U.S. Example . . . . . . . . . . . . . . . . . . . . . . . . 40
3.3.1 Characteristics of ANSI Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.2.2 ANSI Standards Development Process . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Protection of Assets Ɣ Copyright © 2012 by ASIS International ix
3.4 Management Systems Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
3.4.1 Characteristics of Management Systems Standards . . . . . . . . . . . . . . . . . . . 42
3.4.2 Benefits of Management Systems Standards . . . . . . . . . . . . . . . . . . . . . . . 44
3.4.3 Plan-Do-Check-Act Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3.4.4 Well-Known Management Systems Standards . . . . . . . . . . . . . . . . . . . . . . 47
3.5 ASIS Global Standards Initiative . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.5.1 Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.5.2 Product Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
3.5.3 Organizational Resilience Standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Chapter 4. INTRODUCTION TO ASSETS PROTECTION . . . . . . . . . . . . . . . . . . . . . . . . . . 63
4.1 Basis for Enterprise Assets Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
4.1.1 Defining Assets Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
4.1.2 Relation to Security and Other Disciplines . . . . . . . . . . . . . . . . . . . . . . . . 65
4.1.3 Historical Perspectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
4.2 Current Practice of Assets Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
4.2.1 Underlying Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
4.2.2 Assets Protection in Various Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
4.3 Forces Shaping Assets Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
4.3.1 Technology and Touch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
4.3.2 Globalization in Business . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
4.3.3 Standards and Regulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
4.3.4 Convergence of Security Solutions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
4.3.5 Homeland Security and the International Security Environment . . . . . . . . . . . 83
4.4 Management of Assets Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
4.4.1 Concepts in Organizational Management. . . . . . . . . . . . . . . . . . . . . . . . . 85
4.4.2 Management Applications in Assets Protection . . . . . . . . . . . . . . . . . . . . . 86
4.4.3 Security Organization within the Enterprise . . . . . . . . . . . . . . . . . . . . . . . 87
4.5 Behavioral Issues in Assets Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
4.5.1 Behavioral Science Theories in Management. . . . . . . . . . . . . . . . . . . . . . . 89
4.5.2 Applications of Behavioral Studies in Assets Protection . . . . . . . . . . . . . . . . . 91
Appendix A: Insurance as a Risk Management Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Chapter 5. COST-EFFECTIVENESS AND LOSS REPORTING . . . . . . . . . . . . . . . . . . . . . . 107
5.1 Understanding the Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
5.2 What Cost-Effectiveness Means. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
5.3 Elements of Cost-Effectiveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
5.3.1 Return on Investment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
5.3.2 Security Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
5.4 Boosting Cost-Effectiveness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
5.4.1 Budget Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
x Protection of Assets Ɣ Copyright © 2012 by ASIS International
5.4.2 Cost Reduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
5.4.3 Cost Avoidance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
5.5 Data Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
5.6 Data Analysis and Display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
5.6.1 Claims Avoided . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
5.6.2 Proofs of Loss . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
5.6.3 Recovered Physical Assets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
5.6.4 Uninsured Claims or Causes of Action. . . . . . . . . . . . . . . . . . . . . . . . . . 120
5.6.5 Other Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
5.7 Systematic Incident Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
5.7.1 Creating an Incident Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
5.7.2 Functions of an Incident Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
5.7.3 Benefits of Incident Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
5.7.4 Policy on Submission of Incident Reports. . . . . . . . . . . . . . . . . . . . . . . . 125
5.7.5 Incident Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
5.7.6 Management Reporting from the Database. . . . . . . . . . . . . . . . . . . . . . . 126
5.8 Predictive Modeling by the Security Organization . . . . . . . . . . . . . . . . . . . . . . . . 128
5.9 Protection Planning without an Incident Database. . . . . . . . . . . . . . . . . . . . . . . . 129
5.9.1 Pilot Verifications of the Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
5.9.2 Modifications of a Growing Database . . . . . . . . . . . . . . . . . . . . . . . . . . 130
Appendix A: Incident Reporting Form. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Appendix B: Loss Reporting Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Chapter 6. THEFT AND FRAUD PREVENTION IN THE WORKPLACE . . . . . . . . . . . . . . . . . 137
6.1 Understanding the Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
6.1.1 Common Myths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
6.1.2 Motivation to Commit Theft and Fraud . . . . . . . . . . . . . . . . . . . . . . . . . 140
141
6.2 Employee Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
6.2.1 Prevalence of Employee Theft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
6.2.2 External Economic Pressure and Opportunity . . . . . . . . . . . . . . . . . . . . . 143
6.2.3 Youth and Theft Nexus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
6.2.4 Job Dissatisfaction and Effects of Social Controls . . . . . . . . . . . . . . . . . . . 144
6.2.5 Summary and Recommendations of Study . . . . . . . . . . . . . . . . . . . . . . . 145
146
6.3 Fraud and Related Crimes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
6.3.1 Common Elements of Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
6.3.2 Sarbanes-Oxley Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
153
6.4 Scope of the Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
6.4.1 Establishing a Model Prevention Program . . . . . . . . . . . . . . . . . . . . . . . 171
174
6.5 Dangers of Undetected Theft and Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix A: Flowcharts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix B: 50 Honest Truths About Employee Dishonesty . . . . . . . . . . . . . . . . . . . . . .
References/Additional Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Protection of Assets Ɣ Copyright © 2012 by ASIS International xi
Chapter 7. PRIVATE POLICING IN PUBLIC ENVIRONMENTS . . . . . . . . . . . . . . . . . . . . . 177
7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
7.1.1 Historical Perspectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
7.1.2 Conceptual Perspectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
7.1.3 Public/Private Partnerships and Statistics . . . . . . . . . . . . . . . . . . . . . . . 183
187
7.2 Contemporary Circumstances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
7.2.1 Economic and Operational Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
7.2.2 Order Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
7.2.3 Crime (Fear of Crime) and Terrorism . . . . . . . . . . . . . . . . . . . . . . . . . . 196
197
7.3 Principles of Private Policing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
7.3.1 Policing Role and Functional Distinctions . . . . . . . . . . . . . . . . . . . . . . . 200
201
7.4 Private Policing Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
7.4.1 Private Environment: Supplement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
7.4.2 Public Environment: Replacement. . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
7.4.3 Public Environment: Supplement . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
215
7.5 The Future of Private Policing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219
7.5.1 New Policing Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7.5.2 Structural/Operational Components . . . . . . . . . . . . . . . . . . . . . . . . . .
7.5.3 Legal/Licensing Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
References/Additional Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Chapter 8. CONSULTANTS AS A PROTECTION RESOURCE . . . . . . . . . . . . . . . . . . . . . . 227
8.1 The Value of Consultants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
8.2 Types of Security Consultants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
229
8.2.1 Security Management Consultants . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
8.2.2 Technical Security Consultants. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230
8.2.3 Forensic Security Consultants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231
8.2.4 Advisory Security Committee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
8.3 How to Use a Consultant. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233
8.4 How to Find a Security Consultant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
8.5 Selecting a Security Consultant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
8.6 Consulting Fees and Expenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
8.7 Working with Consultants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240
8.7.1 Coordinating the Project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
8.7.2 Organizational Orientation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
8.7.3 Levels of Assistance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
8.7.4 Scope of Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243
8.7.5 Work Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
8.7.6 Progress Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244
8.7.5 Final Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
8.8 The Future of Consulting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Appendix A: Alphabetical Soup of Consulting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
Appendix B: Application for Consulting Assignment . . . . . . . . . . . . . . . . . . . . . . . . . .
xii Protection of Assets Ɣ Copyright © 2012 by ASIS International
Appendix C: Curriculum Vitae . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250
Appendix D: Professional Consulting Services Agreement . . . . . . . . . . . . . . . . . . . . . . . 252
Appendix E: Consulting Security Agreement—Joint Certification . . . . . . . . . . . . . . . . . . . 254
Appendix F: Conflict of Interest Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Appendix G: Professional Services Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256
Appendix H: Statement of Professional Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Appendix I: Policy on Consultant’s Expenses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Appendix J: Consultant Travel Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264
Chapter 9. EXECUTIVE PROTECTION IN THE CORPORATE ENVIRONMENT . . . . . . . . . . . . . 267
9.1 History of Executive Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
9.2 Research on Executive Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
9.3 Basics of Executive Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270
9.4 Financial Implications of Executive Protection . . . . . . . . . . . . . . . . . . . . . . . . . . 270
9.5 Philosophy of Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
9.6 EP Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
9.7 The Power of Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
9.8 Office and Home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
9.9 The Advance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
9.10 Working the Principal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
9.11 Protection Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
9.12 Future of Executive Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Chapter 10. SECURITY AWARENESS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
10.1 Levels of Awareness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
10.1.1 Executive Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
10.1.2 Middle Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
10.1.3 First-Line Supervision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
10.1.4 Individual Employees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
10.1.5 Non-Employees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293
294
10.2 Purposes of Security Awareness. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296
10.3 Developing and Delivering a Security Awareness Program . . . . . . . . . . . . . . . . . . . 297
298
10.3.1 Techniques, Materials, and Resources. . . . . . . . . . . . . . . . . . . . . . . . . . 299
10.3.2 Obstacles to an Effective Awareness Program . . . . . . . . . . . . . . . . . . . . . 300
10.3.3 Measuring the Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
10.4 Engaging Employees to Prevent Losses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
10.4.1 Positive Security Contacts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
10.4.2 Policies and Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Protection of Assets Ɣ Copyright © 2012 by ASIS International xiii
Chapter 11. WORKPLACE SUBSTANCE ABUSE: PREVENTION AND INTERVENTION . . . . . . . . 305
11.1 Historical Perspective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
11.1.1 A Change of Mood . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
11.1.2 Legal Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
11.1.3 War on Drugs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
308
11.2 Human Cost of Substance Abuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
11.3 Role of the Employer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
11.4 Why the Workplace? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
310
11.4.1 Rationalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
11.4.2 Opportunity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
11.5 Path of Workplace Substance Abuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
11.6 Drugs of Abuse . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
11.6.1 Controlled Substance Act . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
11.6.2 Depressants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
11.6.3 Narcotics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
11.6.4 Stimulants. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
11.6.5 Hallucinogens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
11.6.6 Marijuana . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
11.6.7 Analogue or Designer Drugs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
11.6.8 Prescription Drugs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
11.7 Addiction and Chemical Dependency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
11.7.1 Addiction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
11.7.2 Chemical Dependency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
11.7.3 Functional Abusers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
11.7.4 Denial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326
11.7.5 Enabling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
11.7.6 Codependency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327
11.8 Role of Supervisors and Managers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
11.8.1 Drug-Free Workplace Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
11.8.2 Investigation and Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
11.8.3 Employee Hot Lines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
11.8.4 Intervention. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
11.8.5 When Intervention Fails . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
11.8.6 Employee Assistance Programs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
11.8.7 Behavior Modification through Role Modeling . . . . . . . . . . . . . . . . . . . . . 334
11.8.8 Reintegration of the Recovering Employee . . . . . . . . . . . . . . . . . . . . . . . 335
11.8.9 Employee Education and Supervisor Training . . . . . . . . . . . . . . . . . . . . . 335
11.9 Drug Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
11.9.1 Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
11.9.2 Accuracy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
11.9.3 Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
11.9.4 Employer Incentives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
11.9.5 Liability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix A: Drug Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
xiv Protection of Assets Ɣ Copyright © 2012 by ASIS International
Appendix B: Common Questions About Drug Testing. . . . . . . . . . . . . . . . . . . . . . . . . . 343
Appendix C: Supervisor’s Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Appendix D: Intervention Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Appendix E: U.S. Federal Legislation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
Appendix F: Sample Substance Abuse Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350
References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Chapter 12. ADDRESSING WORKPLACE VIOLENCE THROUGH
VIOLENCE RISK ASSESSMENT AND MANAGEMENT . . . . . . . . . . . . . . . . . . 357
12.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
12.2 Conceptual Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360
12.3 Focus Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
12.4 Liability and Legal Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362
12.5 Behavioral Dynamic of Workplace Violence . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
12.6 Incident Management Team (IMT) and Resources . . . . . . . . . . . . . . . . . . . . . . . . 365
12.7 Violence Risk Assessment Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
367
12.7.1 Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367
12.7.2 Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
12.7.3 Intervention and Non-Emergency Situational Resolution . . . . . . . . . . . . . . 372
12.7.4 Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
12.7.5 Review and Debriefing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
12.8 Future of Workplace Violence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375
Appendix A: Model Policy for Workplace Violence. . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
References/Additional Reading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
INDEX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Protection of Assets Ɣ Copyright © 2012 by ASIS International xv
TABLE OF FIGURES
2-1 Income Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
2-2 Balance Sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2-3 Cash Flow Sheet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2-4 Margins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2-5 Returns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2-6 Risk Ratios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3-1 Plan-Do-Check-Act Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3-2 Standards Development Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
3-3 Organizational Resilience: Security, Preparedness, and
Continuity Management Systems-Requirements with Guidance for Use . . . . . . . . . . 60
4-1 Examples of Organizational Assets by Type . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
4-2 Paradigm Shift Frequency Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
4-3 School Security Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
4-4 Selected Standard-Setting Bodies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
4-5 Selected Security Certification Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
4-6 Three Managerial Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
4-7 Assets Protection Customers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
4-8 Maslow’s Hierarchy of Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
5-1 Return on Investment (ROI) Formula . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5-2 Problems Discoverable on Security Officer Patrols . . . . . . . . . . . . . . . . . . . . . 115
5-3 Main Methods Used in Social Science Research . . . . . . . . . . . . . . . . . . . . . . . 118
6-1 Financial Impact of Theft or Fraud. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
6-2 Common Targets and Methods of Theft and Fraud . . . . . . . . . . . . . . . . . . . . . 149
6-3 Comprehensive Model of Theft and Fraud Prevention, Investigation,
and Program Testing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
7-1 Provision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
7-2 Functions of Private and Public Police. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
7-3 Public Safety Policing Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
7-4 Continuum of Governmental Authority . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
7-5 Functionality/Criticality Continuum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216
12-1 U.S. Fatal Occupational Injuries by Event or Exposure, 1994-2009. . . . . . . . . . . . . 359
12-2 A Theoretical Behavioral Escalation Curve for Emotion-Based Violence . . . . . . . . . 365
xvi Protection of Assets Ɣ Copyright © 2012 by ASIS International
CHAPTER 1
ADMINISTRATIVE
MANAGEMENT PRINCIPLES
1.1 OVERVIEW
Security managers are, as the name suggests, both security specialists and business
managers. Most of Protection of Assets focuses on security-specific issues. However, to serve
their organizations effectively, security managers must also understand business principles.
With that knowledge, they can organize their efforts in a way that best supports the overall
vision and mission of their organization. Without that knowledge, they may focus on security
as an end in itself. Security managers who understand business are best positioned to
collaborate with top management and to turn their departments into valuable corporate
resources that support organizational success. Effective security managers are those that are
recognized within their organization as business partners.
In any business, people work and interact to produce a product, service, or both. This
interaction leverages the labor of individuals to enable the business to realize a net profit that
supports investors, managers, customers, and employees.
At some point a business must determine the type of product or service to sell and how to
develop, deliver, and finance that output. To manage this process successfully, managers
and owners must employ practices that support the goals of their business. They must also
develop metrics that define success and support business decisions. Ultimately these
practices aim to define business success not only in the near term, but also over the life of the
business through quantifiable metrics.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 1
ADMINISTRATIVE MANAGEMENT PRINCIPLES
1.1 Overview
Two hypothetical food service businesses illustrate these themes:
Expensive Italian restaurant. A famous chef opened a high-end restaurant to serve
business clientele in a fashionable downtown district. He realized that his revenue per
plate must be considerable to support his location and staff and generate a profit. The
restaurant’s servers now provide exquisite customer service; cooks prepare the food
with the best ingredients and attention; busboys keep the tables neat; and
management coordinates and supervises their efforts. For this high level of service, a
premium is charged. Customers are willing to pay because the restaurant provides a
continued level of exquisite service and excellent food quality. As a result, the
restaurant hosts a constant flow of high-profile professionals during the evenings.
Inexpensive quick-service restaurant. Several blocks closer to the downtown offices,
two young entrepreneurs saw a gap in quick, inexpensive food options in the area, so
they opened a large, low-cost American fast food franchise. Understanding that
providing a cost-effective lunch option would require large volumes as a result of the
thin profit per meal, the owners marketed the restaurant heavily in nearby offices to
generate the necessary customers, who now shuffle in and out quickly with inexpensive
food during the weekday lunch rush. Further, the restaurant captures some late-night
business from people working late and others heading out to nearby nightlife. The
customer service is limited, but the food is tasty and filling, though not of the highest
quality. Management focuses on quick service and a basic level of cleanliness and
customer service. The restaurant is constantly busy serving customers who require
food quickly so they can be on their way.
Which of the two restaurants is more successful? The Italian restaurant earns more profit per
plate of food than the fast food restaurant, yet the fast food restaurant can serve significantly
more customers. The success of each restaurant is determined by its management practices
and expectations. The management of the Italian restaurant wants the establishment to be a
premium dining facility serving customers looking for a high-end product. The fast food
restaurant, on the other hand, is focused on people who are busy and need a quick,
inexpensive bite to eat.
Both businesses can be considered successful because their management-defined business
processes support the restaurants’ specific purposes. The managers understand the types of
customers they serve, the financial requirements of the business, and ways to coordinate
staff efforts.
2 Protection of Assets Ɣ Copyright © 2012 by ASIS International
ADMINISTRATIVE MANAGEMENT PRINCIPLES
1.2 Organizational Strategy
The following example teaches the same lesson differently:
Paper products company. The executive committee at a paper products company
decided to invest heavily in high-end manufacturing equipment targeting local firms
with an interest in printing marketing material. The company mainly produces
letterhead, stationery, and basic business cards. After installing the equipment and
setting up the production process for potential orders, the executive committee found
that sales were not meeting the required levels for profitability. They had failed to see
that their customers (local companies) were migrating to Web-based marketing and
were limiting their use of printed marketing materials. As a result, the paper company
began to realize losses in its new division.
Clearly, a business must understand its purpose and create management practices that
support it. To define the business purpose, management typically writes a business strategy.
To implement that strategy, management develops appropriate administrative practices.
1.2 ORGANIZATIONAL STRATEGY
The organizational strategy (also called a strategic plan) is set out in writing by a business
unit’s top leadership. It does not focus on day-to-day operations but provides a general
direction. The organizational strategy is the fundamental template for direction that defines
and supports long-term goals.
The organizational strategy serves as the foundation for developing business processes.
Those processes should support the overall business structure required to meet the
organizational strategy. Key metrics and performance indicators can be studied to determine
whether the processes accurately reflect the organizational strategy. Using this feedback, an
organization can, if necessary, change the implementation of the strategy or even shift the
strategic focus itself.
Defining an organization’s overall strategic purpose is essential for developing company-
specific management practices. The organizational strategy defines why the business exists
and how it will maintain itself as a profitable, viable entity. Answering these questions
requires looking at the business not only in the moment but also three to five years out.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 3
ADMINISTRATIVE MANAGEMENT PRINCIPLES
1.2 Organizational Strategy
In developing an organizational strategy, it is helpful to ask such questions as the following:
x What markets does the business want to serve? Are they narrow or broad?
x What products do those markets require? Is there stiff competition? What are the
technological costs to develop and sell the products?
x Who will sell the products: the company, wholesalers, retailers?
x Will the company make money through low margins with high volume or high margins
with low volume?
x What quality of product or service will be provided?
x How will the company be financed? What revenues and profit margins are required to
sustain the business?
x What are the Strengths, Weaknesses, Opportunities and Threats involved in the
business venture (SWOT)?
1.2.1 DEVELOPING THE STRATEGY
The first step is to understand the business and where it needs to be in the future. The current
state of the business can be deduced by looking at products offered, markets targeted, and
financial results. To determine where the company should be in the future, leadership must
consider how the company can maintain its profitability.
Comparing the current company and the desired future company, leadership is likely to
observe some distance between the two. If the company is already meeting leadership’s vision,
the organizational strategy can be minimal, merely capturing existing practices to maintain
and adjust them over time. If the company’s current state is far different from its desired state,
the organizational strategy will play a greater role in setting the corporate direction.
4 Protection of Assets Ɣ Copyright © 2012 by ASIS International
ADMINISTRATIVE MANAGEMENT PRINCIPLES
1.3 Principles of Business Administration
1.2.2 COMMUNICATING THE STRATEGY
Once a strategic direction is understood, it is essential to capture that direction and com-
municate it effectively within and outside the organization. The following topics can help
communicate the organizational strategy:
Vision The vision of an organization is a specific description of where the business will
Mission be in the long-term. The vision statement conveys a general understanding of
the business, its culture, and its future goals.
Objectives
The mission of the business specifies its types of products or services, level of
quality, and other tangible aspects of the business and its plans. This is a more
concrete statement.
While the vision states objectives and business goals, the mission com-
municates business functionality and operational methods.
This statement includes the specific organizational objectives so that all
involved parties can understand what needs to be done. The objectives should
highlight specific goals that the organization wants units to achieve in terms of
sales, market share, product differentiation, or other relevant metrics. The
objectives must be SMART (Specific, Measurable, Attainable, Relevant, and
Time-bound).
1.3 PRINCIPLES OF BUSINESS ADMINISTRATION
To meet its objectives and implement its strategy, a business must pay attention to its primary
resource: its people. Effectively managing current employees and hiring new ones is essential.
It is employees who will embrace the organizational strategy and execute its principles.
Management principles make it possible to tailor daily operations to support the organiza-
tional strategy. For example, if the organization wishes to redevelop a business unit and focus
on an emerging technology as opposed to relying on legacy products, then the operational
focus for human resources should be to find people who can support emerging technology.
Business principles define how an organization functions. Among the most important issues
they must address are human resource requirements, knowledge management, and corporate
structure.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 5
ADMINISTRATIVE MANAGEMENT PRINCIPLES
1.3 Principles of Business Administration
1.3.1 HUMAN RESOURCE MANAGEMENT
The Human Resource (HR) department is one of a company’s most valuable departments. A
good HR department can find and keep high-level talent for the company and leverage that
talent to maximum effectiveness.
While the HR department’s daily focus is staffing, it also promulgates corporate policies and
procedures to employees and provides training and performance measurement. In doing so,
the HR department must align its actions with the overall corporate strategy.
Staffing
The most visible component of the HR department is staffing. Whether a company
outsources staffing searches or handles them internally, it is important for an organization to
understand how to conduct an effective job requirements analysis, thorough candidate
profiles, and effective interviews and evaluations. It is difficult to assess a candidate based
solely on a résumé and a single interview.
Staffing decisions should be measured against a detailed job requirements analysis. The
analysis should be made not only by the manager responsible for hiring but also by other
team members and organizational leaders. The position requirements thus developed must
be narrow enough to be accurate but broad enough to include many good candidates.
How might this work in practice? In a hypothetical example, the head of security for a global
manufacturing firm might need a security manager for corporate headquarters. The security
manager would work with corporate executives, supervise headquarters security personnel,
and in general ensure that the facility is protected.
The job requirements analysis addresses both direct and indirect requirements. The direct
requirements are those that the candidate must meet to understand and function in the position.
The indirect requirements are skills that will increase the candidate’s likelihood of success.
The following are examples of direct requirements:
x certifications, such as technical or driving certifications
x education level, such as a bachelor’s or master’s degree
x years of experience
x previous job responsibilities
x knowledge of computer applications, such as Microsoft Word or Excel
6 Protection of Assets Ɣ Copyright © 2012 by ASIS International
ADMINISTRATIVE MANAGEMENT PRINCIPLES
1.3 Principles of Business Administration
Indirect requirements, which are less specific, include the following:
x leadership ability
x ability to multitask
x organizational skills
x communication skills
The job requirements analysis should weigh which skills are most valuable for the position. If
a company needs a crane operator, the direct requirements may be more significant because
of the safety issues involved and the skills required to operate a crane at an industrial site.
However, if the company is trying to fill an engineering role, some of the indirect
requirements may have more weight because of the need for the engineer’s design work to
interface correctly with that of other engineers.
Returning to the example of the headquarters security manager, analysis of the job require-
ments shows that the candidate must be able to ensure the physical security of the building,
supervise security staff, and interact with corporate executives and high-level managers, who
are the primary occupants of the building. The ability to handle the primary security
functions is still the most valued requirement, but several other skills are also necessary,
such as leadership, management, and interpersonal skills. The head of security will need to
communicate these needs to the HR staff responsible for filling the position.
Internal recommendations are the best way to recruit a good candidate; most employees
would not recommend someone they did not believe could fill the position. Also, hiring
people who have worked with other company employees may help create a more cohesive
team. To encourage internal recommendations, HR should post jobs in a way that effectively
reaches an internal audience.
To reach a larger pool of candidates, it is useful to advertise the position in newspapers and
online. To deal with the many résumés that may be submitted in response to a public listing,
staff must filter the résumés and invite only the most viable candidates for an interview. One
way to reduce this labor is to hire external recruiters.
Once candidates have been selected, it is time to prepare for interviews. To appeal to the best
candidates, a company must impress them just as much as they must impress the company.
HR should ensure that interviewers provide a thorough overview of the company and the
benefits of working for that company.
The interviewer should also examine the candidate’s objective capabilities and subjective fit
with the team the candidate would work with. This latter measure is sometimes the more
important one.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 7
ADMINISTRATIVE MANAGEMENT PRINCIPLES
1.3 Principles of Business Administration
Policies and Procedures
The HR department must also establish policies and procedures to outline how business will
be conducted at the organization. Policies cover items that the organization monitors and
expects employees to conform to. Some policies are driven by government regulations,
which differ for different types of business. Procedures deal with specific items—for example,
how an employee should handle setting up vacation time.
Many types of regulations can affect company policy. In the United States, regulations
related to the following should be researched:
x minimum wage requirements (federal and state)
x Family and Medical Leave Act
x Occupational Safety and Health Administration
x security regulations for organizations that handle sensitive government data
x building codes
x waste and hazardous material management
x drug and alcohol abuse
x harassment and liability issues
x corporate property use
x leave policies
x information technology use
x ethics
Different countries may have similar laws, and if conducting business abroad, the regulatory
issues of such countries should be considered as well.
Policies should be useful and simple and should not overload employees. When developing
policies, it is useful to work closely with the managers whose teams will be most affected by
the policies. They can provide details of current operations and the probable effects of policy
changes. Collaboration can also create management buy-in that increases the likelihood that
policies will be executed and maintained. Compliance with policies can also be strengthened
through training or certification that teaches employees the details of the policies and the
consequences of violating them.
In addition to corporate policies, which provide broad descriptions of how operations will be
conducted, specific procedures need to be developed so that employees will know how to
react to various issues. Clearly articulating company procedures helps prevent confusion.
These procedures should address a wide variety of topics and should be widely promulgated.
Further, staff understanding of the procedures should be refreshed regularly to ensure that
everyone is up-to-date and understands how to respond when an issue arises.
8 Protection of Assets Ɣ Copyright © 2012 by ASIS International
ADMINISTRATIVE MANAGEMENT PRINCIPLES
1.3 Principles of Business Administration
Procedures should encompass all topics that are important for daily functions. The following
are possible subjects of company procedures:
x security
x inclement weather
x building evacuation
x filing a complaint
x requesting leave
x timekeeping
x purchasing
x corporate property rights
The policies and procedures should reflect the ideal functionality of the organization. They
support proper staff behavior and lead to a hospitable, safe workplace.
Performance Measurement and Training
To aid employee development and retention, employers must review and reward employee
performance and provide training mechanisms for employee growth. In today’s working
world, it is easy for employees to transition to other companies if they feel they are not being
engaged enough or their personal growth is suffering. Therefore, companies should use
performance metrics and training modules to foster employee development.
Training may be provided within or outside the company. Internal training is typically aimed
at helping employees do their current jobs better. For instance, an electronics assembler can
be trained on more efficient assembly techniques with different tool sets. Other training
might foster employee growth by giving employees the opportunity to learn different disci-
plines within the company.
Training can also be conducted outside the organization. Employees may pay for the training
themselves, or the company may pay for it, and the training may take place on employees’
own time or during working hours. This external training may be taken in university courses,
at seminars or conventions, or in other venues. It often imparts information that is outside
the scope of the current work environment and that may promote innovative approaches to
work tasks.
The metrics for evaluating employees should align closely with the organizational strategy.
For example, if the strategy calls for growth, then the metric for mid-level managers may be
to grow their business units a certain percentage.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 9
ADMINISTRATIVE MANAGEMENT PRINCIPLES
1.3 Principles of Business Administration
Employees should be measured on both how well they do their current jobs and how well
they contribute to the growth of the company as a whole. Some workers focus on their
current jobs and are content in those positions. Others use their current positions to gain
experience or insights that may help them move into other positions or expand the
responsibilities of their current positions. Measuring those two aspects separately allows for
fair evaluation of the employees and clarifies what they must do to excel at their current
positions, prepare for other positions, and contribute more to the company.
Metrics for assessing how well employees are doing their current jobs include the following:
x work quality
x performance on time
x performance within budget
x meeting of other requirements of the position
Metrics for assessing employees’ overall contribution to the company include the following:
x extra sales, extra hours, and work on several projects
x work on tasks outside the position requirements
x contribution toward improvements in the business process
x leadership
Thus, an HR department can support the organizational strategy by establishing and com-
municating appropriate policies and procedures and by ensuring that the best people are
hired, retained, and provided with growth opportunities.
1.3.2 KNOWLEDGE MANAGEMENT
After employees, corporate knowledge is the second most valuable resource, and supporting
knowledge management supports the organizational strategy. A central knowledge manage-
ment system collects, distributes, and publicizes corporate data in a searchable, accessible
format. It aids corporate departments by reducing redundant efforts and promoting
knowledge sharing. For an engineering firm, centralizing product design documentation
allows multiple engineers to collaborate on a single design and makes it unnecessary for
engineers to design the same component for other projects. Centralization of information
also helps preserve knowledge if an employee leaves his or her position or the company.
In addition, cross-unit knowledge sharing can enable one department to learn from the
processes, technologies, and ideas of another. For example, a company with two divisions—
computer memory chip manufacturing and hard drive manufacturing—might be able to apply
the efficiency techniques of the first division to improve efficiency in the second division.
10 Protection of Assets Ɣ Copyright © 2012 by ASIS International
ADMINISTRATIVE MANAGEMENT PRINCIPLES
1.4 Conclusion
Centralized knowledge systems can be used to collect data that measure the productivity and
performance of business units and individual employees. Such measurement enables an
organization to identify problems and spot opportunities to cut costs, increase efficiency, or
expand the business. Relevant metrics may include return on investment, inventory
turnover, and profit margins. If the organizational strategy emphasizes volume over
profitability, an important metric will be growth in revenue. In such a case, the knowledge
management system must be able to capture revenue streams and report them accurately.
Of course, a central knowledge management system may also create a security vulnerability.
Because the information could be accessed and exploited by competitors or other outsiders,
it is essential to keep the information system secure.
1.3.3 CORPORATE STRUCTURE
An organization should be structured in a way that supports its business strategy. For
example, if a company focuses on product innovation, it may choose to have numerous
technical teams that report development efforts to a small number of management
executives. This type of structure reduces the chance that innovative ideas will be stifled by
bureaucracy. By contrast, a construction company may opt to have several management
layers to manage multiple projects, ensure employee safety, and meet schedule require-
ments. For any organization, the right structure can aid in delegating responsibilities and
ensuring accountability.
The initial step is to identify the essential business units. An engineering firm would likely
consider its engineering group to be the essential business unit. Supporting units might
include sales and marketing staff. If the company’s strategy calls for growth, marketing and
sales may grow in importance.
1.4 CONCLUSION
Management practices serve a company best when they are designed in accordance with its
strategic plan. These practices are largely expressed through human resource management,
knowledge management, and business structure. When the overall corporate strategy is
ingrained in daily administration practices, the organization will have the best chance of
success.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 11
CHAPTER 2
FINANCIAL MANAGEMENT
As members of their employers’ management teams, security managers must understand more
than security—they must also know business and finance. Knowledge of financial management is
especially important, as it explains how a business makes some decisions.
As a metaphorical example, a commuter with an unreliable car might weigh many factors when
considering a solution: repair costs; the likelihood of breakdowns; and the purchase, maintenance, and
insurance costs of various replacement cars. The person takes the time to make a justified financial
decision. Businesses use similar but more elaborate processes to help them make sound business
decisions. They may need to decide whether to purchase new equipment or extend credit, or they may
need to estimate the growth potential of prospective investments. Like the commuter, they look at
financial outlays, the expected returns on those outlays, and the potential risks associated with the
investment.
Financial management practices provide the analysis and decision tools that allow businesses to
monitor the financial operations of an organization and make better financial decisions. The basis of
financial management is understanding the accounting principles used in generating financial
reports. Through those reports it is possible to analyze the current state of business finances and
project how financial decisions will affect the business. From the financial analysis it is possible to
develop budgets and set expected goals for revenue or return on investment (ROI). The result is a
financial strategy that is based on thorough analysis and that employs sufficient controls to ensure
success.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 13
FINANCIAL MANAGEMENT
2.1 Financial Strategy
Both publicly traded and privately owned companies must follow accounting and financial
reporting standards. Public companies must, by law, observe reporting standards (for investor
protection). Oversight responsibility should be separated from authority. This is the purpose of
having an independent auditor who analyzes the facts, draws conclusions and makes recom-
mendations on the company’s financial status. Private organizations must, in practice, observe
those standards when attempting to gain financing through a bank or when setting a value on a
business. Therefore, it is imperative that individuals charged with managing finances—including
security managers—understand the basics of financial management.
2.1 FINANCIAL STRATEGY
Strategy is management’s effort to focus resources on specific targets that lead to business
success through proper planning. A financial strategy is management’s financial approach to
determining the expected returns of its investments (including its departments and opera-
tions) and estimating and managing the relevant risks.
In establishing a financial strategy, the first step is to identify expected margins, or the profit
that businesses generally make. In the software industry, profit margins tend to be high,
perhaps because of the specialized nature of software and the low price of delivering it.
Manufacturing companies, by contrast, typically rely on smaller margins but higher volume.
Realistically a company has two options if it wishes to improve margins. It can reduce costs
or increase the price of its product or service. Reducing costs requires increasing efficiency,
perhaps by finding cheaper suppliers or by cutting overhead costs. Increasing price may or
may not be successful, as it may lead to a decline in sales volume.
Increasing revenue may involve expanding sales of a current product or identifying new
businesses to fund sales. The growth option usually involves additional costs, as it costs
money to produce more products or pursue new business ventures.
The question is how to fund growth. Growth can be funded from internal cash reserves or
through commercial financing and investors. Both approaches impose trade-offs. Using
internal cash reserves could limit the ability of an organization to pay bills if costs exceed
revenues. Use of external financing puts the company at risk if the investment does not
create the expected revenue. The way to make such financial decisions and project returns is
through analysis of financial statements.
14 Protection of Assets Ɣ Copyright © 2012 by ASIS International
FINANCIAL MANAGEMENT
2.2 Financial Statements
2.2 FINANCIAL STATEMENTS
Three financial reports or statements have become accepted as standard: the income state-
ment, balance sheet, and statement of cash flows. Through these statements it is possible to
paint a clear picture of a company’s current and prospective financial health.
Financial statements are created in accordance with generally accepted accounting principles
(GAAP). These principles vary somewhat from country to country. Many countries are
converging on the International Financial Reporting Standards (IFRS), established and
maintained by the International Accounting Standards Board. In the United States, they are
established by the American Institute of Certified Public Accountants, the Financial
Accounting Standards Board, and documented, standardized accounting practices. The pur-
pose of GAAP is to establish and maintain a standard for financial reporting that can be used
across all organizations.
The following sections outline the basics behind the three financial reports.
2.2.1 INCOME STATEMENT
The income statement tells how much money an organization generates (revenue), how
much it spends (expenses), and the difference between those figures (net income). It
provides that information by offering a quantified view of an organization’s operations over a
defined period.
Revenue is the money a company receives for products or services. If its products sell for
$1,000 each and the company sells 100 products during the reporting period, the revenue for
that period is $100,000 (100 units times $1,000 per unit).
Expenses, of course, are the costs of creating and delivering the products or services. If it
costs the company $900 to produce and deliver each product, and 100 units are made, then
expenses equal $90,000.
Net income equals revenue minus expenses. Thus, in this case the company’s net income is
$10,000 ($100,000 minus $90,000).
Protection of Assets Ɣ Copyright © 2012 by ASIS International 15
FINANCIAL MANAGEMENT
2.2 Financial Statements
YEAR 1 YEAR 2 YEAR 3 YEAR 4 YEAR 5
Product Sales 1,643,000 1,807,300 1,988,030 2,186,833 2,405,516
Service Sales 729,000 1,312,200 1,443,420 1,587,762 1,746,538
Revenue 2,372,000 3,119,500 3,431,450 3,774,595 4,152,055
Procurement (60,000) (63,000) (66,150) (69,458) (72,930)
Raw Materials (50,000) (52,500) (55,125) (57,881) (60,775)
Development/Production Costs (75,000) (82,500) (90,750) (99,825) (109,808)
Equipment Purchase (100,000) (100,000) (100,000) (100,000) (100,000)
Cost of Goods Sold (285,000) (298,000) (312,025) (327,164) (343,513)
Payroll (1,336,975) (2,013,326) (2,214,659) (2,436,124) (2,679,737)
Lease (220,000) (226,600) (233,398) (240,400) (247,612)
Utilities/Lease Expenses (44,000) (45,320) (46,680) (48,080) (49,522)
General and Administrative Costs (1,600,975) (2,285,246) (2,494,736) (2,724,604) (2,976,871)
Marketing (100,000) (110,000) (121,000) (133,100) (146,410)
Customer Training (50,000) (50,000) (50,000) (50,000) (50,000)
Sales and Marketing Costs (150,000) (160,000) (171,000) (183,100) (196,410)
EBITA 336,025 376,254 453,689 539,727 635,260
Interest Costs (100,000) (93,725) (86,823) (79,231) (70,880)
Income Before Taxes 236,025 282,529 366,865 460,496 564,380
Taxes at 15% of Income (35,404) (42,379) (55,030) (69,074) (84,657)
Net Income 200,621 240,149 311,836 391,421 479,723
Figure 2-1
Income Statement
16 Protection of Assets Ɣ Copyright © 2012 by ASIS International
FINANCIAL MANAGEMENT
2.2 Financial Statements
Expenses are typically grouped into several categories, such as the following:
x Cost of goods sold. This is the cost of creating a product or service, accounting for
materials, labor, and other costs.
x Sales and marketing. To promote themselves, companies may spend money on
advertising, sales efforts, and customer training to support additional product sales.
x Administrative. Also called operating costs, these are the necessary expenditures of
office space, payroll, utilities, and other general administrative functions.
x Interest. This is the cost of paying the interest portion of a loan.
x Taxes. Companies pay a variety of taxes.
