Listening to loss prevention leaders discuss their relationships with information technology (IT) departments and offer advice for strengthening them can seem a bit like eavesdropping on marriage counseling. There is admission of a “love-hate” dynamic, occasional hand-wringing over who gets final say, and counsel to “listen, don’t just talk” and to “see things from their perspective.” There is a critical difference, however. No matter how uphill the battle, divorce is never an option.
Loss prevention needs IT. More functions of retail security than ever depend on support from technology departments. LP needs IT permission to put technology solutions on the network and increasingly relies on IT for access to the data and the optimization of IP technologies to effectively perform their function. “I simply can’t do my job without them,” explained Virginia French, an investigator at Brinker International, whose brands include Chili’s Grill & Bar. French says she needs her IT partners to provide timely access to a variety of data sets, so she can keep pace with the latest employee fraud or theft scheme. “My job is absolutely crippled if I can’t get the data,” she said.
High Stakes
As more loss prevention technologies migrate to the network and LP increasingly plays in IT’s sandbox of data, IT departments have become indispensable to loss prevention and asset protection (AP) functions. We rely on them for both the implementation and success of asset protection systems and to fully realize the value that our departments can provide our companies.
Macy’s, for example, has been aggressively pursuing big data projects for years, and tapping into it has been a focus of its AP and LP departments, according to Thomas Smith, systems and technology manager in Macy’s asset protection division. “Within the data systems they maintain is all the return information, all the transaction info, and all the marketing information. So we’re looking at all this data and thinking about how we can use that in AP and with our own analytics to make us more efficient and identify issues we haven’t seen before,” said Smith. It’s already had a payoff. Macy’s recently closed several major refund fraud cases, organized retail crime cases, and major insider thefts by digging deeper into its data—with a key assist from IT.
As with access to data, network technology drives reliance on IT. “Our relationship with IT really started in earnest with the move to IP cameras and adding them to more than 500 locations,” explained Joe Darnell, manager of loss prevention administration for Retail Business Services at Delhaize America and its Food Lion and Hannaford brand stores. “For years, we only needed IT to network our DVRs, and that’s not that hard. But when you’re putting every single camera on the network, with every device named, and making sure ports are available and standardizing the system, the relationship with IT became that much more important.”
Clearly, the stakes of effective collaboration with technology departments are extremely high. So how’s it going?
Extremely well, if you ask loss prevention executives. In a national security survey on the question, LP pros rated their level of cohesion with technology departments significantly better than security counterparts in other industries. Case in point: fewer than 4 percent of loss prevention executives rated their alignment with IT as particularly weak, a score of 1 or 2 on a 5-point scale (see table).
But that’s not to say there aren’t challenges and potential pitfalls. Talking with IT isn’t always easy. Cultural and operational differences may exist and act as barriers to effective collaboration. Priorities and project timelines are often at odds. Setbacks occur and can be triggered by even small events like the departure of key personnel. “It’s happened that I’ll work with one person for a long time and educate them to the point where they finally understand the urgency we have and how employees are thinking and stealing, so they are intuitive on their end about the data I need as an investigator,” said French. “And then they leave. And I’ll have to teach LP to IT all over again to someone new.”
Even IT has limits to its bandwidth, according to Tom Meehan, CFI, director of technology and investigations in the asset protection department at Bloomingdale’s. “In an omni-channel retail environment, IT departments today have their hands in everything—it’s a true resource challenge. When they say they don’t have time, they really don’t. They are truly dealing with everything a retailer does.”
LP Magazine spoke with a dozen leaders in the LP industry, and they seemed to unanimously agree that understanding and avoiding the potential causes of disconnect between IT and LP is as critical as any management challenge facing LP pros today. So what’s the secret to a happy marriage?
The Right Approach
For loss prevention to successfully team with technology departments on, say, a new IP camera roll out, it’s vital to approach them respectfully. Demonstrate an appreciation for their resource challenges and their concerns regarding network security—and certainly don’t arrive at the table spoiling for a fight.
“I think LP and IT can be unnecessarily adversarial at times because they’re expecting the relationship to be contentious,” said Bloomingdale’s Meehan. But for LP and IT to be good working partners, LP has to come looking for a true partner, he suggested. “Imagine you’re going to do an interrogation and someone from IT comes in and says, ‘This is how we’re going to do it.’ That approach just doesn’t work.”
Christian Romero, data privacy and protection associate at the Technocracy Group, says LP managers may need to recalibrate their perception of IT for partnerships to flourish. He warned against holding onto an us-versus-them mindset and the perception of IT as “the guys that are always saying no” and act as roadblocks to your LP projects. “Oftentimes with LP, we will ask, ask, ask—and LP is not giving. It has to be two-way, give and take, to demonstrate, ‘I understand where you’re coming from,’ and to be open and receptive to new ideas,” advised Romero.
