CONSULTANTS AS A PROTECTION RESOURCE
8.2 Types of Security Consultants
8.2.2 TECHNICAL SECURITY CONSULTANTS
Consultants in this category have special technical expertise. They generally focus on certain
types of security applications, such as the following:
x physical security and system integration
x IT security
x personnel security
x convergence
x legal issues and other regulations
x engineering
x liability and due diligence
x security personnel and protective force management
Technical security consultants specialize in translating the concepts and functionality pro-
vided by the security management consultant into detailed blueprints and equipment
specifications. This capability requires years of technical training and experience. Some
technical security consultants also provide management services, such as writing security
procedures and policies, but they might also subcontract those services to a security
management consultant.
Security executives often call upon technical security consultants to assist with new
construction or renovation projects. These consultants can work with the architects and
design engineers to ensure that the needed security systems, such as access control, video
surveillance, and alarm monitoring, are integrated into the initial designs. Drawing on his or
her technical understanding of blueprints and design documents, the technical consultant
can uncover security concerns in the plans before they are finalized. Finally, this consultant
can recommend security hardware and software that is compatible with other building
systems and takes advantage of the overall planning concepts. Addressing these issues in the
design stages keeps security in the forefront of planning, which ensures that the security
agenda receives adequate attention. Using a technical consultant in this way saves money
because it eliminates having to retrofit security into a structure once it’s built.
8.2.3 FORENSIC SECURITY CONSULTANTS
Forensic consulting deals with investigation, identification and collection of evidence,
identification of vulnerabilities, mitigation strategies and litigation. A forensic security
consultant may be referred to as an expert witness, an outdated term that is quite broad and
implies expertise on any issue. The forensic security consultant works exclusively on
security-related issues.
230 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
8.2 Types of Security Consultants
Both security management consultants and technical security consultants may undertake
forensic assignments in civil lawsuits that involve a security-related matter. An example
might be defending a claim of excessive use of force by the security employee of a nightclub
when an intoxicated patron was physically ejected and, in the process, sustained serious
injuries. Alternatively, a consultant might be called on to testify in a false arrest lawsuit where
a shopper was detained for shoplifting, but the evidence proved no crime or theft had
occurred. The judicial system relies on experts who, in these examples, would be allowed to
testify as to whether the use of force by the security employee was reasonable or excessive
and whether there was probable cause for the shoplifting detention.
Some corporate risk managers have relied on security consultants with forensic experience
to evaluate incidents to determine if the claim of negligence is warranted or if insurance
demands hold merit. Some major security departments, working with their insurance carrier,
insist that certain forensic security consultants be retained in their defense based on prior
cases in which the consultant aided in successful litigation. (These topics and related
subjects are discussed at length in the Protection of Assets volume on legal issues.)
8.2.4 SECURITY ADVISORY COMMITTEE
Security advisory committees are an internal resource that can be formed to assist corporate
executives and chief security officers in their efforts to ensure that current security measures
are adequate. Should changes be warranted, the committee can help ascertain whether the
problem can be corrected through internal resources or should be referred to an external
consultant. An example of a policy statement that authorizes such a committee follows:
The purpose of the security advisory committee is to critically examine the security program
to ensure that all company assets are being protected, to maintain general oversight over the
program, and to assist the corporation in meeting corporate and government requirements.
The committee, chaired by a project coordinator, reviews the corporate security program at
least quarterly to determine if any additional protective measures are needed and advises on
any changes to policies or procedures. The group can review new program suggestions in
light of their effect on the company as a whole, on specific organizational units, and on
employees. Criticism or suggestions from supervisors or employees can be fielded by
committee members, and recommendations for corrective action can be considered.
Committee members should represent key corporate functions. Also, they should have
attained stature and creditability within the organization and have sufficient information
about the company’s operation to enable them to offer useful opinions about actions that
should be taken by internal security staff or by outside consultants.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 231
CONSULTANTS AS A PROTECTION RESOURCE
8.3 How to Use a Consultant
8.3 HOW TO USE A CONSULTANT
Consultants can provide many services, as outlined in the lighthearted “Alphabetical Soup of
Consulting” (Sennewald, 2004, p. 8) shown in Appendix A. The decision to retain security
consulting services is typically driven by a specific problem, need, challenge, or goal. For
example, a grocery store chain facing numerous violent crimes at one of its stores may hire a
consulting firm to determine the best ways to reduce the opportunities for crime to occur at
a specific store or across the enterprise. If the scope of work is limited to a specific store, the
company’s management may ask the consultant to determine the level of crime at that
particular property and then make recommendations for security changes.
In reality, however, the consultant will typically conduct a more thorough crime analysis,
which can be defined as follows (Vellani & Nahoun, 2001, p. 2):
Crime analysis is the logical examination of crimes which have penetrated preventive
measures, including the frequency of specific crimes, each incident’s temporal details (time
and day), and the risk posed to a property’s inhabitants, as well as the application of revised
security standards and preventive measures that, if adhered to and monitored, can be the
panacea for a given crime dilemma.
Through the analysis, the consultant will first determine what crimes have occurred in the
store and its parking lot. The consultant then evaluates the specific security measures in
place where the crimes occurred and makes note of any additional measures that should be
in place to block future opportunities for crime.
In making recommendations, the independent security consultant seeks to develop an effec-
tive mix of security solutions. That mix may include a combination of architectural design
and crime prevention methods known as crime prevention through environmental design
(CPTED), changing the environmental design, updating policies and procedures, adding
security personnel, and upgrading the physical security requirements. Clients should be
concerned if a non-independent consultant promotes only one product or a limited range of
security measures. Effective security programs typically include a well-thought-out array of
security measures.
Nearly every security executive has had a program, request, or recommendation rejected by his
or her management. For example, a recommended series of barriers in a protection plan,
known as security-in-depth, may be proposed. Competition for resources is a fact of
organizational life, and there may be alternate claims on the resources required to implement
the barriers. An independent consultant can review the proposal and provide objective advice
as to whether the proposed barriers are an efficient and cost-effective method of reducing a
security exposure. Also, a consultant should be able to identify whether the barriers will create
additional hazards or issues and, if so, how these can be addressed In the previous example,
232 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
8.4 How to Find a Security Consultant
the outsider can see what those who worked at the store every day could not see, another
example of the effective use of a consultant who can look at an issue with a fresh set of eyes.
Management is usually amenable to a consultant’s ideas, since he or she draws on
experience from other companies and can speak to industry norms. At times, consultants are
even asked to arrange meetings among clients from several companies to discuss industry
best practices. The consultant should remain above company politics, however. Delving into
company politics is an unnecessary distraction that only complicates the issues and costs the
company time and money.
8.4 HOW TO FIND A SECURITY CONSULTANT
Most security executives today know one or more security consultants, and these connections
are a logical starting point for locating a consultant suited to a specific assignment. However,
the more professional the consultant, the more restrictive he or she will be in accepting a
particular assignment. Most consultants specialize and may not see themselves as suited for
every need. Clients should be cautious of a consultant claiming to be able to address all
aspects of security.
One of the best sources for finding a consultant is a referral from a colleague, preferably in a
similar business. Companies without security connections should look into industry
associations that have consultants as members. In the security industry, many independent
consultants belong to the International Association of Professional Security Consultants and
ASIS International. Consulting associations with members in a variety of fields are another
alternative. The Institute of Management Consultants is one such organization.
Other sources to consider are industry-specific associations such as the Building Owners and
Managers Association, the Institute for Real Estate Management, and the International
Association of Chiefs of Police or any of their local equivalent organizations. A search of the
Internet will reveal many more security associations worldwide, including the International
Professional Security Association, Professional Information Security Association, and
Information Systems Security Association.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 233
CONSULTANTS AS A PROTECTION RESOURCE
8.5 Selecting a Security Consultant
8.5 SELECTING A SECURITY CONSULTANT
Selecting a security consultant that meets a company’s needs requires thoughtful
consideration of various candidates’ credentials and personal interviews. As a guide, and
after defining the scope of work, the following five steps can be used when selecting a
consultant:
Step 1: Identify candidates.
Step 2: Invite candidates to submit an application.
Step 3: Evaluate the applications.
Step 4: Interview the top two candidates.
Step 5: Negotiate an agreement and finalize the selection.
To identify candidates, the first step, company representatives should talk to peers and
colleagues to elicit suggests of consultants they know. Additional names may be gleaned
from industry associations. Placing an advertisement in related publications may also bring
in candidates.
In the second step, the company should develop a custom application that asks for basic
information from each candidate that can be used for comparison. A sample application is
shown in Appendix B. As an alternative, the company can ask the candidates to submit
letters outlining their services, and the sample in Appendix B can be used as a checklist.
Candidates should be asked to attach a copy of their curriculum vitae (CV) to the application
or letter. In jurisdictions where security consultants are required to be licensed or registered,
appropriate proof must be provided.
A sample CV is shown in Appendix C. The application and the CV provide a uniform way to
compare the credentials of each candidate. Also, having to provide both an application and a
CV may discourage someone with weak qualifications from applying. Thus, the documents
themselves may disqualify poor candidates.
During step three, the quality of the documents and the candidates’ credentials are
compared. Another source of useful information can come from prior clients, and several
should be contacted from a list provided by the applicants. As top candidates emerge, a
background investigation should be performed by contacting references and using a
structured interview process to evaluate responses.
The two top candidates should be interviewed personally by at least two representatives of
the company, the fourth step in the hiring process. To help the discussion, the candidate
234 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
8.5 Selecting a Security Consultant
should be asked to bring redacted work samples to the interview for review. The same or very
similar questions should be put to each candidate so the interviews are comparable.
