20 minute read
BENCHMARKING
Adopting an Intervention Assessment Framework in LP
by Adrian Beck, Walter Palmer, and Colin Peacock
Beck is a professor in the criminality department of the University of Leicester in the UK where he is primarily focused on research on retail crime and shrinkage issues. He can be reached at bna@le.ac.uk.
Palmer is CEO/president of PCG Solutions, a loss prevention consulting, training, and education firm. He can be reached at wpalmer@pcgsolutions.com.
Peacock is a visiting fellow at the University of Leicester and strategic coordinator for both the ECR Europe Shrinkage and On-shelf Availability Group and the Retail Industry Leaders Association Asset Protection Leaders Council in the US. He can be reached at colinpeacock@hotmail.co.uk.
All are frequent contributors to both LP Magazine US and European editions.
The recent benchmark report, Emerging Technology in Loss Prevention Retailing, reviewed the current use of nine technologies and the primary problems they are being used to address. While offering some useful insights on how the US loss prevention industry currently views these technologies, the development of the benchmark questions also raised issues about how different types of technologies and other interventions are selected for trial and use, the criteria chosen to measure their impact, and ultimately, how they are evaluated to understand their impact and return on investment.
A visit to any of the annual loss prevention conferences will reveal an exhibition hall packed with vendors and technology suppliers offering a plethora of interventions designed to provide solutions to the myriad of retail loss problems faced by those attending the event. Most exhibitors naturally claim their interventions work and will prove to be excellent investments, with a number providing some form of evidence that it has already been proven successful. For the loss prevention executive, the challenge can be daunting, not least in terms of finding verifiable independent information on whether the claims being made stand up to any form of scrutiny and that the interventions will be applicable to their particular environments.
Developing a Clear Sense of Purpose
Risk Amplification: Making Offenders Think Twice, a recent study by Adrian Beck undertaken for the ECR Community Shrinkage and On-shelf Availability Group in Europe, reviewed the available published literature from the past forty years on a wide range of interventions intended to control theft in retail stores (for example, EAS, CCTV, signage and stickers, store design and layout, shelf-edge technologies, and the role of store and security staff). It found there were very few reliable studies in the public domain to help loss prevention practitioners draw clear conclusions about what interventions worked and under what circumstances. Most studies were either very dated and/or used methodologies that seriously undermined the efficacy of the findings being presented. The study did recognize, however, that it was only based on what was publicly available, primarily published in academic journals and books, and that numerous unpublished company-specific cases may well exist that contradict the conclusions drawn in the report.
The findings of the study do raise key questions about how loss prevention executives should go about selecting new interventions to be introduced into their businesses—what methodology should be adopted to ensure they are actually addressing the needs of the business and that performance measures have been clearly articulated. This may seem obvious, but when it comes to significant investments such as CCTV, is it always clearly articulated exactly what it is supposed to achieve,
Taken together, the intervention assessment framework can be used to create a more systematic and considered approach to the selection, review, and use of new interventions aimed at helping to manage retail losses. It offers a way to inject greater rigor into the approach, to enable practitioners to think through the specific context within which an intervention will operate and whether its application is suitable for a given environment.
how it will deliver its intended purpose, and how its impact will be measured?
Too often the language can be very loose and vague—“CCTV is being introduced to reduce crime and make staff feel safer.” What sorts of crime will it reduce and how will it do this—will the cameras leap from the ceiling and apprehend shoplifters? How will it make staff feel safer—will the display monitors intervene when a shopper becomes violent? How will its impact be measured—a reduction in crime? Measured how—through changes in rates of shrinkage or numbers of shoplifters reported to the police? Vague plans and unclear key performance indicators (KPIs) can seriously undermine not only confidence in the technology itself but also the judgement and integrity of those making the case for investment.
