THE IMPORTANCE OF SECURITY IN THE ECONOMY

INTRODUCTION:

The term Security has been introduced for many years in the Modern Economy, especially when we see that the intervention of Governments in the economy, as a control mechanism of the factors that make up that economy, in other words, what has been called the Models of Economic Systems, which we will not discern in this essay.

Each Economic Model has its dynamics and rules, but in each of them there is a common denominator and it is the presence of human beings in internal processes and their impact on the domestic or international environment and in the processes of attacks on the economic factors of this model by misfits, who individually or collectively seek a goal, whether monetary, demonstrative, fame, money, power, among others.

In this document, without wishing to deepen microeconomic, macroeconomic and financial concepts, we wish to present an approach of comfortable Security Programs that must form an integral part of the strategies, within any type of activity that generates goods and services, in any economic model,

1. WHAT IS IT?

The questions that any investor asks when receiving a business proposal are: How safe is that business? Will my investment be safe? Do I have the security of obtaining returns safely? Is that business legal? Most recent ¿Where do the funds come from? In other words, the concept of the need to have guaranteed is developed through Security, the need to have confidence, "With Bail". Security is the bail.

The current activities of the companies are under the magnifying glass of different actors, or better called "Stakeholders": Owners, Shareholders, Boards of Directors, Good Governance Committees, External Auditors, Internal Auditors, Unions, Suppliers, Clients, Employees, Business Partners, Domestic and International Regulatory Bodies, and of course by organized or not Crime Groups.

All these activities have been regulated, to evaluate the action of companies and/or Public and Private Institutions, to be able to compare their actions based on principles based on transparency, ethics, legality, social and criminal responsibility; the only one that remains outside the formal regulations, but that remains within its regulations for each activity is the criminal one. This criminal activity is the one that attacks institutions, their personnel, their assets, their assets, their integrity and image and receives a benefit.

2. WHAT DOES IT CONSIST OF?

Let's start from a basic economic concept: Income or Income must be equal to spending, in this model, we have no other interpretation than everything I earn me to spend. In this case, I must take care of the income and there the Security begins to interact: "I don't want to lose part of what I earn since I won't be able to spend it." If we add to this equation a new element that is savings, then I am going to divide my income into what I consume and I will save a part of it, thinking of countless reasons, but let's think that with that saving I would start a company.

Here Security intervenes again: Where do I keep those savings? I need the confidence that I can have it at any time. How do I know where I keep it, it will not be lost? We already have part of the money to start our company: We will use part of those savings, in the preparation of a Business Proposal that allows us to: Obtain a bank loan, obtain money through the sale of shares, and search for capitalist partners, to acquire the buildings and facilities necessary to start the company.

Now our equation will have more variables, namely: Liabilities, Liquidity, Fixed and variable assets, Processes for converting raw materials to intermediate and final products, Working Capital, Employees, Payment of Taxes, Payments of Para fiscal commitments, Suppliers, Clients, means of distribution, Costs and Sales Expenses, marketing not only of the products but of the image through the brands, all these elements have a tangible and intangible value that we can summarize in three words: People, Assets, and Image. These three components will have enemies and competitors, the second have interaction regulations, but the first can cause great damage to the company, if prevention, prediction, early detection, alarm, and reaction measures are not taken, of recovery and learning, which we can include within a Comprehensive Security Program.

3. WHAT IS IT FOR?

Each of the elements of our formula is an important part of it, each of them has a specific weight within the business model of the company and require special, specific protection by the level of interaction it has with the rest, of course, the impact of one or more threats of a certain risk, will produce consequences of minimal to serious.

Define each of the factors that within the company may be the target of an attack from nature, of technological or social origin, the level of the direct or indirect impact of each attack, to be able to measure and quantify it in terms of people, buildings, facilities, commercial, financial, information, image, basically; being able to establish processes that allow monitoring each process, its fractures, its deviations and above all being able to detect, contain, react and stop the attacker and replace the processes at the moment of the attack, is what facilitates the implementation of SECURITY, in the economy of the company, which as part of a microcosm, is an integral part of a country's macrocosm, in any economic model. Security contributes greatly to maintaining the integrity of each element or factor in the economic equation.

