Many businesses and public law enforcement agencies tend to throw money and limited resources at highly visible or perceived risk areas rather than determining, through survey and incident analysis, the risks that are the high- est and where the resulting negative financial impact is greatest. The first step in designing a cost-effective loss control program for any retail operation is to conduct a complete security survey. A security survey is generally defined as an on-site examination of a business to determine risks, probabil- ity of each risk, vulnerability to those risks, security measures and policies currently in effect, and the status of those measures and policies. This information is collected through visual inspection, employee interviews, responses to employee questionnaires, and review of company documents and computer data.
To ensure accurate data collection, the individuals who conduct the sur- vey must be experienced in determining risks and adequacy of security mea- sures. The survey used should focus on risks to the organization in three areas—physical security, personnel security, and information security. In defending the company's physical, personnel, and information assets against the risks identified in the previous chapters of this book, retailers should use a two-fold protection strategy. This strategy includes Defense in Depth (layers of physical and psychological barriers that deter, delay, or stop perpetrators in their efforts) and Accumulated Delay Time, which is achieved by delaying perpetrators with layered defenses so that the probability of their becoming discouraged or being apprehended increases with time.
Any good survey will take these two factors into account and will help measure the probable effectiveness of current and recommended defense efforts in accomplishing the goals of defense in depth and delay. These defen- sive efforts must not hinder positive customer service efforts, but must fit well within the company's overall goal of increased profits.
Before starting the survey, it is important to step back and look at the retail operation as a whole. Normally, the process begins with the merchan- dise buyer agreeing to purchase a quantity of merchandise from a vendor. A purchase order is generated and the merchandise is delivered. At this point, 77
78 identifying and Prioritizing Risks
the merchandise is processed, priced, and displayed or sent to individual stores. Once in the stores, items are stored or displayed for sale. As the items are sold, clerks accept cash, checks, or credit cards for payment. The sales receipts are then deposited in a bank. At every point of this oversimplified process, corporate assets are vulnerable to theft and waste. Therefore, the survey should include every aspect of this process.
HISTORICAL DATA
A major aspect of any security survey is the collection of historical data from local retailers and law enforcement agencies on past incidents. The type of incidents taking place in the business or in similar businesses, as well as fre- quency and location information should be collected. When historical data are considered with other data types, keep two facts in mind.
1. Studies indicate only 31-102% of shoplifting incidents are detected. If thieves and their activities aren't detected, they can't be apprehended and the incidents can't be documented.
2. Of those individuals actually apprehended, it is estimated only 35%3 are referred to law enforcement agencies.
This information indicates that other local retailers, who keep detailed records, should have a more accurate picture of the major retail threat risks (e.g., employee theft, vendor fraud, and shoplifting) than federal, state, or local police agencies. Law enforcement agencies should, however, have rela- tively accurate data on robbery and burglary incidents in a given area, since these crimes are more frequently reported. Although retailers consider each other as competitors, this is generally not the case when it comes to the area of security. If informal contact is made with another retailer in the area, a dis- cussion of security problems and a sharing of information is usually the result.
Document all loss incidents and store them for later study. The best pre- dictor of the future is often the past and this axiom holds true for the retail business. Retailers forecast anticipated sales and merchandise needs based on past experience and so too should the security practitioner forecast secu- rity needs.
The system used to collect and analyze theft data does not have to be expensive or overly sophisticated—just consistent and usable. Incident reports should have information blocks, to be checked where appropriate, that indicate certain minimal information. Examples of required information include
• date of the incident
• time of the incident
Security Surveys 79
• location of the incident
• type of incident
• method of operation (i.e., how the offense was committed)
• distinctive case number
• a short descriptive narrative
The surveyor needs to enter historical incident data. Any prevailing crime or incident patterns need to be identified, such as which loss threats impact the operation, who is likely to cause the threat, how these threats are likely to occur, and when these threats are likely to occur.
The way to understand the data collected is to express them as incident rate by opportunity. This form of data expression compares the number of incidents of a particular type to the number of potential targets of that partic- ular incident over a specified period of time. For example, if there were 3000 reported shoplifting incidents in the company in the last year and there are 100 stores, the incident rate by opportunity for shoplifting was 30. If, for the same company, there were 24 armed robberies during the same period, the incident rate by opportunity factor would be .24. In this example, the prob- ability of a shoplifting incident occurring is much greater than the probability of an armed robbery.
Other information that can be gleaned from historical data includes the dollar amount of loss per incident, the location of theft incidents, common theft methods used, the identity of the offenders, and how the incidents were detected.