Developing a clear sense of the purpose of the intervention, the necessary context within which it will operate, the way in which it will work (its mechanisms), and the measurable outcomes that will flow from its use are key questions to consider before deciding on any potential investment. This is particularly the case when it comes to emerging and future technologies where the developers may be both new to the world of loss prevention and still formulating the potential impact their interventions may deliver. For example, there is much current discussion and hype around developments such as drones, robotics, and feature-recognition technologies, and how they may be used within the realm of loss prevention. While a philosophy of “let’s see what happens when we use it” can be appealing in some circumstances, the challenging questions of what they will actually do and how they will make a measurable
Intervention Assessment Framework (IAF)
When considering a given intervention, it is important to consider the following four factors: 1. Purpose. What is the overall goal of the intervention? What is it supposed to do for the business? 2. Context. What needs to be in place in order for the intervention to deliver its impact mechanisms? 3. Impact Mechanisms. In what ways will the intervention actually work in order to meet its stated purpose? 4. Intervention Outcomes. How will the impact of the intervention be realized?
It is perhaps worthwhile considering an example of how this would work for one of the interventions identified by the benchmark research on emerging technologies—smart shelves.
In the example on page 36, the purpose of the intervention is to provide greater awareness of when products are removed from a shelf or display. Typically, this type of intervention is used for high-value items or those considered to be at risk of sweep thefts (high-volume stealing). The specific context of the operation of the intervention is potentially threefold. First, sales staff and/or security staff are alerted (via some form of communication device such as a smartphone or pager) when a product is removed or an unusual quantity of products are removed from a shelf or display (indicating a potential sweep theft), offering them the opportunity to approach the customer to offer help with their product selection
Intervention Purpose Context Impact Mechanisms Intervention Outcomes
Smart Shelves
The ability to detect the removal of product from specific shelves or displays based on defined criteria. Members of sales staff or security guards alerted in real time when items are removed from shelf/display.
Video recording triggered of the person removing items from a shelf/display.
Members of sales staff or security guards alerted in real time when an unusual number of items are removed from shelf/display. Video recording triggered of the person removing an unusual number of items from a shelf/display.
Alert triggered when there are no items remaining on the shelf/display. Staff able to approach potential thieves and increase perceived sense of risk of apprehension. Help to provide evidentiary data on identification of shop thieves. Staff are made aware of when the shelf/display is empty to better avoid out of stocks. Losses reduced because offenders less likely to steal protected items due to presence of staff member.
Losses reduced because more offenders are prosecuted and banned from entering stores and so deterred.
Losses from other unprotected products increase as offending is displaced by the intervention.
Lost profits from out of stocks reduced as fewer items are leaving the store without being recorded, improving stock file accuracy. Lost profits from out of stocks reduced as staff are made aware more quickly of empty shelves/displays.
and payment. For the genuine customer, this can be perceived as attentive service, while for the prospective thief, this level of attention would normally lead to them being deterred from carrying out their intended criminality. Secondly, the smart shelf could trigger video recording of the person(s) removing the items. Thirdly, the smart-shelf activation could send an alert when the last product has been removed from the shelf or display, highlighting an out-of-stock situation.
In terms of the impact mechanisms these contexts trigger, staff responding to the alerts and making themselves present and visible will increase the probability that would-be thieves are more likely to be deterred. (Research has shown that thieves themselves regard attentive staff to be highly effective.) By recording the instance when the products are removed from the shelf, the retailer is increasing the chances of identifying persistent or known thieves and increasing the likelihood of having more evidence to prosecute them in the future. Finally, by alerting staff when the shelf or display is empty, the intervention is increasing the likelihood that out-of-stock situations and the subsequent loss of sales is minimized.
The final component of the framework requires that the intervention outcomes are identified. In this example, five have been suggested—four positive and one negative. In terms of positive measures, retail losses (probably measured through SKU-specific shrinkage numbers) should be reduced as more would-be thieves are deterred. They should also be reduced because more thieves are prosecuted and banned from entering the store through the greater availability of CCTV evidence. Lost profits from out of stocks should also be reduced by having greater inventory accuracy because fewer items are leaving the store without being recorded and by ensuring fewer out-of-stock events go unnoticed by store staff. However, there could also be a negative impact of the intervention—would-be thieves could be displaced to other products in the store that are not protected by the intervention.
Generating Greater Rigor in the Use of Interventions
Taken together, the intervention assessment framework can be used to create a more systematic and considered approach to the selection, review, and use of new interventions aimed at helping to manage retail losses. It offers a way to inject greater rigor into the approach, to enable practitioners to think through the specific context within which an intervention will operate and whether its application is suitable for a given environment. For instance, in the example above, if staffing levels preclude employees from responding in a timely fashion to alerts, then the associated mechanisms and outcomes will not be achievable. Equally, if the current CCTV system cannot be used to generate evidentiary quality output, this will also undermine the capability of the intervention to deliver the desired outcomes.