Questions should probe the candidate’s security philosophy to ensure that it is a close fit
with the company’s policies. If possible and when the scope of work includes physical
security measures, the candidate should be given a brief tour of the facility prior to the
interview to become familiar with the facility.
If the candidate does not live locally, the company should negotiate the cost of bringing the
candidate to the company, or an employee should travel to the consultant’s location for a
personal interview. Teleconferencing is an interview option, but a poor one. In the final step,
negotiations begin with the top candidate. Subjects to be negotiated are the scope of work,
the product to be delivered, the methodology, the timing, and related expenses. If
negotiations with the first candidate prove unsatisfactory, the company should move quickly
to the next choice. Once negotiations are successfully concluded, the company should be
prepared to present the consultant with a contract.
An example of a professional consulting services agreement is shown in Appendix D. The
documents shown in Appendix E and Appendix F cover supplementary agreements that
define the consultant’s responsibility for handling company proprietary information or
government classified documents and conflicts of interest. These points should be discussed
with the consultant and all forms should be signed before work commences.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 235
CONSULTANTS AS A PROTECTION RESOURCE
8.6 Consulting Fees and Expenses
8.6 CONSULTING FEES AND EXPENSES
There are no bargains in the consulting profession. Other professionals, such as physicians
and lawyers, follow the same fee strategy. The doctor with the best skills or the attorney with
the best reputation and practice will receive the highest fees from patients or clients.
Likewise, the security consulting profession has its own fee structure based on levels of
expertise.
As with other professional disciplines, time and quality must be considered when analyzing a
range of consulting fees. A low fee might actually prove to be more costly in the long run
because a less skillful consultant might take longer to complete the assignment satisfactorily.
Also, the security industry has a long and rocky history of keen competition based on the
awarding of contracts to the lowest bidder. To increase their competitive advantage, some
security product and service companies will offer consulting services at a very low rate.
Clearly, the objectivity of the resulting recommendations must be questioned if the
consultant believes the solution might lead to the purchase of that company’s services or
equipment. If the fee proposed by a potential consultant seems to be a bargain, the client
should remember the Latin phrase caveat emptor: let the buyer beware!
The basis for higher billing by some medium-sized or large consulting firms, as opposed to
the independent sole proprietor or small consulting firm, often reflects a higher overhead.
The costs billed by individual consultants as well as by larger firms include direct charges,
such as time and travel, and overhead costs, such as office rental, clerical help, proposal
expense, publications, and professional taxes and licenses. As a result, a consultant’s daily
rate does not equate to an annual income since consultants may not work every day of the
year but their expenses continue.
Consultants, like other professional service providers, typically use software to track the time
and expenses related to each client’s project. In some cases, consultants keep a project
journal while others monitor activity through simple spreadsheets. Consultants may also use
specific billing software such as QuickBooks.
No matter how the consultant tracks and bills his or her time, the client should review
payment options and choose the one that fits the company’s accounting scheme as well as
the type of consulting assignment. Five options should be considered: hourly fees, daily fees,
fixed fees, not-to-exceed fees, and retainers. The company should also set parameters on
how miscellaneous and regular expenses should be billed and approved.
236 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
8.6 Consulting Fees and Expenses
Hourly Fees
Paying a consultant an hourly fee is unusual in security management consulting, but it does
happen. This arrangement is most applicable when the assignment is expected to last less than
a day, but the exact amount of time needed is unclear. In this scenario, the client and
consultant could agree to “let the meter run” for the actual time spent. An example might be a
case where management is considering moving an employee to a new assignment, and the
consultant is retained to meet and interview the employee at a convenient time. If the
company expects the interview will only take 2.5 hours, the consultant could agree to be paid
for just that amount of time.
Forensic consulting is often billed by the hour, however. If a corporate legal or risk management
office brings in a security consultant for advice on how to avoid litigation, evaluate a case, or
arrange a settlement, the time is calculated by the hour and any fraction thereof.
Daily Fees
The daily fee is calculated by multiplying the consultant’s hourly rate by eight. In reality, this
arrangement often benefits the client because an eight-hour day can easily be extended for
any number of legitimate reasons, unless the contract clearly defines the number of hours in
the consultant’s day. Security consultants know that the time needed to meet the agreed goal
and submit a final report might exceed the typical day. Depending on the number of days in
the agreement, the consultant might propose a certain number at a fixed daily rate and a
slightly reduced rate for every day thereafter. Clearly, the daily fee can be flexible based on
the nature of the task and the services required.
Fixed Fees
A flat or fixed fee is the total amount to be paid by the client to the consultant for the
completion of a consulting assignment. More often than not the fixed fee includes all expenses,
so only one amount is negotiated. The consultant’s office time and expense calculations,
which could be based on his or her hourly rate plus an hourly rate for the office staff, is
translated into an estimate of what is needed to deliver the end product.
This arrangement is generally agreed to when the number of days required to accomplish the
work can be estimated accurately and controlled by the consultant. Usually a fixed fee will
only be acceptable to a consultant if the work to be done is limited to a study that is not
complex. The advantage to the client is that the company can easily compare competitive
bids and budget the exact amount that will be needed to complete the required work. Fixed
fee arrangements are usually not appropriate if the work involves implementing a
recommended program because the consultant often has to rely on other employees from
the client’s company to perform or arrange for the actual work. The danger in this case is that
the consultant could lose control of the time that could be spent but must absorb any
Protection of Assets Ɣ Copyright © 2012 by ASIS International 237
CONSULTANTS AS A PROTECTION RESOURCE
8.6 Consulting Fees and Expenses
overtime. The scope of work in these situations must be very carefully defined to protect
both the client and the consultant.
Not-To-Exceed Fees
A not-to-exceed pay arrangement, similar to the fixed fee, is the consultant’s guarantee that
the total cost or time will be limited to the parameters agreed to in the contract. In this
instance, the consultant agrees that any costs connected with unforeseen events or delays
will not be passed on to the client, unless the client agrees to pay them. The difference
between not-to-exceed and fixed fees is this arrangement allows for a lesser fee than
originally estimated. For example, the consultant might state that he or she expects to
complete a task in five days but that the time spent is not to exceed seven days. If the task is
completed in five or six days, then the client just pays for that amount of time. If the task
should take eight days, the client still only pays for seven.
Retainers
A company that wishes to use a consultant on a regular basis might prefer to pay a retainer.
In this arrangement, the consultant agrees to work a specified number of days each year for
that client, and the client is guaranteed access to the consultant when needed. In a retainer
agreement, consultants typically provide their services at a substantially discounted rate. For
example, the agreement might state that the consultant will provide or be available to the
client for two days each month at a fixed rate per day, or 24 days a year at a set annual price.
In this case, the client is assured of receiving services for the minimum number of days
covered by the retainer. The consultant, on the other hand, is guaranteed an income.
Retainers can be quite negotiable. The client might use all of the agreed-upon days in the
first half of the year or only use the consultant less than half the days in the contract. The
consultant keeps the retainer even if the minimum days provided are not used by the client.
However, some consultants dislike committing to a retainer because it can cause scheduling
problems. For example, the consultant might be in the middle of a project for one client
when an urgent problem surfaces at another company that has already paid a retainer to that
consultant. To avoid this difficulty, it is recommended that retainer agreements identify
specific days to be applied to the client in specific months. If a schedule cannot be arranged,
then the consultant can agree to commence working for the client on the first available day
after notice is received.
Other options in a retainer agreement could cover the days used by the client in excess of
those in the contract. In one example, the client would continue to pay the discounted rate
for any extra days. In another case, those excess days would revert back to the consultant’s
normal fee.
238 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
8.6 Consulting Fees and Expenses
Miscellaneous Arrangements
Other fee arrangements can be beneficial to both the client and the consultant. For example,
the consultant could agree to accept some equity in the client’s business for part or all of the
consulting fee. Alternatively, the fee could be set as a percentage of the savings realized as a
consequence of the consultant’s work, although this option is not common in security
management consulting.
If such innovative fee concepts are proposed, both parties should seek adequate legal counsel
while drafting an agreement to ensure that the interests of both are adequately defined. A
clear, binding agreement is the cornerstone for avoiding costly litigation or work disruption.
Expenses
The cost of outside consultants must allow for reasonable expenses to cover project-related
activities such as transportation, living costs, telephone, secretarial services, and
reproduction. Consulting expenses can sometimes be reduced if the consultant is allowed to
use amenities and services available at a client’s facility. Such items as clerical assistance,
office space, and reproduction services might be provided on-site. Consultant support is
discussed in more detail later in this chapter.
Expenses are usually reimbursed at actual costs, which should be substantiated by expense
reports submitted by the consultant. A reimbursement arrangement might also be based on
a per diem for living expenses plus actual costs for transportation and other expenses. Both
the consultant and the client must clearly understand how expenses will be paid and what
expenses are reimbursable. Any limitations on amounts to be spent should be defined. For
example, if the daily allowance for hotel accommodations and meals is a set amount, the
consultant should be informed of that limit during the selection process.
A common rule of thumb is that the consultant should receive the same travel allowances as
those given to members of the client’s senior management. Although commonly accepted
business practice limits air travel costs to coach accommodations unless first class or
business class accommodations are specifically approved, the client should not assume that
everyone understands or agrees with this policy. International travel almost always involves
at least two days of travel time (to and from the destination) and sometimes more. Special
arrangements should be made for compensation in these situations.
