Who’s The Boss? Where Security Reports is Truly All Over the Map
Reporting to the Board of Directors: Part 1 of a new series on security ownership and reporting
Where within the enterprise the corporate security department reports is often more form over function. It may be personality driven, power driven or simply a corporate culture thing. Many companies have a hard time deciding where corporate security should report. In some companies, the function is treated like the unwanted stepchild or even shunned by senior executives who wouldn’t touch it with a 10-foot pole. In other companies, it is a sought-after function that is revered as a vital element that contributes significantly to the overall goals, objectives and strategies of the enterprise. Not to be forgotten are the middle-of-the-roaders that believe it doesn’t matter where the function reports as long as the job gets done. When you look across the Fortune 500, there clearly isn’t one model that has been adopted by the majority of companies... and in 20 percent of the Fortune 500, corporate security departments do not even exist.
Over the next few columns we will explore the pros and cons of reporting to different senior executives. Let’s first explore reporting at the highest levels, and we will work our way down the chain.
Reporting to: The Chairman of the Board of Directors
There can be many positive things about reporting to the Chairman of the Board. The first question that comes to mind is whether the Chairman is an outside Director or an inside Director. There is an important distinction between the two. If the Chairman is an inside Director, the function would operate in a similar manner as it would if it were reporting to just about any other senior executive… but with the unique distinction of having regular access to the pinnacle of power within the company. Cooperation from other functions would generally be much easier to gain as no one would want it getting back to the Chairman that they didn’t play nice in the sandbox. Being completely independent of any other function within the enterprise creates the greatest opportunity to ensure that undue influence is not applied, and transparency would be easier to attain. In the event a major issue arose that drew the interests of prosecutors or regulators, this type of reporting structure could result in a greater level of trust by the authorities due to its perceived independence. Employees would generally also place greater trust in the absence of executive insiders having influence over the corporate security department functions.
If the Chairman is an outside Director, things could then become much more complicated. Generally, any communications with outside members of the Board of Directors are heavily scrutinized by the CEO, CFO and GC before it gets into the hands of this type of Director. While it would be implied that executives and their functions were required to be cooperative, there could be a potential that executives may be leery of providing information themselves or from their functions that could be construed as either negative, damaging or suggests that they did not have effective control over their functional areas of responsibility.
In next month’s column, we will explore the pros and cons of reporting to the CEO.