When is a consultant not a consultant?

On Wednesday 22 June, the day of its 2005 Annual General Meeting, the British Security Industry Association (BSIA) officially recognised the profession of ‘security consultants’ by creating a new section with full Member rights. Prior to this, consultants could only join the BSIA as associates.

Fast forward to December 2006, and the Security Industry Authority (SIA) will commence licensing of this seemingly new and ‘niche’ specialist sector in order to meet the Private Security Industry Act 2001’s objective of raising standards and professionalism. However, unlike previous sectors where job descriptions and responsibilities have been clearly defined, the SIA has unwittingly opened a can of worms in its efforts to regulate consultancy work. A sector where market research and statistics are minimal, and wherein much confusion still exists surrounding the definition of who is and who isn’t a security consultant.

According to Schedule 2, Part 1, Paragraph 5 (1) (a) and (b) of the Private Security Industry Act 2001, security consultancy is defined as: “The giving of advice about the taking of security precautions in relation to any risk to property or the person… or… the acquisition of any services involving the activities of a security operative.” Over the next 12 months, the SIA aims to liaise with industry users and practitioners on how best to interpret the above parameters and weave them into what will be a useable framework for regulation. However, even at this early stage it is abundantly clear that such a definition serves to raise many more questions than it answers.

For example, does this mean that an IT engineer advising on firewalls and network security, an operative working in close protection services, an accountant advising on the financial risk of not implementing certain security measures, a call centre operative dealing with pre-employment screening enquiries or a management consultant offering basic security advice all now require a licence? Each of these roles clearly has a very different job requirement and responsibilities to its counterparts.

Finding common skills which have meaning and demonstrate a high standard of competence is the challenge the SIA has set itself. Evidently, the common thread between each of the specialist areas listed is that, at a company level, a security consultancy may well provide many of these services, but at an individual level – the focus upon which the Act has been predicated – it is highly unlikely that a given security consultant is going to be technically competent in each of these areas.

Thus, in order to meet the Act’s requirements, there is a very real danger that in identifying competencies and setting criteria for expertise, the process will be diluted to focus on quality management, organisational and communication skills. The end result? An SIA licence will lose much of its value as a symbol to the client of technical merit and ability and, hence, a great deal of its credibility as a guarantor of professionalism in the role.

Reviewing the marketplace

The market for the employment of professional services in security consultancy has clearly grown since the 1960s (in line with the growth of business services in general), and there are a number of ‘big hitters’ who have enjoyed a rapid rise and increased commercial success of late. Control Risks Group and Kroll spring to mind here. That said, the overall market share of consultancy as a percentage of the private security sector remains surprisingly small. Indeed, the number of consultants offering purely ‘security advice’ as their main service to the client is minimal.

In contrast, there has been an explosion of ‘security consultancy services’ offered by an array of traditional (and not so traditional) security providers, in addition to those supplied by companies who are totally outside of the security industry. By way of example, four of the past five winners of the Best Security Consultant category at Security Management Today’s Security Excellence Awards Ceremony have been engineering firms employing specialist teams to look at security design.

As the SIA licence is aimed at the individual and not the company (the latter, as I have heard many people within the industry state, would have been preferable), this poses a distinct challenge to the Authority in differentiating between the plethora of security consultants who earn a living solely out of providing security advice and those whose main activity is in another area, but who also offer – from time to time – additional consultancy services.

In short, when is a security consultant not a security consultant?

What if an individual professes to provide consultancy services for 20% of the time, but generates the majority of their income from, say, installation, engineering or guarding-related work. Would they need to have a licence? As things stand, the definition laid down in the Private Security Industry Act 2001 would suggest there is no question to be answered here. Yes, they most certainly do!

Then there is the question of independence. The industry has been – and continues to be – plagued by so-called consultants who operate various ploys in proffering advice that is prejudiced for personal gain. This is very definitely not in the best interests of the client.

They may do so by promoting a particular bidder at the tender stage and subsequently take a percentage of the deal. Alternatively, they may be retained by the company they are seeking to promote or work for another division within the same organisation. This represents a conflict of interests.

As a direct consequence, many of the ‘leading’ players in this sector have made their name by advocating complete independence and impartiality in terms of the advice they provide to the end user.

Unlike the situation pertaining within the security guarding or door supervisor sectors, the ability for the SIA to declare (with some authority) that everyone working within the consultancy arena must have a licence by a certain date is going to be much harder to deliver in the real world

How, though, does one differentiate between independent consultants and the rest? Indeed, should one try to do so in the first place? Currently, there is no legislation to state that companies offering consultancy services need to declare all other interests before they embark upon a specific project. This may sound like a separate and disparate issue to that of licensing, but it is of fundamental importance in establishing real and genuine standards of professionalism and quality within the industry.

At the present time, anyone can call themselves a security consultant and, thereby, offer sub-standard advice. As I understand it, the whole purpose of licensing is to remove this element of ‘cowboy’ practice. Again, the recurring theme here is one of definition. How does the SIA propose to realistically tackle this problem, unless it ensures that the definition of a ‘security consultant’ is more accurate such that it delimits and excludes many who claim to be a consultant but, in reality, are not?

Provision of the service

Another challenge presenting itself to the SIA is how one accurately gauges quality in terms of service provision. Set the bar too low and licensing will be viewed purely as another quality management standard with no real value in relation to technical ability. Set the bar too high and the exercise will also fail (given the limitations in terms of time, cost and available resources that the SIA enjoys to meet the Terms and Conditions of the Act).

The debate on how best to impose standards on the industry is obviously a complex one. For my money, I would hope that the SIA will take a hard line stance and impose a high level of ability in determining true consultant status… but with the caveat that those who do not successfully meet the criteria have the opportunity to continue working in their chosen field, and a plan from which they can work in order to gain official endorsement.

Perhaps in the first instance – and as implied in the Act – a consultant would have the opportunity to sign an official register. This would allow obvious cowboys to be ‘struck off’ as and when substantiated client complaints are made. There could then be a period of ‘saving grace’ after the initial registration wherein applicants are invited to submit details of projects they have worked on, provide references and produce, say, a full risk assessment based on a genuine case study.

At the end of the day, each answer will naturally be different, but the quality of thought processes, structure and recommendations should determine a good consultant above an average one. Licenses could then be allocated under a general ‘consultant’ banner, but with sub-divisions depending on the focus of experience.

Communication with the audience

Whatever the process, the SIA needs to take a much firmer and proactive stance in the way in which it communicates with its audience.

At the time of writing – ie just after the first batch of consultant workshops took place last month – the message posted on the SIA’s web site under the subject heading ‘Security Consultants’ was as follows: “The SIA is expecting to begin the licensing of security consultants in 2006. We will be conducting extensive consultations with key industry stakeholders in due course.”

Of course, that statement does not invite those who may be affected – or who wish to be involved – to make any kind of attempt to ‘join in’. The SIA should – indeed must – be totally open about its plans, and publish them on the web site at the earliest possible opportunity such that comments can be made. Otherwise, the Regulator will surely struggle to create a meaningful Forum of open dialogue and trust, never mind gain any support and recognition from prospective licensees.

Communication, though, is a two-way process. A criticism that has been raised is that some of the industry’s key players have been unusually quiet, non-committal or even totally absent from preliminary discussions.

I would argue that any consultants reading Security Management Today who don’t become actively involved in the debate – and do so NOW – cannot begin to complain when the eventual outcome fails to deliver on their expectations. The regulatory process demands the clarity of thought, support and guidance offered by professional security consultants.

I challenge them to take up the gauntlet…