Finally, the framework offers a way to provide clearer synergy between the intended outcomes (in the case of many loss prevention interventions, lower levels of losses) and the way in which they will be achieved. Too often in the past, technological interventions in particular have been introduced without any clear sense of how they are actually supposed to work in a given retail context. And with the advent of yet more emerging and future technologies, it is now even more important to think through not only what they are intended to achieve but also how they will go about doing it.
Recommended Reading
For more information about some of these factors, check out Realistic Evaluation by Ray Pawson and Nicholas Tilley (1997, Sage Publishing).
The authors had the privilege of working for a relatively small “blue ocean” beverage company called Starbucks Coffee in the nineties. A key strategic question often posed by then CEO and Chairman of the Board Howard Schultz was, “How do you get big but stay small?” Starbucks then was the darling of retail having compounded consecutive incremental annual sales and revenue growth that proved generational. In 2017 the company reported that original investors have seen 18,000 percent in shareholder returns from the first public offering of twenty-five years ago.
Schultz often demurred that he was “no big brain” when others credited him solely for Starbucks’ successes. Instead, he typically credited passionate cross-functional team play. Insiders often observed that the operating partnership of Howard Schultz (visionary), Howard Behar (operations), and Orin Smith (finance) was the magic elixir of Starbucks’ success. “H2O” became the shorthand reference for that high-performance leadership team aligned by values, vision, and mission.
Those of us inside Starbucks who grew up in loss prevention were challenged to provide our brand additional all-hazards risk resilience. We evolved to better understand the changing cross-functional, enterprise-wide requirements for risk resilience as well as operational excellence. It was not by accident that Starbucks partners (the internal term for employees) and contracted solution providers transformed a small loss prevention department into a global asset protection organization. It was a stakeholder imperative.
The protection portfolio expanded from retail loss prevention to include food manufacturing, information, employee, special events, and supply-chain protection programs to meet 20 percent per year growth. By 2007 the AP organization was forecasting net contribution (gross profit contribution over global expense) in the range of $26 million per year.
The AP services grew organically leveraging subject-matter risk experts and retail operational talent. Like many others in the retail security world of that time, we were schooled by the catastrophes that included the 9/11 terrorist attacks and subsequent anthrax attacks, the Boxing Day Tsunami that killed hundreds of thousands along the Indian Ocean, Hurricane Katrina and the aftermath along the Gulf of Mexico, the Nisqually earthquake in the Northwest US region, and several workplace homicides that took the lives of Starbucks partners. Add to these a couple of multimillion-dollar internal breaches that were sufficiently mitigated to preclude material loss.
All these critical events were gut-wrenching. All were relatively predictable. Insiders committed some directly under the nose of the AP organization. All prompted incremental protection-in-depth improvements. Most were leveraged for service growth, culturally aligned with value priorities beginning with people protection and ending with profit assurance.
The post-event learnings spurred innovation, protection investment, stakeholder engagement, and measured-risk outcome improvements, paving the way for the persuasive net-contribution story. There were a few small failures along the way, including introduction of network-capable security systems in a dial-up environment. That required a next-generation innovation improvement for ongoing return on investment. Despite momentary setbacks, the AP organization learned from the shortfalls to stay on a path for continuous improvement.
The approach today has matured. As faculty members of the Security Executive Council (SEC), the authors are now well-instructed by other all-hazard risk-mitigation programs plus fifteen years of SEC research, including strategic operational proven practices in twenty-six vertical business sectors. Contributing to the research results are SEC board members, C-suite executives,
and distributed subject-matter experts who collaboratively evaluate and revise the all-hazards risk-mitigation and resilience value propositions.
Why Risk Resilience and Why Now?
Several trends are converging to influence future protection opportunities. Businesses are continuing to grow and becoming increasingly competitive even in relatively hostile markets where they are soft targets. According to a recent BusinessWire report titled Overview & Evolution of the Global Retail Industry, “The global retail sector is estimated to have achieved revenues of US$22.6 trillion in 2015 and should continue to rise to US$28 trillion by 2019.”
