In Pursuit of Assumptions
They’re everywhere! Creeping up when we meet new people, read a news article, or leave the house without an umbrella.
Assumptions are so prevalent in every corner and niche of asset protection that our industry seems like a huge chunk of Swiss cheese to a trained eye. No wonder we see and hear words and phrases like “tick-box”, “superficial”, “generic”, “cookie cutter”, and “preaching to the choir” in our discussions, presentations, and publications.
The fix is trivial. It is two-fold:
- Build a habit of positive skepticism about all professional content and considerations. Be particularly skeptical when you hear words like “all”, “absolutely”, “completely”, “expert”, “state-of-the-art”, or “comprehensive”.
- As you move closer to making decisions about protection of assets, ask only one question: “What have I assumed about effectiveness of this solution as well as resources and processes for its implementation and sustainability?”.
What certainly requires an effort is the process of habit building. For help with this you can refer to the work of James Clear as well as Heath brothers in their book “Switch”.
A good asset protection professional is a master of hunting for and eradicating assumptions in control solutions while helping everyone they advise build positive habits.
So let’s go over a few very simple examples of assumptions in asset protection.
Statement: Our organization has robust asset protection policies, procedures, standards, and guidelines.
What may be assumed: Requirements are well thought out, actionable, frequently communicated, and are tied to meaningful key performance indicators. In reality, having such documentation may not translate into quality of directions and consistency of compliance.
Statement: Our company hasn’t had any incidents.
What may be assumed: “Incident” is well defined, documentation and processes are in place, employees are trained, and metrics are working. The opposite is far more likely.
Statement: We have recently implemented a new video surveillance system.
What may be assumed: Design of the system is justifiable and closely aligned with defined assets, risk mitigation needs, and available resources. Furthermore, the system is logically interfaced with other systems such as access control and alarm management for unified and user-friendly signal aggregation, processing, and incident response. Only a handful of organizations can actually demonstrate this.
Statement: We have semi-annual crisis management exercises.
What may be assumed: Such exercises are designed to include testing of performance under duress, orchestration of actions, performance measurement relative to desired outcomes, and timed implementation of improvement measures. The reality is very different.
Every asset protection professional is responsible for relentlessly pursuing and eradicating assumptions in every existing or contemplated control solution. Anything less is is a disservice to those whom we serve.
Many thanks for your attention.
Soar above mediocrity!