The proper strategic approach to IT collaboration could also require checking your ego at the door, suggested several LP leaders. Your LP project may be important to you, but it is almost certainly not the most important thing that your IT department is working on. “In any retail organizations today, where the focal point is technology, there could be 100 projects already in the works that are more important to the business. And when you come to the table you have to appreciate that,” said Meehan.
Necessary Skills
Romero, who worked in loss prevention at Neiman Marcus for ten years before making the jump to IT security as its director of security intelligence, thinks LP needs to boost its technology acumen in general. “In my experience, the biggest obstacle to effective collaboration is the lack of technical knowledge on the LP side,” he said. LP executives compound the problem when they try to fake it, he added. “Where LP people get in trouble is when they try to use technical jargon without really understanding the technology. You can lose credibility pretty quickly,” he warned. Meehan offered similar caution. “You have to be up front about what you don’t know,” he said. “There is no sense in trying to pretend you know something that you don’t.”
In terms of addressing the knowledge and skill gap, one fix will need to come at the industry level, Romero suggested, with LP certification programs becoming more IT-centric in their content. Internally, if a loss prevention team lacks the necessary depth of technical knowledge, you may need to cede some control. “You have to acknowledge limitations and instead focus on better articulating what you need to accomplish in LP and identifying your non-negotiables,” said Romero, “And then LP pros have to rely on IT guys and trust that they can do the job.”
Personal skill development is also critical according to Smith, who has worked in asset protection for twenty years but has only one year under his belt in his role as systems and technology manager at Macy’s. “I’ve always been a bit of a systems guy, but now I’m learning how much more there is to know.” Smith said he’s aggressively educating himself about technology tools and data resources that will allow him to be both a better partner and to better exploit IT resources to assist loss prevention.
Skills building have also been a focus for Joe Darnell. “I’m not an IT expert, but I’ve worked to learn enough of the language and develop enough expertise to know what information IT is going to need, so I can I bridge the gap between the LP team and IT.”
Several experts identified the importance of this bridge—and of having personnel who both have the skill to act as a liaison between IT and LP and are strategically positioned within the retail organization to permit them to serve effectively in that role. When Mike Wiley came on board with Walmart, where he serves as director of asset protection point-of-sale programs, a dedicated resource within IT was already in place to help manage asset protection projects, something he mentioned is a must-have. “Having a dedicated IT resource assigned to AP is a step that I would encourage any asset protection leader to take—and it shouldn’t be a shared resource with another department,” said Wiley. “IT departments at large retailers are huge, and you need that dedicated liaison within IT, that person you can call and discuss projects with and not have it be a different person every time.”
Scott Glenn, JD, LPC, chief security officer at Sears Holdings, suggested that AP-IT collaboration is facilitated—or not—by how skill sets are organized within a retailer’s organizational structure. “We actually have a mini IT team that works within the AP department. We also have a larger team offshore working for us but with an indirect reporting to the IT department.” Those connections help ensure that AP at Sears Holdings has a voice when projects arise, such as the recent conversion of some data systems to Amazon’s web service. “Without the partnership and collaboration of our personnel in common, we’d be at the mercy of the IT team,” said Glenn. “Instead, we’re in a position to partner on ways to enhance and improve usage of new systems.”
Recruiting with IT collaboration in mind is another way to build an LP team that can work with—and extract value from—the IT department. “I look for folks with a skill set that shows they can speak that language. It’s really about understanding how intricate and complex the technology work is,” said Wiley. Acumen is also critical at the field level to keep pace with uses of technology. In today’s tech-heavy LP environment, you need some understanding “of how the clock works and not simply what the time is,” said Wiley.
A Platform for Execution
It’s difficult to identify universal best practices for developing and implementing LP projects in concert with IT, according to experts. Every retailer is set up slightly differently to accept new work, invest in new technology, and manage projects—and the best way forward is necessarily resource- and system-dependent. For example, whether the LP team sources and selects an LP technology solution or the IT team takes the lead will reflect the resources of the two departments, the size of the project and company, and whether additional departments are involved.
At Sears Holdings, for example, which is in the process of implementing updated network switches on DVRs—enhancing resilience in the event of a power failure with dynamic IP addresses—it was up to AP to develop and present IT with conceptual but realistic options. But it was IT that was tasked with the details of assessing if the project was technically feasible, how to implement it, and how to maximize the project’s cost effectiveness. An IP camera project at Food Lion stores was somewhat similar, according to Joe Darnell. IT set the standards; LP researched choices, narrowed the field, and gave IT its preference; and IT made the final choice. Although one size can’t fit all, it’s still instructive to consider the strategies that LP executives say they have found effective in bringing LP projects to fruition.
