Printer Friendly

Guidelines for garnering a good consultant.

Guidelines for Garnering a Good Consultant

WHEN YOUR ORGANIZATION has used consultants to assess its security needs did they give you the biggest bang for your buck or were you left hanging? Did you feel they didn't finish the job? You paid them for eight weeks of data collection and interpretation, but you don't know what you have or what to do with the information!

Maybe you didn't really know what to expect from a consultant or how to choose from the many consultants available. Unfortunately, many people who know little more than you are passing themselves off as consultants.

While you can't expect these newcomers to solve your security problems, you can identify an ill-prepared consultant by following a few guidelines.

First, select at least three firms that market consulting services that address your needs. Tell each of them what you want to do and solicit information on their services.

Second, review the information provided. This is an opportunity to prepare some questions about the firms and their work. The bidding firms should be able to provide a comprehensive list of services they provide for this selection process. The most frequently requested services are vulnerability assessments and security surveys.

Third, make appointments with the representatives of the firms. Also, ask contacts throughout the industry about these firms' reputations. References are highly important, too.

This exploration phase is the perfect opportunity to have the consultants provide a list of clients to whom they've provided services similar to the services you require. Satisfied clients are frequently willing to communicate their satisfaction about a job well done, especially if the consultant made them look good to senior management.

When preparing your questions for each firm, consider the following:

* How long has the firm been in business?

* What kind of experience do the consultants on staff have?

* Do the consultants have the necessary credentials to provide you with viable assessments?

* Can they provide a list of professional references on request?

* Will they do a first-class job and make you look good, or is it possible they will embarrass you?

I consider the most important attribute to be how much the consulting firm knows about my business. Did the consultants do their homework about my company and our business? If so, I know after just a few short minutes in conversation with them. If not, they are not the consultants for me. Also, are the consultants in question familiar with the general problems experienced in the industry?

The following is a list of skills that have been used by consultants for years as guidelines to proper consulting. Use this list to guide you through your relationship with the firm you select for the job.

Five phases characterize the consultant/client relationship - entry and contracting, data collection and diagnosis, feedback, implementation, and extension or termination.

Phase one: entry and contracting. The entry and contracting phase is the initial contact between you and the potential consultant. It includes setting up an exploratory meeting to determine the nature of the project's problems that must be addressed.

This phase is the time to put into words exactly what you expect from the consultant. If a project fails, the fault can generally be attributed to this initial stage. If each issue is not discussed and clearly articulated, the results can be disastrous. Such a disaster generally results in a substandard project, which leads to client dissatisfaction and a bad reputation for the consultant.

Just as you must clearly communicate your needs, the consultant worth his or her salt will clearly articulate what he or she needs from you and your organization to provide a quality work product.

These needs include the following:

* sufficient time to accomplish the mission and prepare a professional report

* access to people who can provide significant, relevant information

* access to the internal information necessary to prepare an intelligent assessment

* the necessary technical and personal support

This phase is also the time to negotiate fees and sign a confidentiality agreement. The fee will almost always be on a project basis figuring an all-inclusive daily rate. The rate may include miscellaneous out-of-pocket expenses such as per diem, parking costs, mileage, and air fares. These miscellaneous expenses must be clearly understood at the beginning of the project. No surprises!

The confidentiality agreement is used to protect any confidential information the consultant may learn about your organization. Any reliable vendor is familiar with these agreements and will provide several examples that can fit into your relationship.

This contracting period is also the time to clarify the working parameters you and your organization require of the consulting firm. These parameters may include a complete vulnerability assessment of risks to your organization.

The parameters will also establish boundaries in which the consultants are required to function. This clarification is best spelled out in an engagement letter. The letter is very important - for your protection and your consultant's. A professional consulting firm, again, should provide samples of engagement letters.

Phase two: data collection and diagnosis. The data collection process is critical if the consultant is to identify problem areas. Data collection is also where you will learn if you selected the right consulting firm.

If the firm is large enough, it usually has an expert on staff whom it uses to address specialized fields. Complex activities require persons with specialized talents, such as electronic technicians, accountants, lawyers, drug experts, and organized- and white-collar crime authorities.

Reputable security consulting firms are always mindful of your budget constraints and will use the professional best suited to address your problem. In any case, your budget is clearly articulated in your engagement letter.

Your consultants will also determine their own sense of your company's problem. The questions to be answered here are who is going to be involved in defining the problem, what methods will be used, what kind of data will be collected, and how long will it take to do the job.

During the collection phase, the consultants may discover issues or concerns that were not originally discussed but are a potential threat. For this reason lines of communication should be kept open as the project progresses.

I remember one recent consulting contract in which the consultant was looking for a way to close up an obvious opening in the normal retail cash flow. A recent loss of just over $100,000 had occurred. Our client only told us about one suspect. We were mildly surprised to discover three more suspects in the same store.

An experienced fraud auditor discovered this additional problem. The consultation proved successful in this case. As a result, the client/consultant relationship has been firmly established and continues.

Phase three: feedback. Eventually, you are going to want to see and hear the results of the data collection and surveys. Professional consultants will be able to reduce a fairly large amount of data into a manageable form.

In many cases, you will be tempted to resist the consultant's findings because they may not be what you want to hear. However, remember: You hired the consultant to find flaws. If the consultant is skilled in presenting the case, he or she will know how to reduce your anxiety in the best possible method.

During the feedback phase, you will want to set goals with your consultant in selecting the best action steps or interventions. You may elect to use the consultant's firm during the interventions to ensure you understand all of the data collected.

Phase four implementation. This phase carries out the steps outlined in the data collection phase. Here you can make corrections in your organization if they are needed. Implementation may fall to either your organization or the consultant. If the change sought is large, you may want the consultant to play a major role in implementing it.

The change may be something as simple as scheduling a training seminar or educational event. It could be a series of meetings to bring about change within the security department or the entire organization.

In any case the consultant should be involved in running the meeting or training session to explain the interventions. Consultant participation in the change should also be spelled out in the initial contracting phase.

If the implementation phase was not spelled out, you may want to handle the change yourself. In any case, make sure your consultant is prepared to administer the program for you if needed.

Phase five: extension or termination. This phase can also be called an evaluation. You may want to extend this consultation to include another segment of your organization. If so, the contracting process recycles itself and a new contract needs to be discussed at this time.

If the security survey was a huge success, you will be better off than when you started. If it was a dismal failure, you may want to cut your losses and terminate any further involvement on the project and with the consultant. Many options are available for ending the relationship, and terminating a project is a legitimate and important part of the consultation that you should be aware of.

When done professionally, the project will provide you with the necessary direction to improve the efficiency and effectiveness of the operation. And the consultant will have established the foundation for a long-term relationship.

A. M. "Mickey" Veich is director of investigations for Temple Security Inc, in Chicago, IL, and a member of ASIS.
COPYRIGHT 1992 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1992 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:security consultant
Author:Veich, A.M.
Publication:Security Management
Date:Jan 1, 1992
Previous Article:To write or not to write?
Next Article:Allies ... or enemies?

Related Articles
How to Be a Successful Security Consultant.
Consulting liabilities.
Sales: the key account business review.
The next chapter in library security.
Objectively speaking.
Committed to service.
Navigate Investment Planning With Ease.
Selecting a franchise consultant.
Lindgens names Andrew Garner CEO.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters