This month’s column will discuss the advantages and disadvantages of reporting to the Chief Administrative Officer (CAO), one of the reporting structures that appears to be gaining significant ground across industry sectors.
Reporting to the CAO provides a wide range of benefits to security executives. The CAO is typically looped in on a significant number of issues affecting the enterprise in a similar fashion as the CFO, GC and COO. Increasingly, the CAO’s role oversees many of the core functions of an organization including such diverse functions as HR, IT, Legal, Facilities & Real Estate, Corporate Aviation, Security, Public Affairs, Corporate Communications, and just about any other function that makes sense to combine under one key executive.
Security executives can play a key role by participating in staff meetings with the leaders of this varied collection of corporate functions. The security organization has an opportunity to be an early participant in key decisions that affect the enterprise through their reporting relationship to the CAO. The CAO is also heavily involved in acquisitions, mergers, divestitures, new facilities, plant closings, layoffs, etc.
Reporting to the CAO can provide the security executive with an elevated stature in the company, as it will be on par with other key functional leaders under a key executive that typically garners a significant amount of influence within the enterprise.
With a broad range of functions that are about as diverse as they get, the security function may play second fiddle in relative importance to the CAO. To ensure that security remains on par or is considered a leader among its peers, a seasoned security executive will seize opportunities to highlight creative and cost-effective measures they are deploying to assist the enterprise in identifying, quantifying and effectively communicating emerging risks; and assisting elements of the enterprise that are at risk in identifying cost-effective and timely risk mitigation solutions. When the enterprise is faced with risk-laced business decisions, it is critical that the security function is proactive in assisting the enterprise in finding balanced risk mitigation solutions. It is vital that the security function avoids becoming labeled the “Department of NO.”
I have received a lot of feedback on this series from CSOs who report to just about every possible function and title that you can think of within an enterprise. Many of the CSOs reported that they were extremely happy with their reporting relationship and receive great support; others stated that they feel unappreciated, and inevitably in a few instances a CSO advised that either they and/or their functions were basically held in contempt by their boss.
The bottom line is wherever the security function reports, it is incumbent on the security executive to constantly be reading the tea leaves and deploying every possible skillset related to influencing how they and their function are perceived by their boss as well as the rest of the enterprise. Providing the enterprise with solid business risk intelligence, balanced risk mitigation solutions, and measureable results that are valued by executives across the enterprise, will ultimately position the security executive and security function for success.
This month’s column concludes this series on CSO reporting relationships. I want to thank all of the CSOs who have taken time out of their busy schedules to provide me with feedback on their reporting relationships and how well those relationships are working.