Associate, customer, and partner care is key to brand reputation growth and stickiness. Pollsters learned early on that engagement and loyalty scores relevantly depend on whether the stakeholder believes that management cares for them. As brands in all business sectors are reexamining their business-risk appetites against evolving compliance requirements, costs, market conditions, and mitigation capabilities, customer-care perception remains the prize.
Stakeholders, goods, information, services, and supply chains require in-depth protection strategies from corporate headquarters to the farthest reach of the brand. People and assets, both physical and logical, require care and protection whether at rest or travelling through trusted networks. Persistent integrity assurance will likely become a service-level agreement objective of the future for many.
In the interim most business operators will continue to seek cost optimization if not operational excellence. Protection-in-depth may be a crawl, walk, run process within a more mature operational excellence framework. Reactive risk mitigation will give way to proactively designed risk-intelligence capabilities. Loss prevention and asset protection professionals can anticipate persistent questions regarding protection-service offerings and their related operational value propositions. The good news is that there are several fast-forming paths for continuous improvement to all-hazard risk resilience that will incrementally contribute to brand equity.
What does good look like from an operational all-hazards planning perspective? The SEC has
found some common denominator considerations. These may serve as a starting point for protection-in-depth consolidation, expansion, governance, or organization of future rebranding (see Global All-Hazard Risk Continuum Considerations chart on page 39).
Brand Growth and Supply-Chain Extensions Face Increasing Global Physical, Logical, and Natural Risks
The World Economic Forum and others have made the persuasive business case that man-made and natural risks are linked and impose substantial risk to global business. The pace of global change promises both fast-forming opportunities and risks for retail. Preparedness for all-hazard conditions will be required to win hearts and minds.
Based on current SEC research, researchers observe that most major brands will legitimately need and want more from loss prevention executives and their risk-mitigation peers in the future to meet the enterprise’s strategic objectives. All signs point to continued uncertainty and the need to be more prepared. LP’s ability to anticipate, report, respond, and mitigate with improved speed of service and better outcomes is timely for the business value case that likely will play competitively in a higher-risk global environment.
View the World Economic Risk Forum video at weforum.org/agenda/2017/01/ these-are-the-most-likely-global-risks-2017.
Loss prevention and asset protection professionals can anticipate persistent questions regarding protection-service offerings and their related operational value propositions. The good news is that there are several fast-forming paths for continuous improvement to all-hazard risk resilience that will incrementally contribute to brand equity.
Sam Ward (left), director of intelligence for TorchStone, picks up the finer points of an intelligence-led GSOC from Jeremy Rodrigues, senior manager of the Global Security Operations Center at The Boeing Company. Risk Perceptions Continue to Drive Enterprise-Wide, Board-Level Risk Compliance Confidence and Organizations of the Future That Can Meet or Exceed All-Hazard Unified Risk Oversight Expectations
Board members and C-suite officers find the Unified Risk Oversight illustration depicted on page 41 particularly helpful for conceiving a leadership framework for risk resilience. Brand protection-in-depth depends on cross-functional risk mitigation to contain the diverse hazards represented by the red attackers. Environmental, physical, and logical hazards are pervasive. Executive risk-communication recipients are represented in the green overarching superstructure. Unified communications processes at mid-level aggregate individual contributor and departmental data drawn from the cross-functional departments represented by the blue pillars. Aggregated acumen, tools, and strategic solution partners are leveraged for situational risk intelligence that informs critical-incident decision-making and governance.
Next-Generation Solutions and Talent Will Require Innovation Change Management Rigor and Governance
Regional and global risk and security operations centers (GROCs and GSOCs, respectively) now supervise enterprise-wide operational core process dependencies, including access control, alarms, cameras, cold chain, critical facility systems, communications, first-responder dispatch, and risk intelligence from network hygiene to anomalous hazard conditions for critical facilities, people, and supply chains. Integration is often arduous and sometimes haphazard, but proven practice documentation is underway, including Global Security Operations Centers as a contracted service.
Privacy and security/safety interests will wax and wane with public safety and institutional security confidence. Nevertheless, risk-mitigation monitoring capabilities ought to
Unified Risk Oversight Model
Lack of awarenessTechnology failuresNatural disasters High risk assignments and travel Product contamination Business disruption Accounting & reporting corruption Failure of third party vetting Unauthorized access to systems Violence to staff/customers Lack of local government collaborationFraud & conflict of interest Asset lossBrand damage
Regulatory non-compliance Product loss Supply chain disruption Information loss
Cybercrime Labor disruptions, protests, or activism Environmental hazards
Social engineering Competitive espionage
UNIFIED RISK OVERSIGHT Copyright 2011 Security Executive Council Unified Risk Oversight Model
Government Affairs Audit Business Conduct & Ethics Corporate Security Compliance Crisis Management Environ. Health & Safety Governance ORGANIZATIONAL DEPTS/FUNCTIONS UNIFIED RISK COMMUNICATION PROCESS RISK COMMUNICATION RECIPIENTS Board of Directors Role established to oversee efforts Human Resources Information Security Legal Privacy All key stakeholders involved Quality Risk Management Shareholder Relations Responsibilities clearly defined Social Responsibility Sustainability
Audit Committee CEOExecutive ManagementBusiness Units Customers
reasonably advance, qualified by guardrail compliance including institutional acceptable-use and conduct governance, statutory laws, regulations, and international treaties.
The industry will anticipate, pilot, test, improve, and proof innovations at a greater pace, including artificial intelligence and analytical capability extensions related to autonomous vehicles, drones, robotics, and smarter peripherals, such as image and audio authenticators to assist situational risk-intelligence officers for 24/7/365 hazard detection globally. Informed by corroborated social media and other intelligence inputs, physical and logical breaches will be detected in near real time.
Collaborative integration of old knowledge and new knowledge—including analytics, intelligence, network, and systems administrators—will supplement better educated, equipped, paid, and trained first responders, critical-incident managers, and forensic investigators who can mitigate diverse risk situations for cost and loss avoidance or prosecutorial accountability.
Diverse multigenerational talent will be required. Due to the well-publicized, ever-present risks and threats of today and tomorrow, this continuous monitoring and response to all-hazards risks to brands is what employees, customers, and all stakeholders will come to expect.
FRANCIS D’ADDARIO, CPP, CFE, is emeritus faculty, strategic influence and innovation for the Security Executive Council. An expert in all-hazards security risk and mitigation, he held executive loss prevention roles for Starbucks Coffee, Hardees, and Jerrico Inc. He can be reached at fdaddario@secleader.com.
DEAN CORREIA, CPP, PI, is emeritus faculty for the Security Executive Council. He has had a career in operations and loss prevention in Canada spanning more than twenty years, holding senior leadership roles with global brands GAP, Starbucks Coffee, and Walmart. He can be reached at dcorreia@secleader.com.
SEAN DETTLOFF, CPP, CFE, PI, is emeritus faculty for the Security Executive Council. He held senior leadership roles in retail operations, loss prevention, supply chain, and global corporate security with Amazon.com and Starbucks Coffee. He can be reached at sdettloff@secleader.com.
The Security Executive Council (SEC) is a leading research and advisory firm focused on corporate security risk-mitigation solutions. The SEC began to recognize unprecedented changes and opportunities in all-hazards operational risk management in 2010, when they took an initial look at a 2020 all-hazard risk-resilience strategy (see “Security 2020—Identifying the Store of the Future,” January–February 2011).
Amidst unprecedented global business risk and rapidly changing retail and corporate climates, identifying professional leadership opportunities for evolving to meet new loss prevention and security demands is the subject of this article as well as ongoing SEC research. To assist in this research, the SEC wants readers of LP Magazine at all levels of the organization to participate in a benchmarking study to develop a next-generation leadership baseline to facilitate industry dialogue.
The authors encourage loss prevention and asset protection professionals, other risk managers, and contracted solutions providers to complete the SEC’s survey “LP in Transformation—What Is the Next Generation of You?” Results will be shared in a future article in this magazine.
To access the survey, visit securityexecutivecouncil.com/ lpsec2017.
THE VOICE OF LOSS PREVENTION January – February 2011 | LPportal.com | V10.1
MAGAZINE
SECURITY 2020
Identifying the
Store of the Future
INTERVIEW WITH JOE FRYAR OF FOOD CITY LAW ENFORCEMENT AND RETAIL PARTNERSHIPS 2011 LOSS PREVENTION RESOURCE GUIDE LPM 0111-1.indd 1 1/28/11 12:58 PM