The bottom line in expense negotiations is that the details must be discussed and agreed
upon at the outset of the relationship. Most professional security consultants will have their
own forms and methods of providing clients with necessary and appropriate records of time
and expenses. To ensure that potential clients are aware of the requirements, the forms and
policies in Appendices G through J show expense reports and guidelines that apply to
consulting situations.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 239
CONSULTANTS AS A PROTECTION RESOURCE
8.7 Working with Consultants
8.7 WORKING WITH CONSULTANTS
Once the contract is signed but before the consultant actually begins to work, senior and
functional managers as well as those employees who may be affected by the consultant’s
activities should be made aware of management’s decision to retain the services of a security
consultant. The announcement, preferably from the chief executive officer, should
underscore the expectation of employee cooperation and assistance, which will facilitate the
successful completion of the consulting project.
A consulting project coordinator, often a member of the security advisory committee, should
be assigned to work with the consultant and monitor progress. That person can provide
adequate information about the organization and provide assistance. Clear specifications for
the project should be outlined in a scope of work, which should include a work plan,
progress reports, and a final report.
8.7.1 COORDINATING THE PROJECT
To facilitate and coordinate the project, some companies designate a sole representative to
serve as project coordinator, typically the chief security officer (CSO) or vice president (VP) of
security. He or she works closely with the consultant during the project without any other
management involvement. Other clients create a temporary security project committee,
often a spin-off from the security advisory committee, to facilitate the project. The
committee should be chaired by the project coordinator, again the CSO or VP of security. If
the project coordinator is temporarily unavailable, a designated alternate should fill in and
respond to the consultant in a timely way so that the work is not delayed.
The project manager should strive to include someone from within the organization who can
act as the project sponsor. A good candidate for this role is the individual who may have
originally suggested the concept that led to the consulting project. Both the consultant and
the project manager will find this person a valuable resource and ally throughout the course
of the project.
The mission of the project coordinator and the committee is to be a liaison between the
consultant and the company, and that task is critical. Committee members should represent
the sectors of the company involved in the work. They should be completely familiar with the
organization and the project and have sufficient credibility and clout in the company to
effectively meet the needs of the consultant, such as collecting data or scheduling interviews.
240 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
8.7 Working with Consultants
8.7.2 ORGANIZATIONAL ORIENTATION
The project coordinator should arrange an orientation for the consultant, at which he or she
can be briefed on the backgrounds and responsibilities of key personnel in the organization
before meeting them personally. The consultant should also be made aware of any role each
individual might play in the completion of the assignment. The orientation should include
an organizational chart and background data about the company, including the operating
environment, key assets and functions, internal and external relationships relevant to the
project, specific legislative or regulatory controls, a history of the enterprise, the philosophy
of top management, and the company’s competitive position. If the client is a public
company, copies of the latest annual report to shareholders, as well as relevant government-
required disclosure filings, should be provided.
The more information the consultant has, the better he or she will be at meeting the client’s
expectations. To that end, the results of previous projects of a similar nature undertaken by
the company should be discussed with the consultant. Also, any unique or unusual
situations that might be encountered within the organization should be brought to light. All
companies have their own cultural idiosyncrasies. If the consultant is not made aware of
potential problems, some action, seemingly minor to the consultant, could trigger an
incident and negatively affect the project and everyone associated with it. On the other hand,
consultants are expected to be objective and independent observers with the freedom—in
fact the obligation—to state the facts, even if they point out idiosyncrasies that could affect
the outcome or success of the consultant’s work.
When a client seeks a consultant for work in a different country, the consultant is expected to
have a knowledge of the culture and customs of the country, working conditions, local
legislative requirements, visa requirements and conditions, etc.
8.7.3 LEVELS OF ASSISTANCE
A consultant’s time costs money, and the project coordinator should arrange to see that all
the necessary assistance and support is provided in a timely way. Advice or assistance may
be required from related departments, such as legal, industrial relations, public relations,
and finance. Technical help may also be solicited from qualified in-house talent. Company
personnel may need to prepare letters, memorandums, and reports generated as a result of
the project. Reports or other data specified in the contract are usually prepared by the
consultant.
Consultants are often given access to sensitive information. Therefore, nondisclosure
agreements are necessary to protect the company. More information on nondisclosure
agreements can be found in the Protection of Assets volume on legal issues.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 241
CONSULTANTS AS A PROTECTION RESOURCE
8.7 Working with Consultants
A method for the proper handling of sensitive information developed or collected during the
progress of the work should also be devised. Such data could even be embarrassing to the
organization or its employees if it became known either inside or outside the organization.
Sensitive information could also include the conclusions or recommendations of the consul-
tant. Such information should be safeguarded by a limited number of individuals and only
be handled by personnel known to be trustworthy. Most importantly, written consulting
reports are subject to discovery by an adverse party in a lawsuit. Consideration should be
given to identifying the proper custodian and location for reports that might be sought
through subpoena.
Visits to other companies, other clients of the consultant, or other corporate locations may
be required. Such visits can often be expedited if the project coordinator assumes the
responsibility for making arrangements, such as procuring security clearances, airline or
company airplane schedules and tickets, rental cars, and hotel reservations.
The consultant’s methodology is critical to the success of the project. The methodology
should be sound and widely accepted within the industry. It would be impossible to outline
every method that could be used to complete the myriad projects taken on by security
consultants. Nonetheless, potential clients can review industry guidelines for various types of
projects. Commonly accepted and widely used methodologies in the security industry are
ASIS International’s General Security Risk Assessment Guideline, the International
Association of Professional Security Consultants’ Forensic Methodology Best Practice and ISO
Standard 31000, Risk Management.
8.7.4 SCOPE OF WORK
From the very beginning, candidates for consulting assignments should understand the
scope and objective of the project. This information should be part of the initial request for
quote and also be included in a written contract. However, it should not be assumed that
these few paragraphs will be enough for the consultant to begin work and perform
adequately.
Before the actual consulting assessment begins, the client and consultant should review the
project’s objectives, goals, scope of work, and deliverables. The project coordinator should
participate in the review along with project committee members and any others who may be
affected by the work to be done.
The “scope of work” refers to the central objective of the consulting task, or the clear focus of
the effort. Suppose the scope of work is to “reassess the company’s distribution system to
identify procedural deficiencies that could or do contribute to cargo losses.” In the perfor-
mance of the work, every physical inspection, interview, and document examined should be
242 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
8.7 Working with Consultants
guided by and limited to that objective. The initial project review, then, should address the
strategies that will achieve the objective.
This review also updates those who did not participate in the selection process and gives
everyone an opportunity to ask questions and clarify points. The consultant is now a
member of the team and should ask and answer questions that might not have been
appropriate in the earlier discussions.
A common occurrence in consulting projects is referred to as “scope creep,” meaning the
scope of work grows after the contracts have been signed and the work has begun. This
phenomenon may be raised by either party and for myriad reasons, often out of necessity.
Caution flags should be raised, however, when the consultant is being paid an hourly rate
and the project could grow to exceed budget limitations. While expanding the scope of work
is often necessary, it should only be done with both parties agreeing to it in writing as an
addendum to the contract.
8.7.5 WORK PLANS
Once the scope of work has been agreed upon, a work plan should be developed with the
project coordinator. Tasks and priorities can be determined, assignments made, and
completion schedules established. Deadlines should be converted to milestone charts, if
appropriate, so the project can be reviewed periodically. The frequency of work product
reviews can also be specified and scheduled during this planning stage. Information that the
project coordinator and others will need to furnish to the consultant can also be defined, and
a schedule established for its delivery.
Especially in lengthy projects, the project coordinator and the consultant should hold
frequent progress meetings to ensure that the project is on schedule. Ultimately, the
consultant is responsible for ensuring that the project stays on the right course while
traversing any unanticipated hurdles posed by corporate politics or culture. Measurement of
the project’s progress, sometimes referred to as an earned value analysis, should be
conducted by the consultant and project coordinator during these meetings to ensure that
the project objectives described in the scope of work are being met.
Those responsible for gathering information or performing support tasks should understand
that deadlines are important. If they are not met, the efforts of the consultant may be
hampered or work on the project may come to a halt. The project coordinator should assume
responsibility for ensuring that deadlines are met and that the project is on schedule at all
times.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 243
CONSULTANTS AS A PROTECTION RESOURCE
8.7 Working with Consultants
8.7.6 PROGRESS REPORTS
The progress of the consultant’s work can be monitored by scheduling periodic meetings
and requiring written reports, which can be specified in the work plan with the caveat “if
deemed necessary.” Great discretion must be exercised in the frequency and length of
meetings.
Progress meetings should be attended by all personnel working on the project as well as by
interested management representatives. The coordinator, as the key company repre-
sentative, might personally record, publish, and distribute the results of the meeting or might
assign another team member to take minutes. The minutes should outline decisions made
during the meeting, detail the progress of the work, and specify any work assignments and
deadlines.
The frequency of project review meetings and written reports will, of course, depend to a
great extent on the size and complexity of the project. Scheduling review meetings too often
will interfere with work to be done, but if they are not scheduled often enough, control of the
project could be jeopardized. If the exchange during the meetings is adequate, the group
may choose to forego interim reports. They may also be skipped if the project is short, about
10 to 15 days, and if the review meeting reports are satisfactory.
8.7.7 FINAL REPORTS
A final written report should be delivered for all consulting projects including a technical
consulting assignment, although the project’s end result should be a functioning system. But
it is absolutely essential in a security management consulting project where the end product
consists of recommendations and advice, which must be implemented in the future.
A final report should begin with an executive summary, then address the results achieved,
and conclude with the recommendations. A simple approach to the report content is to
make the sequence consistent with the scope of work. The results section should identify
whether all the established goals were met, whether any items included in the work plan
were not accomplished, and the reasons why an item was not completed. The recom-
mendations should define any additional work that needs to be done together with
suggestions on how to accomplish it.
Sometimes a final briefing for top management is specified in the statement of work or
requested at the project’s conclusion. The salient features of the written report can be
incorporated into such a briefing, which should be done by the consultant. The project
coordinator and others from the company should be on hand to give advice and assist in the
briefing since they will be most familiar with the requirements of top management.
