Robert Hayes promotes working better and smarter at Georgia-Pacific Corp.

Sep 1, 2000 12:00 PM, KATE HENRY

As director of corporate security for Georgia-Pacific Corp., Atlanta, Robert Hayes reduces risk by carefully designing and implementing security guidelines, with the help of the very best staff he can find.

"The way every program is designed here," he explains, "people get ahead on their own merit - not through someone else getting behind. By fostering `non-destructive competition' and providing growth opportunities, the department moves ahead and there is more job satisfaction for everyone." He emphasizes that a positive attitude is virtually a job requirement.

Hayes joined Georgia-Pacific's corporate security department as director in the fourth quarter of 1995. The responsibilities that fall to Hayes and his staff are broad, including corporate security risk assessments, the facility security program, computer and information security, investigations, the business conduct and ethics program, potential workplace violence, personnel protective services, access control programming, forest products and wood flow security, the corporate security information system and database, and a business unit security program. Hayes assigns security managers who work with each of Georgia-Pacific's seven business units.

Georgia-Pacific is a manufacturer and distributor of building products, pulp and paper with annual sales exceeding $20 billion. The company has more than 57,000 employees and 750 manufacturing, distribution, sales and administrative facilities in the U.S., Mexico and Canada. Georgia- Pacific has recently announced the acquisition of the Ft. James Corp., which would bring with it another 30,000 employees, more than 50 manufacturing sites, and European operations that make it the second largest tissue producer in Europe. The acquisition is projected to close around the first of the year.

With such a large scope of oversight responsibility, Hayes says it is important to stay focused on the true reason for the security function. "We have to remember that security is here to help the company achieve its business goals. We facilitate a business environment that supports those goals, by developing and implementing countermeasures to keep risk low, while risk exposure is naturally changing and expanding all the time."

Under Hayes' leadership, the corporate security department has kept pace with changing business practices. "People and functions from other groups within the company have been consolidated into the security department," he explains. Twenty specialized security professionals now handle functions including the identification program, electronic access control systems and investigations. He says the consolidation is notable in that it has been achieved not by expanding the size of the work group, but by creating synergy among the people already present at Georgia-Pacific. "When I got here," he says, "the primary focus was on investigations. We added 22 proactive and three reactive security services. These are known as IMPACT services, an acronym for Investigative and information services, Management services, Proactive services, Awareness training and documentation services, Consulting and Technology services.

Hayes adds that performing high-quality, cost-effective work can only be achieved by exceptional security professionals. Georgia-Pacific corporate security staff come from a variety of backgrounds: "One of the hardest things I do on any given day is select good people. Many people on my staff have been security directors for other large companies. We recruit from within the experienced corporate security professionals, the FBI, Secret Service, Military, IRS, FDIC, CIA , State, County and Municipal Police Departments, Corporate Auditing, Controllers, and Information Resources Departments as well as other G-P staff functions. They are the most experienced and diversified group of people I have ever worked with, and that is what makes the job fun."

The staff are well-trained using a core curriculum of courses specific to their responsibilities, and can then choose to specialize within the larger security function they serve. "For example, in the investigations group," explains Hayes, "we can be assured they all have the same core skills, but one person might choose to serve as our expert in countermeasures and detection of electronic eavesdropping and become trained as a technical specialist. We develop interesting career paths that allow people to achieve different levels of skill and move their careers forward."

The formality of corporate security training at Georgia-Pacific is a reflection of the structure Hayes uses to run the entire department. "We have developed a very formal program of guidelines in an attempt to get consistency - not standardization - of risk reduction," he says. He explains that the four major risks to Georgia-Pacific are - to people, property and product, computers and information, and to corporate image and liability. The programs are the security responses to those risks.

Hayes developed a program for Georgia-Pacific involving a forensic approach to investigations. The program is proactively identifying potential crime, fraud or abuse, and it is much more effective than common auditing practices. "Audits rely on a statistically significant sampling to see whether things are being processed correctly, but with that method, it is unlikely you will uncover an actual problem in time to stop it. The forensic process begins with the development of a loss profile. We examine crimes that have occurred and identify key elements of a crime that can be isolated and examined. Information systems and investigations people then work together to test and cross-reference records using data systems. This behind-the-scenes work scans for things that identify dummy companies, inappropriate vendor addresses and suspicious billings pointing to potential wrongdoing."

Hayes also oversees the business conduct and ethics program, which is vital, he says, because corporations and their officers can be held criminally liable for illegal acts of the company under Title 18 Sentencing Guidelines. "If corporate officers have not exercised authority to intervene in potential wrongdoing, they can be fined or sent to jail," he says.

With more than 28 years of experience in security administration, law enforcement training, and program and system design, Hayes says his current plan is to see how efficiently and cost-effectively the security program can be implemented throughout the business. "I've never really been in a position to create the program and quality metrics to see true long-term results. I would like to do that now," he says. A key factor in getting those results is the creation of what Hayes calls strategic partnerships. "It is essential for security to work within cross-functional corporate teams at every level," said Hayes. "There is no room for adversarial approaches to security, and one of our biggest successes to date is the successful relationships that have been established with the business units and the other support functions."

His previous experience includes a B.S. from Montana State University and Florida International University and graduate school at Michigan State. Previous security posts include 3M Company, a public utility, a medical center, a police department and a five-year tenure as a specialized training manager for 26 law enforcement agencies in Michigan. He is a certified protection professional (CPP) and certified fraud examiner, a member of the board of directors of the International Security Management Association (ISMA) and has been a member of the American Society for Industrial Security (ASIS) since 1975.

In his community, Hayes works with his sons' schools to help develop security measures that reduce the risk of violence and is active on the executive committee and board of trustees of the Metropolitan Atlanta Crime Commission. In his leisure time, Hayes' greatest joy comes from being a husband and father, and staying actively involved with his sons' activities, which include sports, Boy Scouting and the Junior Navy ROTC program.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue