Working With Consultants: Getting Results
Oct 1, 2003 12:00 PM, By MARK PICKETT, CPP
Today's security professionals have to be innovative; they cannot falter, they usually have smaller budgets than they need, and they always have to be on the cutting edge. In meeting the never-ending challenge to protect company personnel and assets from both internal and external threats, sometimes they need a qualified consultant.
Determining who that qualified consultant is may be one of the more difficult chores facing security directors. After Sept. 11, companies that really needed help to assess their security environment were reaching out to anyone who looked good on paper, and the end-result in many cases was a black eye. U.S. companies spent millions of dollars for assessment reports with little to show in return and now are reluctant or unable to spend any more money, for fear of netting the same lack of results. Many of these assessment reports — regardless of content — still sit on the shelves. Many of the reports have no value, but the blame cannot reside solely with the consultant. The approach to a typical consulting project has become flawed, and both client and consultant must change how a project is approached and managed in order to correct the problem — and provide real value.
Conventional Consulting Projects
Typically, most companies solicit a consultant to perform tasks or objectives that will result in, at least initially, a findings and recommendations report.
The typical scope objectives for a consulting project may read something like this:
Conduct a security assessment of five different sites;
Make recommendations for security improvements;
Assist in identifying risk tolerance;
Assist in establishing capital budgets;
Conduct an electronic system assessment and perform design services;
Conduct a request-for-proposal (RFP) process and evaluate responses; and
Establish new physical security standards and policies.
Generally, there is no reference to project methodology, deadline, type of deliverable, or more importantly, how the client intends to measure the success of the consultant's efforts. This approach — although standard in the industry today — usually leaves the client with a report that identifies findings and makes recommendations, but cannot lead to a successful implementation stage. The process makes the client more dependent on the consultant to achieve success instead of demonstrating immediate results. Project scope objectives presented in this manner rely on each other. In the scope example presented above, the consultant cannot establish budget provisions until he has visited all five of the assessment sites, determined all recommended security improvements, conducted the electronic systems assessment and completed the design and engineering tasks. So the consultant, armed with his assignment and a new contract, sets off to perform his assessment. Then after spending thousands performing the services, he returns with valid findings, an untold number of recommendations, and a proposed budget that the security manager will never get approved. That's why the report still sits on the shelf, even today.
The flaws of the conventional consulting project are easy to correct once an informed client understands the pitfalls or a qualified consultant is intent on providing the client with real value. The conventional project defines the approach to a project in the manner illustrated in the top chart on the right.
Results-Focused Projects
Approaching a project by focusing on and achieving measurable results will change the outcome of every consulting project. Instead of defining a project scope based on solutions, clients must define the results they want to achieve through the project. The chart on the bottom illustrates the components of a results-focused project. Let's examine each of the project components more closely.
Project Goals and Objectives
The typical security assessment project might define the goals of a project in the following terms: “Assess the electronic access control system and related components to determine if they meet industry standards and best practices.” Most qualified consultants could spend four hours on-site and provide an adequate answer to the question posed by the goal of this project as it is defined.
But what if the project objective was posed in these terms: “Assess the access control system and identify vulnerabilities based on specific threat levels of our facility and industry.” Achieving the goals and objectives of this project will illustrate very specific gaps of a system within the client's security program. The client can quickly measure the value of the findings presented by this project, recommendations and budgets can be quickly formulated, and immediate results can be achieved. Likewise, clients will often initiate an assessment with the intended goal of finding ways to reduce costs from their security program. Instead of playing hide-and-seek, clients can achieve much better results and spend much less money if their objective is defined forthright and up-front, for example: “Evaluate the security program and determine ways to eliminate costs without reducing the level of security protection provided.”
This goal helps to define a scope that is results-driven, and when defined in this manner, very specific recommendations can be achieved in a short amount of time, producing results that can be demonstrated quickly.
Project Scope
The scope of a consulting project can entail a large prospective of elements. A typical scope description can read, “Assess the physical elements of the security program and make specific recommendations for improvement.” While this type of scope description is specific to direction, i.e.: physical security assessment, it could incorporate everything from electronic systems to security awareness to workplace violence prevention planning. This scope is too broad, too all-encompassing and could take considerable time before any results are achieved. The focused consulting approach would be defined by two specific elements:
What is the goal and objective of the project? and
What can the client, company and culture absorb?
There is absolutely no value in a scope of work that produces a report detailing recommendations that the client does not know how or cannot afford to implement. Rarely do consultants, in producing a recommendations report, consider questions like, “What kinds of changes would this client have to make to implement this recommendation?” or, “Will the client and the culture of the enterprise be able to make the recommended changes?” Without consideration of these and similar questions, the consultant's time and effort is wasted, and the client gains no real value in the exercise.
Smaller Task Projects
Defining smaller tasks in consulting projects will help both client and consultant achieve better results. If goals are more clearly defined, then quick wins can be achieved, thus demonstrating value to the client and credibility for the consultant. Any client who experiences immediate success through a small, well-defined project will go back to the consultant with more projects.
True Project Partnerships
Today's typical client — consultant relationship is euphemistically termed a “partnership,” however the conventional consulting project is anything but.
Typically, the client defines the scope of the project, solicits for an RFP, evaluates the responses, selects a consultant, signs an agreement, establishes a deadline and then turns the project over to the consultant. The consultant visits the site(s), identifies the findings, prepares recommendations, writes the report and turns it over to the client. This is called the pass-off and there is no partnership involved in the process. True project partnerships between client and consultant would include a sharing of resources, insight, collaboration, and achieving real results together.
Client Ownership
The true value of a consultant is achieved when he or she works themselves out of a job. If the consultant has helped establish client project ownership, and the client has learned through the process, making the company less reliant or dependent upon the consultant, thus the consultant has provided real value.
This project approach replaces solution-driven goals with results-driven objectives and redefines the scope of the project with what the client is able to absorb and implement. It stops the pass-off approach and creates real project partnerships where clients gain knowledge and ownership of the process. Most importantly, it prevents well-intended reports from being shelved by clients who don't know how or can't implement the recommendations made.
For the Record
About The Author
Mark Pickett, CPP, is vice president of consulting for Wackenhut Corp. He is an expert in physical security with more than 25 years experience in providing loss prevention control, risk assessments, threat and vulnerability analysis.
CONVENTIONAL CONSULTING PROJECTS
| Issue | Example* |
|---|---|
| 1. The project defines a goal or objective as a solution. | 1. Make recommendations for security improvements. |
| 2. The scope of the project is determined by the issues to be studied. | 2. Assist in defining risk tolerance. |
| 3. The project is too large in scale with long cycle times. | 3. The consultant will perform weeks or months worth of work before a deliverable is expected and often times before the client has a status update. |
| 4. The client's methodology is to pass the project off to the consultant and wait for return of the deliverable. | 4. The client has no involvement in the assessment process. |
| 5. There is limited client learning. | 5. Because the client is not involved in the project, no knowledge is transferred and dependency on the consultant is increased. |
| *As outlined in the scope | |
RESULTS-FOCUSED CONSULTING PROJECTS
| The Conventional Style | Focused Results Style |
|---|---|
| 1. The conventional project approach defines its goals in terms of solutions. | 1. Define goals of the project in terms of measurable results not solutions. |
| 2. The conventional project determines scope by the issues to be studied. | 2. Assess what the client is able to absorb and reasonably implement. |
| 3. Oftentimes, the projects of conventional consulting are too large in scale and cause long cycle times. | 3. Accomplish small tasks in quick time frames, show immediate results and measure the effects of the implemented recommendations. |
| 4. In a conventional project the client passes the project to the consultant, the consultant then passes it back to the client with little or no interaction. | 4. Develop a true project partnership. Involve the client in each aspect of the project especially the assessment. |
| 5. The conventional approach creates very limited learning opportunity for the client. | 5. Determine ways to achieve and maintain client ownership |
Want to use this article? Click here for options!
© 2008 Penton Media Inc.
Today's New Product
|
JVC PTZ Network Dome CameraThe indoor pan/tilt/zoom (PTZ) VN-V686U network dome camera from JVC Professional Products Co. features a 36x optical zoom lens that is powerful enough to capture an image of a ring on the finger of an intruder from far away. A silent direct drive mechanism provides subtle, fast and accurate PTZ operation. Other features include an auto-tracking function, which allows the system operator to tag a moving object for the camera to follow; 0.25-in. CCDs with 380,000 effective pixels; and full-motion, dual-stream JPEG and MPEG-4. |
advertisement
This month in Access Control
- Opening Up About Door Closers
- An Enterprise Approach
- The Framework For Open Systems
- On A Higher Plane
- More from April's issue
advertisement