ASSETS TO BE PROTECTED
After probable risks are identified and historical data on incidents involving these risks are collected, the next step of the survey involves identifying the assets to be protected. Obvious examples include
• corporate offices/buying offices
• sensitive information
• employees
• computers
• office equipment
• integrity of merchandise buyers, purchasing agents, real estate site locaters
• company reputation
• physical facility security
• merchandise buying operations
• distribution centers, receiving/vendor delivery, merchandise movement and pricing, invoice processing, inventory control process, shipping to stores, physical facility security, safety of employees
80 Identifying and Prioritizing Risks
• store safety of employees and customers, merchandise, cash on hand, physical facility security
The surveyor should list assets to be protected and the approximate aver- age retail dollar value of these assets, if possible. Company reputation and loss of life are examples where the assignment of a numerical value is diffi- cult or inappropriate.
Flow Charting
Make a chart to illustrate the flow of cash, documents, and merchandise through the business (see Figure 8-1). This effort helps the loss control team to step back and view the total organization. This view of the company as a system, not a static entity, should be the mind-set of those involved in short- age control. This type of chart will also prove useful in the initial and periodic analysis of survey data.
Review of Current Company Policies and Practices
An examination of the company's current protection program is the final part of the security survey. Every retailer should have some sort of security or pre- vention program. We can break the protection program down into the follow- ing three general categories:
1. People—All personnel involved, in some way, with the loss control effort (which should be all employees) are included in this category. Examples include selection, orientation, training, duties, and responsibilities of company employees in regard to safeguarding corporate assets.
2. Programs—This category includes all policies and procedures designed to control losses, such as policies and procedures that restrict access, require transaction verification by a supervisor, or require that all employees be trained to detect and prevent potential loss situations. Poli- cies generally indicate what senior management wants specified person- nel to do. Procedures are the directions needed to enact and enforce policies.
3. Systems—This category includes physical and psychological deterrents to theft and error. Alarms, lighting, locks, doors, EAS, CCTV, computer or manually-generated trend reports, and subliminal messaging machines are all examples of security systems.
Company Policy and Document Review
Obtain and review copies of company goals, policy statements, delegations of authority, responsibilities, directives, and job descriptions to understand where the company is, where it wants to go, and how it plans to get there.
Distributor f
Buyer Purchase
~~^ Order
i
—J Purchasing '
Department |
1
Delivery Service
f Vendor
' '
uisiriDuuon uenier or uirect btore Delivery (UbU)
| Vendor
| 1 Merch.
\
Receiving I
Accounts ' *
Receivable |
1 f
Packing Slip/
1 Bill of Lading
1
Inventory Control (Key Punch)
f Accounts Receivable
? Accounts
Payable f Payment
? Inventory
Control Mdse.
Movement
A
f Invoice Process
A
1 D.C.
1 Inventory
^
f Transportation
4
— · ■
~| Store Billing
[
Company Merch.
Store Invoice
A -
— w
M Store
i 1
1 \
Bank i
Store
1
Sales
f J Book 1 Inventory
Vendor
1
FIGURE 8-1 Merchandise processing cycle for distribution centers.
Security Surveys 81
82 identifying and Prioritizing Risks
Compare this information to the data collected in subsequent interviews and observations.
Interview
Interview individuals involved in loss prevention, and groups of store and distribution facility employees to gain an understanding of what is actually taking place in the work environment. Find out how well control policies and procedures are understood and adhered to. Many times, a retailer will have well-planned and documented security policies, but the policies are not rou- tinely followed. Company employees are usually aware of loss problems and may have even worked out solutions to perceived problems. It is important to gain company employees' cooperation by putting them at ease. Employees must know that they can speak candidly, without negative repercussions.
Observation of Operations
Make a preliminary tour of the targeted facility noting areas for later closer study. Revisit the facility, observe and carefully note employee activity, and photograph protection equipment and vulnerable areas for later study.
Appendix 4 provides an abbreviated survey and Appendix 5 contains a sample completed store audit report to be used when collecting data for a loss control program. The data contained in these tools will be used during the analysis phase to determine key asset vulnerability.
SUMMARY
A thorough, open-minded security survey is the first critical step in determin- ing the type of loss control program for a given organization. Every retail operation should have an experienced consultant or in-house security per- sonnel conduct the initial survey. The operation then should be fully sur- veyed on an annual basis, although high-risk or problem areas should be sur- veyed more frequently.
The retail risk survey, when properly conducted, will identify probable loss areas within the organization. Additionally, it should reveal the actual effectiveness of current prevention activities. By personal observation of rou- tine activities, review of company documents and interview of company employees, the security specialist can determine the majority of the problem areas. The detail of the conducted survey is dependent on the objectives of the loss control director.
NOTES
1. U.S. Department of Commerce, "1981 Revised Monthly Sales and Inventories:
January 1971-December 1980," Current Business Reports, BR-13-805 (January 1981).
Security Surveys 83 2. E. Blankenburg, "The Selectivity of Legal Sanctions: An Empirical Investigation
of Shoplifting," Law and Society Review 11 (1976).
3. R. Griffin, Shoplifting—A Twelve Year Review, 1966-1977 (Van Nuys, CA: Com- mercial Services Systems, 1978).
This page intentionally left blank