People often talk about embedding the practice of security into the business processes of an enterprise. Francis D’Addario, the CSO of Starbucks Corp. in Seattle, Wash., has taken that notion one step further. D’Addario’s Partner and Asset Protection group literally steeps in the Starbucks culture and philosophy.
“There’s been a school of thought, from time to time in different organizations, that the security mission is something that is competitive with operations,” D’Addario says. “In this company, it’s pretty well interwoven in the culture.
D’Addario is a believer in data as a driver of security management. “I’d say today that the logical consequence of relevant information [provides] almost a dashboard of key performance metrics. I mean this in terms of the capability to assess risk by analyzing, say, robberies per thousand units to determine the financial return on prevention investments,” he says. In such an exercise, D’Addario would look at both “the incident impact risk, which would be commercial armed robbery,” and at the overall effect of acquiring preventive systems on the profitability of stores.
In the area of loss prevention, the security group behaves less like investigators and inquisitors than like polite observers of a sudden unexpected performance variance in a particular store, at such and such a register, during such and such a shift. “We have an exception-based reporting system that allows us to analyze the activity of all partners (employees) from the same [store] and to broadly look at their activity against performance rules,” says D’Addario. Those rules “allow us to see how particular individual performances stack up in a district or a region, [and] to know not only whether the exceptional behaviour is peculiar to the store – our interest gets perked if it is also peculiar to the district and the region.”
When a variance is noted, a letter is sent to the individual partner, with a copy to the store manager, “stipulating what the activity was that we saw and asking for a discreet explanation.” Such a letter, says D’Addario, “instructs the partner on policy. In context, it becomes a warning mechanism.” Starbucks observes a three-strikes policy that, after repeated unexplained variances, can culminate in a partner’s termination. Typically, the letters make the problem go away.
If someone is stealing in a store, he says, “that affects the amount of labour that is scheduled; it affects the speed of service and the cleanliness of that store; it affects the ability of that partner to spend several moments with you to ask how your vacation was or be able to entice you to try a new offering. When organizations don’t have accountability and a commitment to quality throughout, then they begin to miss the opportunities of really having added value in the customer experience.”