Get comfortable working within the IT project framework. Romero believes it’s critically important for LP to understand the intricacies of how its technology department works and to bend to that structure. For example, he noted that IT projects tend to be planned further out than projects in LP, which may get a capital expenditure for the current year and want to see an immediate roll out. “But IT may have projects planned out for the next year or sixteen months,” said Romero. “Being a good LP partner is about being proactive and saying to IT that ‘this is on the horizon; put a brick in for me,’ and to adjust from there.” Similarly, Romero advised adjusting your project strategies to align with IT’s project management process, such as whether they use a waterfall management approach, which is a sequential design process in which progress is seen as flowing downwards through the many phases from conception, through design, to testing, implementation, and maintenance. Your success working on projects with IT will depend significantly on the extent to which you are comfortable seeing projects the way IT views them, he suggested.
“Be strategic in your asks,” said Macy’s Thomas Smith. It’s important to recognize when the time is ripe to bring a project to IT, which requires “understanding their requirements and limitations and timelines, and where your project will likely rank on their project list,” he continued. Walmart’s Mike Wiley said that effective LP leaders understand their retailer’s project priorities and act accordingly to get their project on the docket—a point echoed by Bloomingdale’s Tom Meehan. “You have to understand where your project fits in with others the business is conducting and to know what issues they are dealing with,” he said. “So when you sit at the table, you can anticipate what their challenges and concerns will be.”
Prepare to address IT’s concerns and answer their questions. It’s fairly basic high-performance teamwork stuff, said Meehan, but LP executives need to assess potential LP projects through the prism of IT’s needs and concerns. To start, “Ask them, ‘What are the things you need? What’s off-limits? What technologies are you just not comfortable with?’” Then, more specifically, ask questions of your project—“Are you asking at the right time? Do you understand the network load of what you’re asking for? Is it a potential security risk? Are you sure?”
Don’t let loss prevention vendors drive the security debate. Meehan warned against brushing aside the concerns of IT over the security of LP projects and suggested trying to demonstrate that you recognize the legitimate risk of bringing in a new vendor. “Every vendor comes in and says, ‘We’re in this store and this store,’ but all those stores have been breached, and some of the victims of the bigger breaches have never fully regained credibility,” said Meehan. “That’s why my team takes the lead in doing risk assessment, and we don’t let vendors drive the discussion in this area. And then also go to IT to see what else you need to do to assuage their concerns,” he suggested.
Stay completely engaged as projects move ahead. Wiley warned against stepping aside as projects move into the build phase as things can easily be sidetracked and reshuffled. You may need weekly or even more frequent interaction to drive them through to conclusion. “It’s important to anticipate that other high-impact projects may arise and move ahead of yours, but having a contingency plan in place up front when that impact happens is key. Will your resources be reassigned? And now where is your project in the deployment status?” When that happens, however, it’s imperative to “stay engaged and to ensure operations, IT, and AP executive leaders are aware of and support that reprioritization, but if they don’t, you’re giving them the time needed to lean in and help reprioritize, if necessary.” A different high-impact project may move to the front of the line, “but that doesn’t mean your project needs to fall to ‘sometime next year,’” said Wiley.
Frequent Communication
The skill with which LP communicates with counterparts in IT directly impacts the effectiveness of collaboration and shouldn’t be taken for granted, experts warned. “If that dialog is not there, then you won’t be successful,” said Romero. “Even with something that is relied on heavily, like email, meanings can be lost in translation; issues can be misinterpreted.”
LP may also have to accommodate, and avoid misinterpreting, different personalities. IT professionals often differ in mannerisms from their colleagues in LP, something to consider when trying to make headway with them. “Some folks in IT are more introverted. They’re often not the guys who tend to jump up and down and scream in objection,” explained Meehan. “Often, they may be more mild in their dissent, but that’s just the way they make their objection. LP can’t confuse what they’re saying with how they’re saying it. You have to appreciate that personality piece,” he said.
It helps to be transparent and direct, according to Sears’ Scott Glenn. He believes that doing so has helped his department get past any residual mistrust technology leaders may have held about asset protection’s use of its network. “In terms of vision and strategies, we’ve found it critical that there be no secrets about what we’re trying to accomplish and to help them understand how we utilize the data we need for investigations. This way, they have the assurance that we’re not going to use the systems improperly,” he said.
Several experts cited the importance of forging personal alliances with counterparts in IT, and it may help to cast a wide net, according to Macy’s Thomas Smith. “For me, being new in my role, partnering has meant doing a lot of outreach, even searching the company directory and doing some cold calls. Telling them, ‘Here is what I’m looking to do,’ and asking if they can help, and if not, can they point me in the right direction.” The strategy has worked, said Smith. “With our size, there are more than fifty flavors of IT leaders, and I’ve found many that have been more than willing to help us.”