244 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
8.7 Working with Consultants
If the report itemizes recommendations, each should be numbered for future reference, as
follows:
Recommendation #23: Use of part-time police officers to protect cash offices should be
discontinued. Security for cash offices should be in the form of operating procedures and
state-of-the-art physical barriers, including a two-door “man trap” with remote electronic
access control.
The acceptance and subsequent implementation of that recommendation could be called
Project #23.
If additional work is to be implemented as a result of the consultant’s efforts, the final written
report should include enough detail so that personnel in the client organization can
complete the tasks by following the guidelines included in the report. After reviewing the
report, however, the client may decide that additional assistance from the consultant will be
required to implement the recommendations. In that case, an additional contract or a
contract amendment should be prepared for the consultant’s signature, and a new scope of
work to implement the recommendation should be defined.
For example, suppose a security consultant has completed a vulnerability study for an
organization and recommends a comprehensive protection program. Once the final report is
presented, the organization’s management realizes that they will need to hire one or more
experienced security professionals to implement and manage the recommended program.
The consultant might then enter into a contract with the company to search for and pre-
qualify a security executive to implement and manage the recommended program. The
usual fee for this kind of service is 25 percent to 30 percent of the new security executive’s
salary for the first year, plus expenses incurred during the search.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 245
CONSULTANTS AS A PROTECTION RESOURCE
8.8 The Future of Consulting
8.8 THE FUTURE OF CONSULTING
As new business and societal events of the 21st century unfold, the use of consultants by
security and other corporate executives will most likely trend upward. For example, when
companies downsize, they frequently lose in-house specialists but add them when needed
by hiring consultants. As a result, many consultants are zeroing in on a specialty, which they
then can provide to many clients.
An example might be crime analysis. In the past, companies may have had security
employees who focused on this task. Today, however, those employees have been promoted
or have moved on to perform more generalized security functions. When companies
encounter a case where crime analysis is needed, they turn to consultants who specialize in
this niche.
Another trend can be seen in the way consulting fees are established. Rather than bill at
hourly rates, many consultants are moving toward project-based pricing. Based on the scope
of work, experienced consultants can accurately assess the time needed to complete a
project. This arrangement is of great benefit to companies that use consultants since they
have a closed-end cost that can be used for accurate budgeting.
Both of the trends mentioned have led to a third: consulting alliances. Consultants with
specialties have seen the need to provide a range of services to a client when completing a
project, and they have teamed with other consultants to broaden their professional offerings.
For example, a security management consultant who recommends upgrading a company’s
access control system may form an alliance with a technical security consultant who can
actually specify, bid, and oversee the installation of the recommended system. Similarly, a
forensic security consultant may testify in a case brought against a client because of a
security deficiency, and then bring in an allied security management consultant to
recommend how to rectify the deficiency.
In all cases, understanding how to work effectively with a security consultant is the key to a
successful outcome, for both the consultant and the client.
246 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
Appendix A: Alphabetical Soup of Consulting
APPENDIX A
ALPHABETICAL SOUP OF CONSULTING (Sennewald, 2004)
Advise management on what’s current … that is, “state of the art.”
Build bridges between security and other departments.
Clarify and rewrite security policies, procedures, etc.
Define organizational goals and mission statements.
Expedite security projects.
Forecast protection needs in the future.
Guide management in the selection of personnel, equipment, and services.
Help hire qualified security personnel, especially at the executive level.
Identify problems.
Judge past and present performance.
Kindle new enthusiasm or interest.
Launch new programs by conducting orientation meetings.
Modify security operations when and where appropriate.
Negotiate on behalf of management for optimum contracts.
Objectively evaluate security programs, present and future.
Present new ideas and strategies.
Qualify senior security candidates for management’s consideration.
Review security budgets.
Supplement the security management staff on a temporary basis.
Train security employees.
Uncover unproductive policies, practices, and programs.
Validate existing or planned activities.
Warn management of risks and unnecessary exposure.
Yield unbiased and honest opinions.
Zealously provide the highest order of professional assistance and guidance.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 247
CONSULTANTS AS A PROTECTION RESOURCE
Appendix B: Application for Consulting Assignment
APPENDIX B
APPLICATION FOR CONSULTING ASSIGNMENT
Power Munitions, Inc.
Name of consultant ______________________________________________________________________
Name of consultant’s firm ________________________________________________________________
Address of consultant’s firm_______________________________________________________________
Consultant’s phone ______________________ E-mail address__________________________________
Consultant’s Web site ____________________________________________________________________
Consultant’s primary expertise ____________________________________________________________
Last position prior to becoming a consultant ________________________________________________
Last employer ___________________________________________________________________________
Date consultant left last employer__________________________________________________________
Date consultant commenced practicing as a consultant ______________________________________
Total years practicing as a consultant_______________________________________________________
Years of education ___________ University/college __________________________________________
Professional/academic designations _______________________________________________________
Professional affiliations and memberships __________________________________________________
Length of such memberships _____________________________________________________________
Awards or recognition for achievement in the security industry ________________________________
If published, identify works _______________________________________________________________
________________________________________________________________________________________
Basic consulting fee ______________________________________________________________________
248 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
Appendix B: Application for Consulting Assignment
Reference #1: Name of client _____________________________________________________________
Name of contact person_____________________________________________________
Phone number of contact person_____________________________________________
E-mail address of contact person_____________________________________________
Primary thrust of that consulting project ______________________________________
Length of that consulting project _____________________________________________
Reference #2: Name of client _____________________________________________________________
Name of contact person_____________________________________________________
Phone number of contact person_____________________________________________
E-mail address of contact person_____________________________________________
Primary thrust of that consulting project ______________________________________
Length of that consulting project _____________________________________________
Attach copies of professional indemnity (or equivalent) insurance certificates.
Attach copies of liability insurance certificates (or equivalent).
Protection of Assets Ɣ Copyright © 2012 by ASIS International 249
CONSULTANTS AS A PROTECTION RESOURCE
Appendix C: Curriculum Vitae
APPENDIX C
CURRICULUM VITAE
CHARLES A. SMITH, CPP
EMPLOYMENT HISTORY
x Air Policeman, USAF, 31⁄2 years
x Deputy Sheriff, Los Angeles County, 6 years
x Chief of Security, Claremont Colleges, 2 years
x Director of Security, The Broadway Department Stores (52 major stores in 4 states), 18 years
TEACHING HISTORY
x Lecturer, Chaffey and Orange Coast Colleges, 1 year
x Assistant Professor, California State University at Los Angeles, 13 years
EDUCATION
x B.S. Degree, Police Science & Administration, California State University at Los Angeles
LITERARY CONTRIBUTIONS
x Effective Security Management, Security World Publishing, 1978; 2nd Ed., 1985; 3rd Ed., 1998;
4th Ed., 2003
x The Process of Investigation, Butterworth Publishing, 1981; 2nd Ed., 2001
x Security Consulting, Butterworth Publishing, 1989 2nd Ed., 1995; 3rd Ed., 2004
x Shoplifting, (co-author) Butterworth-Heinemann Publishing, 1992; 2nd Ed., 2003
x Shoplifters vs. Retailers, The Rights of Both, New Century Press, 2000
x Author of numerous articles and chapter contributions to a number of security industry
books as well as to Protection of Assets
250 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
Appendix C: Curriculum Vitae
PROFESSIONAL AFFILIATIONS AND ACCOMPLISHMENTS
x Founder and first president, International Association of Professional Security Consultants
(IAPSC)
x Holder of the professional designation Certified Management Consultant, CMC
x Holder of the professional designation Certified Protection Professional, CPP
x Member, ASIS International
x Member, Institute of Management Consultants
x Past president and member, International Foundation for Protection Officers (Canada)
x 1979 recipient of Security World Magazine’s Merit Award
x U.S. Security Industry Representative to Stockholm and Copenhagen in 1981 and to Hong
Kong, Taipei, and Tokyo in 1983, by appointment of the U.S. Department of Commerce
x 1995 recipient of the IAPSC Distinguished Service Accolade
CURRENT POSITIONS (1979 TO THE PRESENT)
x Consultant to corporate management
x Consultant to the legal profession
x Security industry seminar lecturer
Charles A. Smith, CPP • 450 Riverlake Run • Eastward, CA 92000 • (760) 757-7575
Protection of Assets Ɣ Copyright © 2012 by ASIS International 251
CONSULTANTS AS A PROTECTION RESOURCE
Appendix D: Professional Consulting Services Agreement
APPENDIX D
PROFESSIONAL CONSULTING SERVICES AGREEMENT
THIS AGREEMENT, made as of ____________________________________ between an individual,
_______________________________________ hereinafter referred to as the “Consultant,” and Client,
hereafter “Company,”
WITNESSETH:
WHEREAS Company and Consultant desire to enter into an agreement for the performance by
Consultant of professional services in connection with activities of Company.
NOW, THEREFORE, in consideration of the premises and of the mutual promises herein, the
parties hereto agree as follows:
1. RETAINER-TERM. This agreement is made with Consultant as an independent contractor
and not as an employee of Company. The Company hereby retains Consultant and Consultant
agrees to perform professional services for the Company commencing the date set forth above and
concluding _____________________ (date).
2. STATEMENT OF WORK. The work described in the attachment hereto entitled “Scope of
Work” and incorporated herein shall be performed by Consultant as requested from time to time
by Company, at such place or places as shall be mutually agreeable.