4. WHAT IS YOUR FORMAL BASIS?

Initially, man's common sense and sense of protection led him to consider a protection system, first for his life (clothing, food, and roof), and then his possessions (doors, fences, walls, bars), from processes very elementary to very complex protection processes. Attacks on the interests of individuals, individuals or groups, led individuals and governments to make investments in these protection and security processes, which went on to become laws, which forced protection, under penalty of fines, to generate awareness programs and even to establish certifications that measure levels of compliance. In other words, the definition of protection, shielding, and containment processes against attacks and the way to continue the processes after the attacks.

Today, there are Laws, Regulations, and Procedural Norms, which have been taken by countries in global framework agreements, which have transferred their domestic economies and from global corporate companies to their subsidiaries in each country where they operate. We have had to invest in Security so that the economy continues and can continue, eliminate the word fear, and re-conceptualize it as a risk. It is more elegant to say to a shareholder "We have a risky operation, with calculated risks" and not to tell them that "We have an operation that produces tremors of fear", or that "such fear is that we have to be cautious". Fear paralyzes, the risk is an opportunity to establish our vulnerabilities, how much it can affect us, how to recover, that is, how we manage fear.

5. WHAT SHOULD WE EVALUATE?

We must take into consideration and keep under continuous evaluation the following aspects:

a) The first concept to evaluate is if our company is on the radar of attackers: if something happens to another company in the same field, and that company is on the radar from attackers;

b) The review of the feeling, within the executives, shareholders, managers, and employees, that "it will not happen to us";

c) The difference that exists between the dynamics of the business at the moment and the legal and procedural regulations that concern the company. This difference generates, in our opinion, the gaps and opens the doors of Management through intuition, improvisation, and therefore errors, and the green lights come on for the attackers;

d) The validity of the appropriate levels of protection for each of the elements that make up the economic equation of the company. This evaluation must be permanent and must be supported by a Risk Analysis;

e) The absorption capacity of the impact that may be caused by the threats of a certain risk or the conjunction of risks that arise jointly or as consequences of one another;

f) The ability to react to a certain incident, on time, with the adequate resources previously defined, minimize or suspend operations and activities and the availability in time to reactivate them at the previous level of the incident;

g) The capacity of the systems and procedures implemented to predict, prevent, detect, give alarms, contain, minimize the direct impacts to the affected Business Unit and indirect impacts to the other Business Units, related to the first;

h) The solidity and validity of the Contingency, Continuity and Recovery Plans of the operational processes;

i) The validity of the mechanisms for the transfer of the impacts of the previously defined attacks, through the Insurance Policies, which certainly must be conceptualized and implemented as a tailored suit, girls, no less;

j) The immersion, in each of the activities within the operations processes and systems, of the Security measures defined in the risk analysis, mentioned in literal g) The preparation of the Shareholders, Directors, employees and related parties in each one of the actions, processes, systems and Standards within its scope of action and security measures;

k) The concept where Security is considered an expense and not an investment;

l) The annual budget earmarked for Investment in Security, its adequate implementation at the correct times and the continuous evaluation of its effect on the correct performance of the activities.

We have two options:

i) Have a PASSIVE RESISTANCE, that is, trust what I have, in the protection processes and systems and wait for the attack, and then I will see how I will react; or

ii) Have an ACTIVE RESISTANCE: keep abreast of attackers, attack types, anticipate any situation, and establish control mechanisms, review, adaptation and budgets to handle any incident, in other words: "There will always be bad news, what we must know how to manage are the bad surprises”

6. WHAT CAN WE ACHIEVE?

If we give the correct importance to Security within the processes of companies, we will achieve that with adequate investment and adjusted to the requirements of the moment, we will strengthen these processes, comply with the internal precepts of the company, of the Corporate Governments and those established by Governments and Regulatory Institutions and most importantly, we will maintain effective control over losses, strengthen the image and hinder the possibility of having windows and/or gaps open, which would be used by internal, external attackers or a combination of both; you would have a healthy company and highly valued by its employees, related parties, shareholders, customers, and the general public.