The income statement in Figure 2-1 shows how net income is derived from revenue and
expenses in a yearly report. The term EBITA in the left column refers to earnings before
interest, taxes, and amortization. Numbers in parentheses are negative—that is, meant to be
subtracted.
The income statement shows approximately 10 percent annual growth in product sales. It
also shows a near-doubling of service sales from Year 1 to Year 2. That growth coincides with
an increase in payroll, suggesting that the company may have hired more employees to meet
customer demand for services.
The income statement outlines the organization’s profitability but does not provide a picture
of the organization’s overall financial health. The balance sheet aids in that assessment.
2.2.2 BALANCE SHEET
The balance sheet summarizes an organization’s investing and financing. The report’s
underlying equation is as follows:
assets = liabilities + shareholder equity
An asset is anything that a company owns or has title to that may provide a future economic
benefit. Examples include land, buildings, retail inventory, and intellectual property, such as
trademarks and copyrights.
Liabilities are an organization’s financial commitments. Examples include loans, bills, and
other obligations.
Shareholder equity is the amount of ownership allocated to shareholders. This value is not
an asset or liability but rather the ownership stake for which shareholders are responsible. If
the liabilities of an organization far outweigh the assets, then shareholders are accountable
Protection of Assets Ɣ Copyright © 2012 by ASIS International 17
FINANCIAL MANAGEMENT
2.2 Financial Statements
for the extended liability. In contrast, if an organization’s assets exceed its liabilities, then the
shareholders have positive equity (or ownership) in the company. Shareholder equity is
derived from retained earnings, net income, and dividend payout. Retained earnings equals
the amount of net income that is reinvested in an organization. If dividends are paid out or if
net income is actually a net loss, retained earnings decrease.
The balance sheet thus provides insight into the asset and liability mix and how it relates to
shareholder equity. Through understanding the asset and liability mix, it is possible to deter-
mine what a company owns and what it owes in the short term and long term.
Common terms used to describe assets on the balance sheet include the following:
x Cash. This is the amount of currency a company has in its accounts, including cash
savings, cash checking, and other currency deposits
x Inventory. This is the value of raw materials, works-in-progress, and finished goods
that are stored as inventory to be sold later.
x Accounts receivable. This is the amount due by customers for goods and services
already delivered.
x Property, plant, and equipment. This includes all relevant physical space (including
land and buildings) and equipment that an organization requires to produce goods or
services.
x Prepaid accounts. It is possible to pay ahead for insurance, leases, and even taxes.
These accounts are assets because they were paid before they were actually due.
x Accumulated depreciation. As buildings and equipment age, they begin to lose value.
The loss of value with each year is captured in accumulated depreciation to more
accurately reflect the book value of an asset.
Terms related to liabilities include the following:
x Accounts payable. These are accounts on which an organization owes money. Typical
accounts payable include utilities or services acquired under informal agreements.
x Interest payable. This includes interest payments on loans extended to an
organization.
x Leases. This is the amount owed on equipment and facility leases for that reporting
period.
x Current long-term debt. This includes the amount of principal that was paid for the
reporting period.
x Long-term debt. This is the amount that a company still owes on a loan or equity
financing.
18 Protection of Assets Ɣ Copyright © 2012 by ASIS International
FINANCIAL MANAGEMENT
2.2 Financial Statements
Both assets and liabilities can be grouped into current accounts. Current accounts are assets
and liabilities that can be converted quickly. For example, current assets, such as cash or
accounts receivable, are those that can be used to cover costs or other business expenses for
that reporting period. Current assets are considered cash equivalents on the balance sheet.
Current liabilities are those that are paid in the reporting period.
Cash YEAR 1 YEAR 2 YEAR 3 YEAR 4 YEAR 5
Inventories 1,137,876 1,309,005 1,544,919 1,852,826 2,240,684
Accounts Receivable
Current Assets — — — — —
Property, Plant, and Equipment — — — — —
Accumulated Depreciation 1,137,876 1,309,005 1,544,919 1,852,826 2,240,684
Property Assets 100,000 200,000 300,000 400,000 500,000
Total Assets (100,000) (200,000) (300,000) (400,000) (500,000)
— — — — —
1,137,876 1,309,005 1,544,919 1,852,826 2,240,684
Accounts Payable — — — — —
Current Leases — — — — —
69,020 75,922 83,514 91,866 101,052
Current Long-Term Debt 69,020 75,922 83,514 91,866 101,052
Current Liabilities 868,235 792,313 708,799 616,933 515,881
868,235 792,313 708,799 616,933 515,881
Long-Term Debt 937,255 868,235 792,313 708,799 616,933
Total Long-Term Liabilities — 200,621 440,770 752,606 1,144,027
Total Liabilities 200,621 240,149 311,836 391,421 479,723
200,621 440,770 752,606 1,144,027 1,623,750
Retained Earnings
Net Income (Loss)
Shareholder Equity
Total Liabilities and Shareholder 1,137,876 1,309,005 1,544,919 1,852,826 2,240,684
Equity
Figure 2-2
Balance Sheet
The balance sheet in Figure 2-2 shows assets, liabilities, and shareholder equity. Total assets
must equal total liabilities plus shareholder equity.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 19
FINANCIAL MANAGEMENT
2.2 Financial Statements
The balance sheet in Figure 2-2 shows that the company is generating cash from profits and
is repaying long-term debt. The balance sheet also provides insight into the company’s use of profit
to increase shareholder equity. In other words, the business is using profit to pay down debt.
Together, the balance sheet and income statement provide views of the company’s opera-
tions, financing, and investments, but they do not outline where cash is being allocated. That
insight comes from the cash flow statement.
2.2.3 CASH FLOW STATEMENT
The cash flow statement, also called the statement of cash flows, provides insight into how
cash inflows and outflows affect an organization. The statement demonstrates whether the
organization is generating enough cash to cover operations and acquire additional assets as
needed.
The cash flow statement shows the following:
x Net operating cash flow. This is the amount of cash generated (or consumed) through
company operations. Operations include production and sales of goods or services
during the defined period. Operating cash flow is based on net income generated for a
reporting period, as well as any changes in liabilities.
x Net investing cash flow. This is the amount of cash generated (or consumed) by
investing in other organizations or selling or acquiring buildings or property.
x Financing cash flow. If a company obtains a loan or other financing, the cash
generated is reported as financing cash flow.
By understanding these basic inflows and outflows, it is possible to identify where cash is
being generated to cover business operations. For example, Figure 2-3 shows where the long-
term debt on the balance sheet (Figure 2-2) comes from. In Year 1, the company secured a $1
million loan to support additional payroll to meet customer demand. The company did not
strictly require financing, as it was able to meet cash requirements for the year. However,
management may have felt that the financing would help the company through any cash
shortages in the first year of operation.
The cash flow statement also shows that the company has a simple financial structure—just
one loan outstanding and one source of income. It does not have any additional investing
cash flow and is free from other financing obligations.
20 Protection of Assets Ɣ Copyright © 2012 by ASIS International
FINANCIAL MANAGEMENT
2.3 Financial Analysis
Cash Beginning of Year YEAR 1 YEAR 2 YEAR 3 YEAR 4 YEAR 5
Net Income — 1,137,876 1,309,005 1,544,919 1,852,826
Change in Liabilities
137,876 171,129 235,915 307,907 387,858
Net Operating Cash Flow — — — — —
Investment Cash Flow
137,876 171,129 235,915 307,907 387,858
Net Investment Cash Flow — — — — —
Issuance/Repayment Loan — — — — —
Dividends — — — —
Other Financing 1,000,000 — — — —
— — — — —
Net Financing Cash Flow — — — — —
Cash End of Year 1,000,000 1,309,005 1,544,919 1,852,826 2,240,684
1,137,876
Figure 2-3
Cash Flow Sheet
2.3 FINANCIAL ANALYSIS
Financial decisions are based on past performance and projected future performance. For
example, a company may use its financial information to project the sales that would be
generated from a new product line and to estimate the cost of creating that product line. The
key is to determine whether the financial return is worth the expected risk. Return is the
amount of money an investment choice will give back to an investor. Risk is an estimate of the
probability that an investor will gain or lose money. A familiar illustration is the relationship
between credit scores and credit card rates. Lenders view consumers with low credit scores
(due to late payments or defaulted loans) as presenting a greater risk of nonpayment, so the
lenders justify the risk by charging higher rates of interest to increase their return.