For Brinker’s Virginia French, education has been an important part of communication. She said the data she needs to conduct theft investigations changes frequently, alongside implementation of new software, technology, programs, or business tools. So she invests heavily in educating IT in the LP function, so they can more easily anticipate how her needs may change. “Sometimes we need a lot of register data, check-level data, or to identify coupons applied to specific transactions—really granular information and often at the last minute,” she explained. “So I make an effort to describe LP to them and to educate them. Because when they understand the bigger picture about what LP does, they more easily understand the data I need.”
Finally, good communication must extend beyond person-to-person rapport. Several LP experts cited relatively high turnover rates in their company’s IT departments, which means personal relationships may come and go. Procedures, protocols, and value creation persist, however, and can provide an enduring foundation to the IT-LP partnership.
The original process at Delhaize America, when a Food Lion camera wasn’t working or some other part of the system wasn’t functioning, involved notifying a third party who would then report the incident to IT. “The main problem with this process was not all of the details were being captured by that third party. All the details weren’t being included. So IT didn’t have everything they needed to fix the problem,” explained Darnell. A more formalized IT-incident ticketing system has since been implemented. LP opens up a ticket and is guided through a series of specific questions depending on the type of problem, including when the device or system was last working, how it’s supposed to work, what steps the LP team has already taken in an effort to fix it, and necessary technical information. “It clarifies things, streamlines the process, and speeds up the process to fixing it,” said Darnell. “Without it, it can become like a volleyball match, with the two sides going back and forth collecting the different data that is needed to address the issue.”
At Walmart, Mike Wiley said the AP department works closely with their IT partners in initial planning stages to build out specific requirements covering many of the details regarding the project build and how alterations to requirements might be made. Changing requirements after a build, without any contingencies for that, is extremely difficult. “If you happen onto a business need and you want to change something once the build is underway or completed, you may pick up the phone and have a conversation and assume all is well only to find out that you didn’t follow the rules or get the change request into the project on time,” said Wiley. “You should still always try to make it right, but understanding and appreciating that your IT partners have processes to follow and budgets to keep in-check—just like you do—usually results in more forethought and participation in the requirements discussions phase.” Wiley added that it’s critical to get clarity up front on change request matters to avoid miscommunication once the project is well underway.
Sears’ Glenn said that communication lines with IT are more likely to remain open when AP can show embedded value into the DNA of the company, and it acts as a hedge against turnover at the top of the IT department. “In the past few years, we have worked with several CIOs,” he said. “So you better have a good, well-vetted use case for what you want to get done. It’s important, so you don’t find yourself having to reinvent the wheel.”
An Expansive View of the Relationship
A final piece of advice for improving LP’s relationship with IT—identified repeatedly by LP
experts—is to enlist others in the collaboration. Working effectively with IT—and pushing LP higher up their priority list for projects—is made easier when you have the backing of front-end operations, management, and other key departments.
Virginia French, for example, has taken strategic aim at “getting management to respect the interaction that LP and IT need to have and the time the two departments need to work out potential problems and issues.” For example, a new loyalty program or a new tabletop payment system creates a whole new set of scams that LP needs to plan for. If management is sensitive to the need for LP and IT to collaborate on such a rollout, LP may gain critical time to plan, she suggested.
Mike Wiley says the AP department’s relationship with IT has benefited significantly by partnering closely with the front-end operations team. “Being as aligned as possible with your business partners, for example the front-end operations team, is important because an aligned AP/operations team can present the ROI and benefits from many viewpoints—sales, service, loss mitigation, risk exposure reduction, compliance, labor savings, and the list goes on,” said Wiley. “Being joined cohesively with your business partners should give you an advantage, add credibility to the overall project need, and improve your chances of elevating the priority of your projects with your IT team,” he offered.
Tom Meehan made a similar suggestion to his industry peers. “You need to understand your business needs before you go to IT, and that frequently may mean going to other departments before you go to IT. There are lots of players—it’s not usually just an IT-LP collaboration.”
It helps if the LP team sees itself as part of the larger business whole, according to Thomas Smith. “One of the big things at Macy’s is that we’re not in silos; everyone has their hands in everything,” he said. “That global business mindset helps us in LP forge the partnerships we need to get things done.”
Finally, several LP executives noted that they’ve used outreach to other departments not only to push joint projects higher up on the agenda of IT, but also to arrive at bigger, better, and more expansive technology solutions than ones they had initially identified. One expert shared the example of an LP department that wanted a virtual network to segment its cameras from the store’s network. And because partnering was a core mission of the LP group, it became aware that an engineering group had been investigating a similar network setup for its own purposes. The technology team was then able to put it all together—providing both groups what they needed by combining the two projects—and saved money by doing so.