7. WHAT SHOULD WE PROJECT IN THE FUTURE?

a) Soundness, this message must not only be rhetorical but must have the strength and proof that the company is on a solid;

b) Security Structure in each process;

c) Resilience, demonstrate the ability to react and adapt to external changes and the adequacy of internal processes;

d) Strength in Values and Principles in the human, Ethical, Transparency, and Compliance aspects;

e) Responsibility, having a true and efficient Good Governance Program, with adequate management of administration and risks;

f) High levels of difficulty for attackers.

8. WHO SHOULD USE IT?

Security in our activities must be present in every aspect and above all, raise awareness of the need to use it rationally and wisely. If we do it individually, within the family, within society, within companies, it will redound in the country. We all must use it, it will make us have an economy that generates benefits and successes.

9. WHAT SHOULD WE DO AS AN INDIVIDUAL?

Know our activities, personal processes in the areas we move, know the risks and specific threats that may impact us, measure and quantify the impact of each, take prevention and mitigation measures, consider hiring an insurance policy to transfer the impact that we cannot cover with our means and stay prepared. That is, it is wise to prevent than regret.

10. WHAT SHOULD WE DO AS A CORPORATION?

10.1 Develop, Implement and Continuously Improve:

a) A Comprehensive Security Program that encompasses People, Assets, Operations and Processes, and Image;

b) A Risk Management Program, through a Risk Analysis, duly appropriate to the company, each company is unique and particular; they may share some peculiarities with other companies, it must deprive individuality, the results must be particular, not collective. This Risk Analysis should not be based solely on their own experiences, the environment of each facility, municipality, city, state or province and country should be considered;

c) A Compliance, Internal Control and Audit program that allows measuring the levels of Integrity of employees, processes, systems and Good Governance and its impact and participation within the Company as a Shared Value in a Responsible manner;

d) An Incident Management Program, based on the aforementioned Programs that allows anticipating incidents and, if it occurs unexpectedly, being able to manage it, controlling the impacts, consequences and return to the situation before the occurrence of the incident;

e) A risk impact transfer program, through shared responsibility with stakeholders and directly related parties and insurance and reinsurance policies contracted domestically and internationally. Do not rule out the possibility of Collegiate Policies by sector, as well as develop internal funds to cover impacts below the deductible amounts of the policies;

f) A Program for evaluating the results of the investments made in Security, not based on real attacks only, but on the application of simulated models, through periodic simulations by the Business Unit, its systems and Processes implemented to measure the rate of return on that investment, based on the comparison of what was invested and the impact that the drill would have;

g) A Training and Education Program, covering the entire structure of the company, related and those who participate in the chain from the producer of raw materials to the final consumer. This training and formation must be based on the Principles, Values, Mission, and Vision of the Company.

10.2. Make a true review and retrospective, to know exactly where the company is in terms of Risk and Safety, establish what has been done, what has not been done, what has not been done well and based on the recommendations described above, prepare an Improvement and Financing Plan to make corrections in peacetime, in which investments are cheaper.

10.3. Implement Security at all levels of the process chain within systems and not act reactively only on the affected processes. Security and Control must always be present. In the short term, they are cheaper.

11. CONCLUSION: DOES IT REALLY WORK?

If the concepts and precepts of Comprehensive Security are really incorporated into each of the systems, processes, rules, policies, and guidelines in our personal lives and our companies, we would be applying the basic principles of the economy: Maximization of profits, Minimization of Cost and Expenditure, Returns on Investment, Minimization of Losses of time, money and processes, Continuous Improvement of the work environment, Minimization of Accidents at Work, Maximization of the use of resources, Maximization of Reputation and Image, Minimization of attacks. In conclusion, if Security is present, the Economy does function as it was conceived.

12. COMMENTS, SUGGESTIONS, AND MORE INFORMATION:

Do not hesitate to contact us through our email guzmagonzalo@gmail.com