Financial analysis involves understanding various profitability measurements and business
risks. The quantitative method of profitability analysis relies on ratios of numbers in financial
statements. The ratios are helpful for comparing performance against expected values in an
industry or against an organization’s historical performance.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 21
FINANCIAL MANAGEMENT
2.3 Financial Analysis
2.3.1 PROFITABILITY RATIOS
Profitability ratios aid in quantifying an organization’s ability to generate income beyond
covering expenses. The larger the margin of net income, the more profitable an organization
is. Analysis of profit margins, returns, and earnings is discussed below.
Profit Margins
Profit margins reflect a company’s profitability. The following are different measures of
margins:
x Gross profit margin. By measuring profit based strictly on sales and cost of goods
sold, this figure provides insight into the efficiency of manufacturing a product. The
higher the gross profit margin, the more efficient a company is at producing a
product. If the revenue does not cover the cost of the products, then the product
price may be too low or the manufacturing and materials costs too high. Gross profit
margin is calculated as follows:
Gross Profit Margin = (Revenue – Cost of Goods Sold – General and Administrative
Costs)/Revenue
x Operating margin. This equals earnings before interest, taxes, and amortization
(EBITA) divided by revenue. This margin demonstrates the company’s overall
operating efficiency in producing and selling a product. Operating margin is calculated
as follows:
Operating Margin = EBITA/Revenue
x Net profit margin. This measures net profit after all expenses are included. It summa-
rizes the net income as a percentage of sales. The higher the net profit margin, the
more profitable the company is in its business. Net profit margin is calculated as
follows:
Net Profit Margin = Net Income/Revenue
Figure 2-4 shows the margin values that can be calculated from the income statement in
Figure 2-1. These values show that the company has healthy margins, which dipped slightly
in Year 2 due to growth but then recovered in subsequent years. The growth did not
significantly improve gross margin or operating margin but did boost net margin
considerably. By providing more services and allowing product sales to grow slowly, the
company increased revenue without increasing total expenses.
22 Protection of Assets Ɣ Copyright © 2012 by ASIS International
FINANCIAL MANAGEMENT
2.3 Financial Analysis
Gross Margin YEAR 1 YEAR 2 YEAR 3 YEAR 4 YEAR 5
Operating Margin 20.5% 17.2% 18.2% 19.1% 20.0%
Net Margin 14.2% 21.1% 13.2% 14.3% 15.3%
8.5% 7.7% 9.1% 10.4% 11.6%
Figure 2-4
Margins
Returns
Two ratios demonstrate how well a firm has done in making money for a reporting period:
x Return on assets (ROA). This ratio demonstrates the organization’s ability to generate
income based on its assets, independent of any financing. It is calculated as follows:
ROA = Net Income/Total Assets
x Return on equity (ROE). This ratio indicates how well a company uses financed assets
to generate income. ROE is calculated as follows:
ROE = Net Income/Shareholder Equity
The practice of borrowing capital to purchase assets that can increase revenue is called
leveraging. For example, by taking out a loan a construction company can purchase more
equipment and hire more people to address a greater demand for the company’s services.
ROA measures how well a company makes profit on assets it already owns; ROE measures a
company’s effectiveness at using loans to generate a profit.
Figure 2-5 shows returns calculated from the income statement in Figure 2-1 and the balance
sheet in Figure 2-2.
Return on Assets YEAR 1 YEAR 2 YEAR 3 YEAR 4 YEAR 5
Return on Equity 17.6% 18.3% 20.2% 21.1% 21.4%
100.0% 54.5% 41.4% 34.2% 29.5%
Figure 2-5
Returns
Protection of Assets Ɣ Copyright © 2012 by ASIS International 23
FINANCIAL MANAGEMENT
2.3 Financial Analysis
The ROA figures suggest that the company is not focused on using its assets to improve
revenues. In fact, its growth relative to assets remains relatively stagnant.
The ROE numbers reflect the fact that the company had little equity in its business during
Year 1 and Year 2 but much more in subsequent years. The company has been able to
generate a return despite being highly leveraged and exposed to much financial risk.
Earnings
Two earnings-related ratios are commonly examined in financial analysis:
x Earnings per share (EPS). This is a useful metric for a company that has shares that
are publicly or privately owned. EPS represents how much income (or loss) is
generated per share of the organization. It is calculated as follows:
EPS = Net Income/Total Shares
x Price to earnings (P/E). This ratio relates a company’s share price to its EPS. The P/E
ratio is useful in determining whether an organization is fairly valued. It can also be
used to value private shares if an investor is thinking of purchasing an interest in a
private organization. The general benchmark for publicly traded P/E values is around
17. The P/E ratio is derived from the following equation:
P/E = Price per Share/EPS
The various profitability ratios are useful in evaluating whether an organization is meeting
profit targets. A company’s profitability ratios should be compared to those in other companies
or across an industry and also to the company’s past ratios and projected future ratios.
24 Protection of Assets Ɣ Copyright © 2012 by ASIS International
FINANCIAL MANAGEMENT
2.3 Financial Analysis
2.3.2 RISK RATIOS
Profitability ratios provide a view of how well a company makes money. However, the ability
to make money must also be compared to the risk an organization faces in its operations.
Financial risk analysis deals with current or projected numbers that are derived directly from
an organization’s financial decisions. This analysis focuses on whether a company will have
the ability to cover expenses and operating costs in the near term as well as the long term.
Several risk ratios are useful in this type of analysis:
x Current ratio. This examines the company’s ability to cover short-term obligations. It
is derived from the following equation:
Current Ratio = Current Assets/Current Liabilities
If the current ratio is greater than one, the company has the ability to cover all its
current liabilities with its current assets. In other words, it can meet its short-term
obligations—assuming that the current assets can quickly be converted to cash
equivalents. Some current assets, such as inventory, may be difficult to convert to cash.
x Quick ratio. This measures an organization’s ability to cover current liabilities with
current assets that can quickly be converted to cash. Such assets include cash,
securities, and accounts receivable. The quick ratio (also known as the acid test) is
calculated as follows:
Quick Ratio = (Cash + Securities + Accounts Receivable)/Current Liabilities
This ratio provides a more accurate picture of an organization’s ability to cover bills
for the current reporting period.
x Debt to equity ratio. This provides a long-term perspective in understanding a com-
pany’s financial health. It does so by analyzing how a company funds its growth and
operations. The debt to equity ratio is based on the following equation:
Debt to Equity Ratio = Total Liabilities/Shareholder Equity
Debt to equity ratios above one demonstrate that a company is highly leveraged and
is financing itself with outside loans and funding. While that approach may result in
faster growth, it may also reduce profit because of interest expenses.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 25
FINANCIAL MANAGEMENT
2.4 Limitations of Financial Statement Analysis
Figure 2-6 shows sample risk ratios based on the balance sheet in Figure 2-2.
Current Ratio YEAR 1 YEAR 2 YEAR 3 YEAR 4 YEAR 5
Debt of Equity Ratio 16.5 17.2 18.5 20.2 22.2
4.7 2.0 1.1 0.6 0.4
Figure 2-6
Risk Ratios
To generate growth in service sales, the fictional company took on a heavy debt load in the
initial years but paid it back quickly to minimize risk should market conditions turn unfavor-
able.
2.4 LIMITATIONS OF FINANCIAL STATEMENT ANALYSIS
Financial statement analysis has its limitations. The primary limitation is that it does not
directly consider changes in market conditions. The macroeconomic environment (e.g.,
robust growth or recession) greatly affects the way financial statements should be
interpreted. Continued declines in margin may be a result of poor economic conditions
rather than poor company operations. Therefore, it is important to incorporate external data,
including the performance of the company’s sector and other macroeconomic influences.
