The Fallacy of “Security”: anything but…

I’ve had two recent experiences involving organisation processes in the name of “security” that were deeply insecure and added no value – and no security – at all.

The first was in my local supermarket. I wanted cash-back in a debit card transaction. The cashier printed off the receipt, asked me to sign it to authorise the transaction – which I did – and then handed the signed receipt back to me to dispose of anyway I liked.

This process added nothing. In other supermarkets, I have been asked to sign the stores’ copy of the receipt – in which case they then have evidence that I authorised the transaction and had accepted the cash. This presumably formed part of those organisations’ audit trail – though I never believed that any supermarket retained a paper copy of the transactions, relying instead on their electronic systems. (I’ll happily be disabused of this.)

But for my local supermarket to get me to sign the receipt and then hand it back to me makes no sense whatsoever. It is, frankly, bonkers. I can only assume that the cashier was incorrectly completing the process, or the store management had instigated a process without understanding why or what outcome they wanted. Instead, they just held up the queue a little.

[Edit: Joanne Jacobs has pointed out that by the shop making me sign my receipt, they may be protecting themselves against my returning with the receipt and claiming I didn't receive the money. This is true - although by getting me to sign the receipt before I've received the money, it is still open to abuse by the check-out person...]

The other experience involved my bank. I called them to arrange payment of my tax bill. The operator asked for my phone number, which I gave them. And today I had a phone message from my bank saying that the payment hadn’t been made because they wanted to check that it wasn’t fraudulent. Aside from the unlikely scenario that a fraudster would be paying a tax bill – I mean, really! – my bank phoned the number that someone they thought might be a fraudster had given them to check that person wasn’t a fraudster. Their security check involved information that I imagine anyone determined to pretend to be me would be able to find out. (Though it is a good idea to keep a lot of that kind of stuff hidden on Facebook!)

I completely accept the need for security, but having “security” processes that do anything but provide security is dangerous: if my bank actually believes that what they do is providing them and their customers security from fraud, then they really do have big problems.

Culture, Transparency and Profitability

It is a difficult time for business: busted banks and a financial system that feels like it is creaking at the edges, waiting for yet another EU summit to push it over the edge; a relentless recession that feels like a never-ending Narnian winter. Media and public scepticism about business seems at an all-time high…

Last week, Dan Currell of Corporate Executive Board spoke at the RSA on Doing Better Business – business integrity, transparency and profitability. (There were four other speakers on the podium, but, frankly, they added little.)

Currell was discussing recent research by CEB across over 500,000 employees in 130 organisations, which identified seven factors (out of 200 investigated) which mitigate against wrong-doing by employees or the organisation, and are indicators of an ethical organisation culture. These factors are

• comfort speaking up
• trust in colleagues
• direct manager leadership
• ”tone” at the top
• clarity of expectations
• openness of communications
• organisational justice

I don’t think any of these are surprising: if one were to describe a positive, healthy organisation culture, these features would probably feature high on the list. (Indeed, the research by CEB supports a service they provide, which includes a “cultural audit”.) Of all seven factors, the first – “comfort speaking up” – apparently trumped all the others. Again, not necessarily surprising – the seven factors may be pretty well linked – if you are comfortable speaking up, the others are likely to be in place, too. An ethical culture may be embodied by comfort at speaking up (which would make it pretty easy for an organisation to assess).

The interesting thing was the relationship between “integrity”, measured on these factors, and ten-year shareholder return – a highly significant (p < 0.01) correlation of 0.58. Those organisations that score highly for integrity also make more money shareholders over the medium term.

Of course, as Currell acknowledged, correlation is not causation: it could be that integrity causes organisations to be more profitable, or both are caused by another factor – or, as someone in the audience pointed out, maybe only highly profitable organisations can afford an open, trusting culture. Currell’s money was on the second – that good management fosters both an open culture and a profitable organisation. With a healthy, ethical organisation culture, these features are likely to form positive feedback – management will recruit those who fit and promote the culture; employees are more likely to listen and act on customer feedback; and managers will manage their staff in ways that reinforce the culture.