As consultants, we have the privilege to present our risk assessment findings and recommendations to the decision makers in an organization – CEOs, CFOs, Executive Directors, heads of security, general managers, engineers, IT directors, school Headmasters, and more. More often than not, these are the people who have actively sought out having a risk assessment performed for their institution and are keen on improving security.
With that said, there are times when our findings and recommendations fall on deaf ears. Sometimes the decision makers are offended by our findings or don’t believe us. (“We do TOO have radio communication between the lobby and 10th floor!”) Sometimes they don’t understand the terminology. (“Each of the locations surveyed that have visitor traffic should employ visitor management systems managed by the same SMS systems database allowing for universal reporting.”) Sometimes they’re frightened by the findings. (“You mean anyone can just hop over that broken fence and have access to the school campus?!”) And sometimes they’re overwhelmed by how detailed the assessment it. (“You mean that we have 531 active users in the access control database? But we only have 75 employees!”)
While our risk assessments are always done in an unbiased and objective manner, we understand that hearing about your organization’s or institution’s risks and threats is sometimes hard to acknowledge. This is why at Invictus Consulting we make sure that each debrief meeting isn’t complete until the decision makers thoroughly understand both the findings and the recommendations.
If you’ve recently had an assessment done of your property or business or school, make sure that you get what you pay for – any consultant you hire to consult on any topic should do more than simply perform an assessment or set up a system for you; they should make sure that you understand what they’ve done, why they’ve done it, and how to move forward after the contract is completed.