Another limitation is that all organizations operate differently and target different markets,
even if their industry segments overlap. For instance, if one company is involved in manufac-
turing and services and a competitor simply manufactures products, then the analysis of
each company will yield different results.
The final limitation is that financial ratios are derived from numbers presented in financial
reports, and those reports must be accurate for the ratios to have any meaning. Through the
process of auditing, independent accounting firms attempt to determine whether the
financial statements produced by a company’s internal accountants are complete and
accurate. However, independent auditing firms do not always succeed in that mission.
In the United States, financial frauds involving Enron and WorldCom led to the Sarbanes-
Oxley Act (SOX), officially known as the Public Company Accounting Reform and Investor
Protection Act of 2002. SOX established a new regulatory entity, the Public Company
Accounting Oversight Board, which is meant to monitor the independent auditing of
publicly traded companies. In addition, SOX requires executive officers and chief financial
officers to personally certify financial reports that are released to the public.
26 Protection of Assets Ɣ Copyright © 2012 by ASIS International
FINANCIAL MANAGEMENT
2.5 Budgets
2.5 BUDGETS
One of the main purposes for understanding financial accounting and financial analysis is to
be able to establish budgets. A budget is a process for planning where money is to be
allocated for the year. It is a financial tool that estimates costs and revenue and provides a
variance warning mechanism and fiscal uniformity for the company.
Zero-based budgeting, for example, is a process wherein funds are placed in a budget only to
the extent that planned expenditures are justified in detail. It also may force a manager to
consider alternative ways of getting the job done. The budget generally includes both
expenses and expected revenue. Thus, to meet budget requirements, businesses often need
to generate a certain amount of revenue as well as limit spending to predetermined amount.
The budget development process is often viewed as either a top-down or bottom-up process.
A variation on these approaches is to make the process an iterative one, either during its
initial developmental stages or through periodic re-forecasts of the original budget. In each
case, executive management’s choice of strategy will have a far-reaching impact. Some
organizations choose to implement their budget in a top-down approach to impose
performance goals on lower management. An example of this would be executive
management allocating a specific amount of money to the security department without input
from the security department. In a bottom-up approach, frontline managers, who are involved
in the day-to-day operations of their departments or divisions, are their organizations’ best
resource for realistic budget information and would set their own budget. Neither is ideal. A
more practical strategy is a combination of both where the lowest level of input will occur at
the divisional or department level so that executive management can determine a realistic
budget that is in line with the overall financial objectives of the company.
Budgets are usually drawn up on a yearly or other periodic basis. It is essential to maintain
consistency in the budget process so periods can be compared to understand budget effects.
For example, a warehouse for an online retailer must estimate its yearly facilities costs
(including utilities, labor, and leasing costs) so the proper amount of sales revenue can be set
aside to cover those costs.
Budget setting tends to be difficult and politically charged because the amount of capital that
can be spread across all departments is limited. However, budgets are effective tools for
allocating funds to business units based on the expected revenues they will generate. Using
the warehouse example, if the utilities are not paid, then the online retailer will not be able to
use the storage facility. Thus, it is essential to pay business expenses that allow a company to
generate revenue. Also, the line items (specific entries) in budgets can be tracked to ensure
that spending is within its predetermined limits. However, it can be costly to follow budgets
too strictly. Sometimes, spending beyond the budget may be necessary to take advantage of
opportunities that arise.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 27
FINANCIAL MANAGEMENT
2.5 Budgets
An effective way to set the value of line items is to look at each budget expense as an
investment and then calculate the expected return on that investment. In other words, one
looks at the benefit of the investment divided by the cost—in simpler terms, cost/benefit.
However, not all returns can easily be measured monetarily. For instance, a line item such as
free lunch for employees may not generate a direct monetary return but may instead
increase employee effectiveness or reduce turnover. To determine whether the lunch
investment creates a greater benefit than other possible investments, such as free gym
memberships for employees, it is useful to calculate the return on investment.
2.5.1 RETURN ON INVESTMENT
Calculating the return on investment (ROI) is an effective way to compare the desirability of
different ways of spending. It also assists in obtaining future budget monies. ROI can be
calculated in two ways:
ROI = [Investment Value at End of Period/Investment Value Beginning of Period] – 1
or
ROI = [(Initial Investment plus Interest Earned (or Lost))/Initial Investment] – 1
ROI is easy to calculate for investments with guaranteed or nearly guaranteed returns, such
as bank deposits. By contrast, ROI is more difficult to calculate for an item like research and
development (R&D), which has a less predictable return. However, a company may be able
to determine its average, historical return on R&D and use that estimate in its ROI calculations.
For example, if company figures show that a $1,500,000 investment in R&D typically returns
$630,000 in revenue within five years, the ROI calculation would be as follows:
ROI = [($1,500,000+$630,000)/$1,500,000] – 1 = 42%
The company may also consider paying down its debt instead of investing in R&D. An ROI
calculation is useful for comparing the two options. Paying additional funds toward debt
reduction is like an investment, and the interest avoided through early debt reduction is like
revenue. If a $2,000,000 investment in debt reduction would save the company $772,000 in
interest payments over five years, the ROI calculation would be as follows:
ROI = [($2,000,000 + $772,000)/$2,000,000] – 1 = 39%
From an ROI perspective, R&D looks like the better choice. However, the ROI analysis does
not consider all factors. For example, it does not take into account the risk that the R&D may
be unproductive. However, despite its limitations, ROI analysis can be useful in determining
which line items of a budget are more important than others.
28 Protection of Assets Ɣ Copyright © 2012 by ASIS International
FINANCIAL MANAGEMENT
2.5 Budgets
When it comes to security, measuring return on investment is difficult even though the
department may be adding to the company’s profits by preventing losses such as theft and
damage to company assets. However, the return on the implementation of an effective
security countermeasure can be measured by applying an efficiency versus cost, or cost
versus benefit, ratio to show the long-range cost savings to the company. Also, in some cases
the insurance premiums are lower when risk decreases.
2.5.2 CREATING A BUDGET
A company’s budget takes both big-picture and detailed views. At the executive level, budget
items are clustered in general categories that relate to the income statement. At department
and unit levels, budget items are listed in greater detail. For instance, executive management
may determine that for every million dollars in revenue, production costs are estimated to be
$600,000 (60 percent of revenue). That is a big-picture view. By contrast, specific depart-
ments, such as a production facility, may divide expenses into many categories, such as the
costs of materials, production machines, and labor. One of the reasons lower-level managers
are more likely to accept bottom-up budgeting is because they had a stake in developing it.
Budget line items must be detailed enough that all expected expenses are accounted for but
not so detailed that every screw and nail must be counted.
The budget should be organized to resemble the income statement. That approach generates
the equivalent of a pro forma income statement, which projects future costs and revenue for
a defined period. (By contrast, a normal income statement presents past data.) To project
future revenue, a company may turn to its marketing and sales staff. They may be able to
calculate expected sales revenue based on market data, customer input, and the company’s
product or service offerings. It is unrealistic to expect sales projections to be very accurate.
However, having a general idea of expected revenue enables the company’s various subdivi-
sions to budget appropriately so they can support the expected sales.
For example, if a company manufactures products, its manufacturing operations will need to
estimate the costs of materials, labor, and other components required to create the needed
products. The human resources department must estimate the cost of the benefits it will
need to supply to the company’s personnel. The customer support department can
determine how much money it needs to assist buyers of the product. The requirements for
each unit are based on the company’s expected sales.
Next it is necessary to decide which expenditures to fund and to what degree. That determin-
ation depends largely on the company’s financial strategy. If the company is looking to cut
costs, it must analyze the budget to see where costs can be limited without affecting sales. On
the other hand, if the company is trying to grow quickly, it may need to spend more freely.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 29
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Search