3. PAYMENT. (a) Company shall pay Consultant at the rate of ____________ for each
______________________________ spent on the work hereunder during the terms of this agreement.
Unless and until revised by a written amendment to this Agreement, Company shall not be
obligated to Consultant and Consultant shall not be entitled to payment from Company for more
than ____________ days/hours. Time spent in travel hereunder during normal working hours or
otherwise, if requested by Company, shall be paid for at the above rate. (b) Company shall pay or
reimburse Consultant for travel and other appropriate expenses incurred in the performance of
work hereunder in accordance with the attachment hereto entitled: “Consultant Expense.”
4. PATENT RIGHTS. Consultant will disclose promptly to Company all ideas, inventions,
discoveries and improvements, hereafter referred to as “Subject Inventions,” whether or not
patentable, relating to the work hereunder which are conceived or first reduced to practice by
Consultant in the performance of the work under this agreement and based upon nonpublic
information of the Company disclosed to or acquired by Consultant during this consulting
assignment. Consultant agrees to keep a written record of his technical activities and that all such
records and such Subject Inventions shall become the sole property of Company. During or
subsequent to the period of this agreement, Consultant will execute and deliver to Company all
such documents and take such other action as may be reasonably required by Company to assist it
in obtaining patents and vesting in the Company or its designee title to said Subject Inventions.
252 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
Appendix D: Professional Consulting Services Agreement
5. COPYRIGHTS. Consultant agrees that all writings produced by Consultant under this
agreement shall be the sole property of Company and Company shall have exclusive right to an
assignment of copyright in such writings in any country or countries; however, Company will
make its best efforts to grant a non-exclusive right to Consultant to publish such writings when
circumstances, including security regulations, will permit.
6. PROFESSIONAL STANDARDS. Consultant agrees that the work performed hereunder will
represent best efforts and will be of the highest professional standards and quality.
7. SECURITY. Company agrees to apprise Consultant of any information or items made
available hereunder to Consultant which are Classified or Restricted Data, and Consultant agrees
to comply with the security requirements imposed with respect thereto by the United States
Government or the Company. If it becomes necessary for Consultant to store classified material at
a place of business, other than the Company, a facility clearance will be required. In this event,
Consultant agrees to enter into a security agreement with the Department of Defense and to
maintain a system of security controls in accordance with the requirements set forth in
“Department of Defense Industrial Security Manual for Safeguarding Classified Security
Information.” Consultant further agrees that any classified material furnished to him by the
Company will be immediately returned to the Company upon termination of either the security
agreement or this Professional Services Agreement.
8. RISK OF LOSS. Consultant assumes all risk of personal injury, and all risk of damage to or
loss of personal property furnished by him. If Consultant employs others to perform work under
this Agreement on premises of the Company, Consultant agrees to furnish proof acceptable to the
Company of Commercial General Liability insurance in an amount not less than $ [______].
9. PRIVILEGED OR PROPRIETARY INFORMATION. Except as maybe required in the perfor-
mance of the work, Consultant agrees not to divulge any non-public, Company information
acquired by him as a Consultant to the Company from any source, including the Company, its
customers and associates or other contractors, without the prior written consent of the Company.
10. TERMINATION. Either party may terminate this agreement in whole or in part at any time
by giving written notice to the other.
IN WITNESS WHEREOF, the parties hereto have executed this agreement as of the day and year
first above written.
By Company By Consultant
Date Date
Protection of Assets Ɣ Copyright © 2012 by ASIS International 253
CONSULTANTS AS A PROTECTION RESOURCE
Appendix E: Consulting Security Agreement–Joint Certification
APPENDIX E
CONSULTING SECURITY AGREEMENT—JOINT CERTIFICATION
[Name] of [Street Address]
[City/State/Zip Code] Consultant, and the Company (hereinafter
called “Contractor”), hereby certify and agree as follows:
(1) Classified information shall not be removed physically from the premises of the
Company.
(2) Performance of the contract shall be accomplished on the premises of the Company.
(3) The Consultant and certifying employees shall not disclose classified information to
unauthorized persons.
CONSULTANT
Date
By: ____________________________________
Date: __________________________________
254 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
Appendix F: Conflict of Interest Statement
APPENDIX F
CONFLICT OF INTEREST STATEMENT
The undersigned warrants that, to the best of the undersigned consultant’s knowledge and belief,
and except otherwise disclosed, there are no relevant facts which could give rise to an organizational
conflict of interest and that the undersigned consultant has disclosed all relevant information.
The undersigned agrees that if an organizational conflict of interest is discovered, an immediate
and full disclosure in writing shall be made to the Contracting Officer which shall include a
description of the action which the undersigned has taken or proposes to take to avoid or mitigate
such conflicts.
Consultant
Date
Protection of Assets Ɣ Copyright © 2012 by ASIS International 255
CONSULTANTS AS A PROTECTION RESOURCE
Appendix G: Professional Services Log
APPENDIX G
PROFESSIONAL SERVICES LOG
Consultant Requestor/Monitor
Contract Number
Contract Period
Number of days
Instructions:
1. Record information on same day work is performed.
2. Compare completed form(s) with Statement of Professional Services submitted by con-
sultant for accuracy and completeness.
3. Fully explain all off-site work charge and car rental approvals. Consultant’s invoice should
correspond with the approval(s).
4. If more space is needed, use reverse side.
Date Time Job Order Identify Project or Task and Provide a
Brief Description and Evaluation of Work Performed
(Reference documents prepared by Consultant)
Signature of Requestor/Monitor: __________________________________________________________
(Retain this log for a minimum of 3 years)
256 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
Appendix H: Statement of Professional Services
APPENDIX H
STATEMENT OF PROFESSIONAL SERVICES
Consultant Week Ending 20
Address
City/State/Zip Code
Instructions: To facilitate prompt payment for consultant services and expenses, it is requested
that the following procedure be adopted.
1. Completely fill out the form below. (A separate form should be submitted for each trip,
except for consultants who live in the local area.)
2. Attach all vouchers, receipts, tickets, etc.
3. This statement must be signed by the consultant.
4. Retain a copy for your files and send the original to your Corporation monitor.
SERVICES:
Project ENTER DATES
Designation
JOB CONTRACTS MON. TUE. WED. THUR. FRI. SAT. SUN. TOTALS
Total Hours/Days $
TRANSPORTATION EXPENSES:
(Attach all receipts)
From Date To Date Cost
Transportation Cost $ 257
Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
Appendix H: Statement of Professional Services
OTHER EXPENSES: Totals
$ _____
ITEM (Enter dates) $ _____
Meal $ _____
Lodging $ _____
Auto Rental (1)(2) $ _____
Taxi or Local Bus (2) $ _____
Telephone (2) $ _____
Personal Car Mileage (3) $ _____
Parking (1)
Other (2)(4)
Amount Due $
(1) Attach all receipts
(2) Attach receipt if more than $5.00
(3) Mileage will be paid at current rate
(4) Please Explain: ______________________________________________________________________
Consultant Signature Date
Approved by Date
Audited by Date
COPY DISTRIBUTION: Accounting, Consultant’s Monitor
258 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
Appendix I: Policy on Consultant’s Expenses
APPENDIX I
POLICY ON CONSULTANT’S EXPENSES
All Consultants traveling on Company business must substantiate expenses incurred while in
travel status. To fulfill the Company’s travel policy reporting requirements, the Consultant must
submit a properly documented and approved travel expense report within 30 days after completion
of each trip. The original receipts, paid bills, or similar documentary evidence are required for all
expenditures except meals. However, receipts need not be submitted for expenses for which they
would not ordinarily be given; such as taxi or bus fares under $10.00 (one way). The Consultant
must keep an expense diary to substantiate the claim for reimbursement, and should retain it
permanently as a personal record unless requested to submit it with the travel expense report.
The requirements imposed by the Company with respect to substantiation of the above expenses
conform to the documentation requirements of IRS regulations. Substantiation in accordance with
Company policy is therefore considered to fulfill IRS requirements.
Travel Expenses
Consultant shall be reimbursed for actual and necessary personal expenses incurred during travel
authorized by the Company for lodging, subsistence, incidental expenses, and tourist-class
transportation costs or mileage at the current rate per mile when use of Consultant’s automobile is
authorized in lieu of air travel. Transportation costs, other than in the local area, shall not exceed
the cost of tourist accommodations unless schedules and availability of space do not permit this
class of service, or unless otherwise agreed.
Consultants who live within commuting distance of the organizational entity contracting for
services are not reimbursed for meals, or mileage. Company authorized travel between work
locations is reimbursable. (Commuting distance is interpreted as being in the immediate vicinity
or within 50-mile radius of the assigned work location.)
When Consultant is retained from outside the local area and a rental car is authorized upon arrival
at the work location area, the Company will be responsible for rental car charges necessary and
incidental to the work; mileage charges attributable to personal use are to be borne by the
Consultant.
Telephone and Other Telecommunications Expenses
The Company shall reimburse Consultant for reasonable and necessary telephone and other
telecommunications expenses.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 259
CONSULTANTS AS A PROTECTION RESOURCE
Appendix I: Policy on Consultant’s Expenses
Other Expenses
The Company shall reimburse Consultant for all other reasonable and necessary expenses
incurred by Consultant in the performance of work hereunder, provided that written approval of
the Company is obtained and Consultant certifies that such expenses were necessary and
incidental to the work. Without limiting the foregoing, such expenses by way of example shall
include costs of using computers and rental of test equipment.
Substantiation of Expenses
IRS Regulations require substantiation by, both adequate records and sufficient documentary
evidence of the expenses to which they apply. They require that the following elements be
substantiated:
(a) Amount
(b) Time
(c) Place
(d) Business purpose
(e) Business relationship
260 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
Appendix J: Consultant Travel Policy
APPENDIX J
CONSULTANT TRAVEL POLICY
The Company Travel Policy and Practice applies primarily to employees. Nonetheless, the policy
extends to consultants traveling on behalf of the Company. Consultants are expected to adhere to
the provisions of the documents for purposes of establishing reasonableness and necessity for
travel and related costs.
Following are excerpts from referenced Travel Policy and Practice, which relate and offer guidance
to consultants traveling on behalf of the Company.
Mode of Travel
Individuals traveling on Company business are scheduled by the most direct transportation
available. Air travel by jet will normally be limited to less-than-first class accommodations. Travel
arrangements are made by the consultant and reported after completion of the travel on the
Statement of Professional Services. No cash advances or tickets may be provided by the Company.
a. All taxi fares in excess of $10.00 (one way) must be supported with a receipt attached to the
Statement of Professional Services.
b. Use of premium or luxury accommodations for Company travel, such as first class jet,
requires specific documentation, and will be limited to the following:
(1) Situations where schedules and availability of space do not permit less-than-first class
service.
(2) Where overnight departures are scheduled between 9:00 p.m. and 6:00 a.m. (local
[area] time) and flight time is four hours or longer.
(3) Where the traveler has a physical disability requiring first class accommodations; such
travel may be approved on the basis of a doctor’s certificate or the specific approval of
the appropriate management.
(4) First class accommodations may be authorized when in the judgment of line
supervision, useful and necessary work can be accomplished while en route only in
first class accommodations. Such travel requires the approval of the appropriate
management.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 261
CONSULTANTS AS A PROTECTION RESOURCE
Appendix J: Consultant Travel Policy
Use of Personal Vehicles
Consultant retained in the local area in which Consultant’s residence or office is maintained, and
in which the consulting work will be accomplished, is not entitled to meals or to mileage
reimbursement for travel between home or office and Company-assigned work location. Company
authorized travel between work locations is reimbursable. Commuting distance is interpreted as
being within fifty miles of the Company’s facility.
Use of personal motor vehicles on Company business may be authorized for domestic travel, and
is reimbursed at the current rate per mile but will not exceed the total cost of available less-than-
first class air fare. Travel time allowed is limited to normal air travel flight time. Any personal
vehicle travel time in excess of that limit is not chargeable to nor reimbursed by the Company.
Use of such conveyances is authorized only when the consultant complies with the following
requirements regarding minimum primary liability insurance coverage:
a. Motor Vehicles—The consultant must certify that the vehicles to be used on Company
business are covered with bodily injury liability insurance of $250,000 per person and
$500,000 per accident, and property damage liability insurance of $50,000 per accident.
The Company does not reimburse a consultant for the deductible portion of the insur-
ance if a collision or damage occurs while driving on Company business.
b. Use of personal aircraft, whether owned or leased, on Company business is prohibited.
Automobile Rental
Automobiles may be rented by consultants on travel status as necessary to accomplish business
objectives. Generally, an automobile may be rented if its prospective use will be at least twenty
miles per day. Normally, automobile rental is not authorized for local travel.
Automobile rentals must be approved and authorized in advance whenever possible. Automobile
rentals, when authorized, provide for standard or compact model cars only. The excess cost over
standard models for sports cars or luxury model rentals will not be reimbursed by the Company.
Mileage charges attributable to personal use are not to be borne by the Company.
The cost of automobile full collision insurance coverage purchased by the traveler from the rental
agency will be reimbursed.
Travelers using rented automobiles are responsible for:
a. Reporting accidents involving property damage or bodily injury promptly to the lessor,
local law enforcement agencies, the consultant’s monitor, and the Company’s Security
Control Center.
b. Returning the automobile to the lessor or an authorized representative.
262 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CONSULTANTS AS A PROTECTION RESOURCE
Appendix J: Consultant Travel Policy
Reporting
Travel expenditures should be reported to the Company within thirty days of the completion of the
trip.
The original receipts, paid bills, or similar documentary evidence are required for all expenditures
except meals. However, receipts need not be submitted for expenses for which they would not
ordinarily be given: such as taxi or bus fares.
a. Expenses which are unusual in nature, such as reasonable and necessary costs of secre-
tarial service, office equipment rental, and related expenditures shall be explained and
justified in each instance.
b. Valet and laundry service, if required, are reimbursed for trips in excess of four days or
under unusual circumstances which must be explained on the Professional Services
Statement.
c. Consultants are reimbursed all reasonable and necessary actual expenditures for meals
and lodging.
d. Telephone calls to the various Company facilities should be placed collect, and tie-lines
should be used wherever available.
Lodging
The maximum amount for lodging in the Company headquarters area considered “reasonable” by
the auditors is _______________________ per night, including tax.
Meals
The maximum amount considered “reasonable” for three meals per day in the Company head-
quarters area is _______________________.
Personal Losses
Responsibility for loss of cash or loss of or damage to personal property is not assumed by the
Company while the consultant is in travel status.
Deviations
Deviations from the Company’s Travel Policy or Practice may be approved in specific instances,
when unusual circumstances justify such action. Such deviations must be fully documented and
approved by the appropriate management.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 263
CONSULTANTS AS A PROTECTION RESOURCE
References
REFERENCES
Cohen, W. A. (1985). How to make it big as a consultant, 2nd ed. New York, NY: AMA COM.
Forensic methodology best practice. (2000). International Association of Professional Security
Consultants.
General security risk assessment guideline. (2003). Alexandria, VA: ASIS International.
Poynter, D. (1997). Expert witness handbook: Tips and techniques for the litigation consultant.
Santa Barbara, CA: Para Publishing.
Sennewald, C. A. (2004). Security consulting, 3rd ed. Woburn, MA: Butterworth-Heinemann.
Vellani, K. H., & Nahoun, J. D. (2001). Applied crime analysis. Woburn, MA: Butterworth-
Heinemann.
Weiss, A. (2001). The ultimate consultant: Powerful techniques for the successful practitioner.
Somerset, NJ: Pfeiffer.
264 Protection of Assets Ɣ Copyright © 2012 by ASIS International
CHAPTER 9
EXECUTIVE PROTECTION IN THE
CORPORATE ENVIRONMENT
Executive protection—the field of safeguarding a key person from harm—is practiced in the
private world (for wealthy persons), in civilian government (for a few persons in top-level positions
or in jobs that place them in high-threat regions), in the military (for the highest-ranking officers),
and in the corporate world (for senior executives, employees, visitors and family members of ex-
pats who work in or travel to dangerous locales). This chapter focuses on executive protection (EP)
as practiced in the corporate sector for executives at high risk.
The sections that follow describe the key elements of EP. The discussion covers such topics as the
importance of EP, some philosophical underpinnings of the field, and specific methods of
protection in various settings
9.1 HISTORY OF EXECUTIVE PROTECTION
Political leaders have used bodyguards and special military details for protection throughout
history. One of the earliest well-documented examples is the Cohors Praetoria, or Praetorian
Guard, which began as a cohort of bodyguards for Roman generals in the second century BC
and evolved to become a protective force surrounding the Roman emperors. Eventually, it
became powerful enough to affect the appointment of emperors and was deemed to be a
disruptive force. Roman Emperor Constantine I disbanded the guard in 312 AD (Praetorian
Guard, 2004).
Protection of Assets Ɣ Copyright © 2012 by ASIS International 267
EXECUTIVE PROTECTION
9.1 History of Executive Protection
The Yeomen of the Guard was established by King Henry VII in 1485 to serve as the personal
protection organization for the ruler of England. In the beginning, the yeomen provided
travel security, attending to the king’s safety on journeys in Britain or overseas and in battle.
They also guarded palace entrances and tasted the king’s food. The Yeoman of the Guard
exists to this day but serves a mainly ceremonial function (Yeomen of the Guard, 2004).
Other personal protection groups in history include the samurai of Japan, the medieval
knights of many European states, the housecarls of Scandinavia, and the Vatican’s Swiss
Guard. These precursors of today’s executive protection organizations were essentially
military divisions that were assigned to protect a sovereign.
The modern history of executive protection begins with the formation of the United States
Secret Service in 1865. Originally established to investigate currency counterfeiting, the
Secret Service did not undertake EP work until 1894, when it began informal, part-time
protection of President Grover Cleveland. In 1901, Congress requested Secret Service
presidential protection, again informally, following the assassination of President William
McKinley. Finally, in 1902 the Secret Service assumed full-time responsibility for protecting
the U.S. President. Two operatives were assigned full-time to the White House detail (Secret
Service History—Timeline, 2004).
Executive protection (EP) in its current, corporate sense—that is, practiced without the vast
resources and law enforcement powers of the federal government—appears to be a mid-20th
century innovation. As corporations established security departments, those departments
naturally looked to the protection of their top executives. At first, EP specialists—the actual
protective personnel—were drawn from the ranks of former Secret Service agents, police
department dignitary protection officers, and military personnel. Over time, another path to EP
work developed: staff would rise through the ranks of corporate security and develop EP skills at
private sector EP training programs. Such programs began to be seen in the early 1980s.
Interest in corporate executive protection began to grow in earnest in the early 1990s as a
result of a rise in all types of crime and the advent of workplace violence. The trend was
fueled by mainstream media reports of high-profile executive kidnappings, which led to
huge ransom payments and even deaths. Corporations began to see the value of providing
their top executives with personal protection, and executives welcomed the comfort zone
provided by having an EP specialist on staff. Organization such as ASIS International began
offering courses on executive protection to train security professionals in this specialty.
Demand for EP services grew further after the terrorist attacks of September 11, 2001. During
the subsequent war on terror, interest remained high, as terrorist attention expanded to
include “soft targets,” or persons who do not receive high-level government protection but
play a role in international affairs and the world economy. Many corporations turned to EP
for the first time at the urging of a corporate board that saw the potential for stock volatility
should their high-ranking executives be targeted.
268 Protection of Assets Ɣ Copyright © 2012 by ASIS International
EXECUTIVE PROTECTION
9.2 Research on Executive Protection
9.2 RESEARCH ON EXECUTIVE PROTECTION
As a relatively new private security specialty, EP has not been the subject of any known
formal studies. It is not a field that lends itself to clinical trials, testing by engineers, or
reproducible experiments. Further, it is not yet practiced on a large enough scale to provide
statistically significant research. Studies are also inhibited because persons receiving executive
protection generally do not want to publicize that part of their security plans. In fact, secrecy is
often literally a condition of the kidnap-and-ransom insurance policies that accompany such
protection.
Research has been conducted on the specific EP subtopic of assassination, however. The
Exceptional Case Study Project performed by the U.S. Secret Service examined the thinking
and behavior of 83 persons known to have attacked or come close to attacking prominent
public officials and figures in the United States in the past 50 years.
The following points are among the study’s key findings:
x Mental illness only rarely plays a key role in assassination behaviors. Attacks on
prominent persons are the actions of persons who see assassination as a way to
achieve their goals or solve problems, which requires fairly rational thinking. Those
who made near-lethal approaches and the great majority of assassins were not
mentally ill. While none were models of emotional well-being, relatively few suffered
from serious mental illnesses that caused their attack behaviors.
x Persons who pose an actual threat often do not make threats, especially avoiding
direct threats. Although some who threaten others may pose a real threat, usually they
do not. The research found that none of the 43 assassins and attackers communicated
a direct threat to their targets before their attacks. This finding does not mean that
individuals should ignore threatening communications. However, careful attention
should also be paid to identifying, investigating, and assessing anyone whose behavior
suggests that he or she might pose a threat of violence, even if the individual does not
communicate direct threats to a target or to the authorities.
x Attackers and those who made near-lethal approaches described having a combi-
nation of motives. Eight specific motives were identified: to achieve notoriety or fame;
bring attention to a personal or public problem; avenge a perceived wrong; end
personal pain, be removed from society, or be killed; save the country or the world;
develop a special relationship with the target; make money; or bring about political
change.
x Inappropriate or unusual interest, coupled with action, increased the likelihood that
the person may pose a threat. Inappropriate or unusual interest alone is not cause for
great alarm. But if that interest also includes visits to the target’s home or office or
attempts to approach the target in a public place, the case is more serious.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 269
EXECUTIVE PROTECTION
9.3 Basics of Executive Protection
In addition, numerous articles and books have studied EP by examining and describing the
way it is practiced in different settings. The references at the end of this chapter provide
direction for additional reading.
9.3 BASICS OF EXECUTIVE PROTECTION
In the corporate world, executive protection is a business measure taken to preserve the
organization. EP is not a perquisite designed to pamper top staff; rather, where it is justified
by a careful risk assessment (see EP Risk Assessment), it is a necessity to maintain the
company’s ability to operate and to preserve confidence among employees, customers, and
investors. Even an attack that causes no serious injury can bring unflattering attention to an
organization and raise questions about its competence and preparedness.
In times when the general risk level is elevated, EP strives to (Oatman, 2003)
create an environment in which business can flourish. Executives face special dangers at
present, but these threats are not all equally relevant to every company decision-maker. EP
can help executives decide which dangers are serious and which are less so for their own
unique situations. EP can also reduce those dangers, enabling executives to concentrate on
business and giving them the necessary confidence to travel in search of opportunities.
9.4 FINANCIAL IMPLICATIONS OF EXECUTIVE PROTECTION
Threats to an executive constitute a business risk. By protecting the executive, a valuable
corporate asset, EP fulfills a legitimate part of the organization’s risk management mission.
In addition, EP maximizes the utility of that asset, enabling the executive to live safely in, and
move efficiently through, this dangerous world. Under proper protection, the executive need
not focus on his or her personal safety and can concentrate fully on the business at hand.
A good EP program costs less than the benefits it produces or the damage it prevents. The
financial argument in favor of EP is, in fact, overwhelming. For example, assume that a
corporation has a modest EP program, consisting of four EP specialists and an EP manager,
which costs $300,000 per year. Then suppose the chief executive is kidnapped, murdered, or
otherwise made incapable of running the company. The organization can expect three types
of financial losses: its stock price may slide following release of the bad news, which can
easily cost a company millions of dollars; the executive’s services will be lost either temporarily
or permanently, which can be calculated conservatively as the compensation he or she would
have been paid, again possibly millions of dollars; and employees may well be distracted
from their work, which is difficult to quantify but surely significant. Thus, while the cost of
the EP program was $300,000, the losses avoided could be millions of dollars.
270 Protection of Assets Ɣ Copyright © 2012 by ASIS International
EXECUTIVE PROTECTION
9.5 Philosophy of Protection
In addition, the cost of the EP program should be offset by the positive benefits it provides,
not just the avoidance of injury. If the EP program enables the executive to effectively work
an extra hour each day because his or her transportation is facilitated to and from the office,
for example, the corporation will have gained further productivity from its executive.
A specific example of an extreme case of corporate losses after an attack against company
principals occurred on July 1,1993, when Gian Luigi Ferri walked into the offices of the San
Francisco law firm Pettit & Martin, hauling a black canvas bag stuffed with guns and
ammunition. He entered a conference room and began shooting, then walked through two
floors of the firm’s offices, continuing to shoot. Ferri, a disgruntled client, killed eight people,
wounded six, and then shot himself. Less than two years later, the firm’s partners voted to
dissolve the firm, which at its height in the 1980s had employed 240 lawyers (Chicago
Tribune, 1993-1995).
9.5 PHILOSOPHY OF PROTECTION
In the corporate sphere, the person who oversees executive protection may be the chief
security officer (CSO) or a security manager or EP manager ranking below the CSO. The best
approach is to establish a crisis management team during the preplanning stage. The person
who performs the in-person, up-close service—who walks, rides, and flies with the executive—
is usually called the EP specialist. The term “bodyguard” is not favored in the EP field because
that term connotes a swaggering, blustery approach more like that of a bar’s bouncer who
often physically intimidates troublesome people. By contrast, the favored approach in
professional executive protection is to draw little attention to the principal as well as the
protector.
The EP specialist (EPS) should develop a particular mindset that focuses on preventing and
avoiding trouble rather than combating it. The following six principles can guide one’s
thinking about EP (Oatman, 1997):
x Prevent and avoid danger.
x Realize that anyone can protect anyone.
x Don’t stop to think.
x Keep clients out of trouble.
x Understand the security vs. convenience continuum.
x Rely on brains, not technology.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 271
EXECUTIVE PROTECTION
9.5 Philosophy of Protection
Prevent and avoid danger.
The principal and the EP specialist should make a conscious decision to seize control of
potential or real dangers that threaten the executive, deal with them firmly, and conquer
them. Avoiding danger may not have been a driving character trait of either the EPS or the
principal until they decided to engage in executive protection. Top executives are often risk-
takers, and individuals who become EP specialists often have backgrounds in law
enforcement and the military, where a mindset of heading toward trouble, rather than
retreating from it, prevails. Therefore, the executive and the EPS must make a deliberate,
firm commitment to prevent and avoid danger. Good results—and good fortune—follow
from thinking hard and working hard to stay at least a step ahead of trouble
To accomplish this goal, the EPS and the executive do not need to passively sit back and
receive what comes their way. Instead, they should reach out mentally to anticipate threats.
To counter potential problems, the strengths of the protection program and the resources
available to the EPS should be cataloged so they can be used when needed. Likewise, the
protection program’s vulnerabilities should also be identified (undoubtedly, the adversary
will find them). By predicting the adversary’s probable approach, he or she can be outwitted.
Finally, the EP specialist should quietly control the principal’s risks. For example, hotel
inspectors do not die if a poorly inspected hotel burns; the guests do. Therefore, the EPS can
and should prevent and avoid danger by selecting hotels with proven safety records and even
plotting fire escape routes and packing smoke masks.
Realize that with proper training anyone can protect anyone.
While protecting another human being is a daunting task, the EP specialist can combine his
or her personal strengths with those of others with different abilities. Perhaps a particular
EPS is brave, intelligent, and strong but has little experience in defensive driving. In that case,
the EPS can lobby for the hiring of a professional driver or can become one through training
and practice. Although the most visible components of EP involve physical acumen—for
example, driving cars, watching for attackers, or moving quickly to avoid threats—executive
protection is primarily a brain game. Therefore, anyone—that is, anyone who is intelligent,
trained, and physically fit—can protect anyone.
Don’t stop to think.
A thoughtful, deliberate reaction to a dangerous situation will almost always fail. When a
threat, attack, or danger actually arises, it typically explodes onto the scene, leaving no time
for a thoughtful, deliberate reaction. By remembering this principle, the EP specialist can
keep in mind the necessity of constantly practicing reactions to different scenarios. Such
practice should be physical, rehearsing protective movements and quick escapes or
practicing driving or shooting. It should also be mental, constantly asking “what if?” and
considering reactions. By maintaining both physical and mental acuity, the EPS has a better
272 Protection of Assets Ɣ Copyright © 2012 by ASIS International
EXECUTIVE PROTECTION
9.5 Philosophy of Protection
chance of reacting to a real or potential emergency appropriately and immediately, without a
lengthy thought process because the thinking has already been done.
Assaults and assassination attempts start and end with astonishing rapidity. Being mentally
prepared to respond far outweighs the value of any other precaution.
Keep clients out of trouble.
Because EP specialists are not fighters, bodyguards, or soldiers, their primary job is not to
knock down, arrest, or kill the bad guys. Their primary job is to avoid dangerous persons or
conditions, such as fire, street crime, or embarrassment. In an encounter with a would-be
assassin, the EPS should move the principal out of harm’s way, shield him or her, and then
remove the subject from the area as quickly as possible. The EPS should not stand and fight
unless there is no alternative.
An example of getting the client out of trouble would occur if, upon spotting a nearby,
potentially violent disturbance, the EPS pushes the principal into a car and speeds away to
safety. An example of keeping an executive out of trouble occurs when the EP specialist and
the subject communicate subtly, with a nondescript phrase or visual cue, that it is time to
leave a certain group or place before an embarrassing or dangerous situation arises.
Understand the security vs. convenience continuum.
EP specialists often state that security and convenience inhabit opposite ends of a
continuum. At one end of the continuum is the highest degree of security as well as the
highest degree of risk. At the other end is the greatest degree of convenience along with the
fewest inhibitors to a person’s lifestyle. Movement toward one end results in an equal
movement away from the other end. In other words, the more security an executive
demands, the less convenience he will have, and the more freedom he demands, the less
security he will have.
This principle helps keep security measures in perspective. Clearly, neither extreme—total
convenience or total security—is practical. The principal and the agent must decide where
on the continuum the executive should be and what tradeoffs to make. Each time an EP
specialist develops a new strategy to protect the executive, this principle can serve as a
reminder that increasing security beyond a certain point may needlessly hobble the
executive, making him less effective and, essentially, a victim of protection instead of a
victim of attack.
Rely on brains, not technology.
Protective equipment, while necessary, is not by itself sufficient for the protection of an
executive. Firearms, alarm systems, armored cars, and two-way radios are useful tools in the
EP specialist’s collection, but not one or all of them can be relied on to protect an executive
for several reasons.
Protection of Assets Ɣ Copyright © 2012 by ASIS International 273
EXECUTIVE PROTECTION
9.6 EP Risk Assessment
First, overreliance on security technology tends to place subjects in a vault. To fulfill their
corporate obligations, executives must move around. If sequestered, they are no longer
executives but prisoners. Second, adversaries are often intelligent enough to defeat security
equipment. A determined adversary can defeat or circumvent alarms, disable armored cars,
or eavesdrop on two-way radios.
An EPS can hope to buy defensive time with equipment, but when the adversary strikes,
salvation lies in the EPS’s conditioned responses for removing the principal from harm’s
way. Among gun battles that have taken place in the executive protection field, almost none
have lasted more than a few seconds. Likewise, in every U.S. presidential assassination
attempt to date, the Secret Service has chosen to follow its model of “cover and evacuate”
and has not opted to return fire. In other words, in crises, historically it has been shown to be
more important for EP specialists to use their heads, not their weapons or other security
equipment.
9.6 EP RISK ASSESSMENT
Executives in the United States may think of kidnapping as something that occurs only in
other countries. While kidnapping rates are much higher outside the United States, this
crime does happen within U.S. borders more often than one might imagine. Annual FBI
kidnapping statistics, excluding parental kidnappings, show the following number of
incidents in recent years: 304 in 2000, 263 in 2001, 201 in 2002, and 227 in 2003.
While no official list records business-related kidnappings, news accounts describe many
victims: Charles Geschke, president and chief executive officer of Adobe Systems Inc.; Kevyn
Wynn, daughter of casino tycoon Steve Wynn; and Harvey Weinstein, chief executive of Lord
West Formalwear. A typical incident occurred in January 2003, when three men abducted 40-
year-old hedge fund executive Edward Lampert and held him at a hotel for two days.
Lampert, worth an estimated $800 million, was grabbed in the parking garage of his
Greenwich, Connecticut, investment company headquarters. He was eventually freed
unharmed, even though a $5 million ransom demand was not met. When the police
cornered the perpetrators in their hotel room, they also found a mask, a shotgun, and seven
rounds of ammunition. Two of the three kidnappers were fresh from prison after serving
stretches for drug dealing (Scarponi, 2004).
Financial gain is only one of the many motives of corporate adversaries, however. Many large
corporations and many corporate executives are at risk of attack from many types of
dangerous individuals and groups. They may have personal grievances against the
corporation or its executives, may be animated by greed, or may object to such issues as
environmental or labor practices, political affiliation, or animal testing. The company’s role
274 Protection of Assets Ɣ Copyright © 2012 by ASIS International
EXECUTIVE PROTECTION
9.6 EP Risk Assessment
in the global marketplace or its involvement in controversial biomedical issues may cause
some malcontents to plot harmful tactics against a corporate executive who, in their minds,
embodies the perceived corporate misdeeds.
To counter potential attacks, every company has a finite amount of protective resources.
Those resources, which include money, staff, influence, knowledge, and contacts, must be
spent wisely. It would be foolish and inefficient to divide the resources evenly across the
universe of conceivable threats. It makes more sense to allocate those resources toward
preventing the threats that present the greatest possibility of harm. The appropriate
allocation of resources to a specific situation is determined through a risk assessment.
In conducting an EP risk assessment, the specialist must consider two factors. First, the
threats that the executive faces must be analyzed based on multiple considerations such as
the executive’s position with the employer, access to and level of exposure among potential
adversaries, access to wealth or other lifestyle attributes, publicity, and travel practices. An
EP risk analysis answers questions such as the following:
x Who would want to harm the executive?
x How are adversaries gaining information about the executive?
x What is the current likelihood of the various identified threats?
x Does the executive desire, require, and accept protection during the work day? Only
when traveling? Twenty-four hours a day?
Second, the specialist must assess the likelihood that threats could be carried out
successfully. The range of threats to a person’s safety and well-being is vast. Perhaps the
most troubling are events that have been known to occur, but are unexpected. The following
list is only a sample of the real threats faced by many executives:
x assassination
x kidnapping
x extortion
x street violence
x attacks by insane persons or zealots
x workplace violence
x embarrassment (deliberate or accidental)
x injury (unintentional)
x illness or medical emergency
Protection of Assets Ɣ Copyright © 2012 by ASIS International 275
EXECUTIVE PROTECTION
9.7 The Power of Information
The results of these two reviews will provide a relative risk ranking: negligible, low, moderate,
high, or critical.
At a given company, not all executives face the same risk level. Some executives represent
controversial aspects of the company and have a high public profile, while others operate
behind the scenes and are relatively unknown.
To arrive at an appropriate threat level for a particular executive, the EP risk assessment
should identify all potential threat elements, from protesters, criminals, extremists, and
terrorists to workplace violence and hazards due to the executive’s travel or other activities.
The specialist should then analyze whether each element poses a threat to the executive. The
assessment should ascertain how an event might unfold. It should also identify individuals
who have the capability and intent to harm, have a history of threatening the executive or
others, or have actually targeted the executive. Based on the results, the principal can be given
one of the risk rankings and provided with the appropriate protection.
A key feature of risk assessments is that they do not last. In other words, the level of risk shifts
often, so risk assessments must be performed on a recurring basis. An example of reassessing
risk in light of changing events and altering EP measures accordingly is illustrated in the
following report (Oatman, 2002):
[S]hortly after the September 11 terrorist attacks, one company … developed reliable
intelligence that its aircraft and passengers faced an elevated risk. To deal with this increased
threat, the company decided to send an executive protection specialist on every corporate
flight. The specialist not only provided security during flights but also was responsible for
ensuring physical and procedural security of aircraft on the ground.
9.7 THE POWER OF INFORMATION
The importance of conducting ongoing research about potential threats to the executive
cannot be overstressed. Details on changes in the executive’s status, new threat groups,
exposure in the media, and other factors need to be constantly monitored.
One of the key determinants of threat level is how well the executive is known to potential
adversaries. Access to information about an executive by those intent on doing harm
increases and facilitates several kinds of threats, such as identity theft, extortion, kidnapping
of family members or relatives, and efforts to do the executive personal injury. Also,
obtaining one piece of information makes it easier to obtain others. Dedicated adversaries
can generally build a thorough profile of an individual by learning the names of schools
attended by the executive or family members and by obtaining school yearbook
photographs, which can be parlayed into other information.
276 Protection of Assets Ɣ Copyright © 2012 by ASIS International
EXECUTIVE PROTECTION
9.8 Office and Home
The Internet makes it almost effortless for researchers, both benevolent and malevolent, to
read current and past articles about any topic or person they choose. Even a cursory Web
search on many executives discloses the names of their spouses and children and their city of
residence. It is important to remember that the Web truly is worldwide, so adversaries in
other parts of the globe can research an executive just as easily as the executive’s next door
neighbor.
In addition, information seekers can learn more detailed information about their targets by
paying a small fee for vehicle title records, property records, voter registration records, birth
and death records, genealogical information, and other data. Such information can be
gathered either online or through visits to local record repositories, such as city halls.
Another common practice is simply to ask a target’s friends and neighbors for information,
using various pretexts.
In assessing risk, it is useful to know what information is available that could arouse envy,
hatred, or revenge or help an adversary locate and harm the executive or his family
(Shackley, 2003, p. 86):
If the executive can be thought of as having “deep pockets,” the possibility of kidnapping
ought to occur to him. Note, we are not talking here in terms of absolutes, but of how a
person appears to others within his environment. It is not his net worth that counts so
much as how he is perceived by a prospective kidnapper. And, we might add, whether he is
perceived. Any media publicity about a person’s wealth is harmful, and, unfortunately, the
press seems to take an excessive interest in the private financial affairs of the well-to-do.
One of our metropolitan newspapers recently published a list of the twenty best-paid
regional CEOs, together with the amount of their compensation and their photographs,
thereby handing potential kidnappers invaluable target intelligence.
9.8 OFFICE AND HOME
Most executives spend the majority of their time at their offices and their homes. While they
are in those locations, traditional security methods should be employed to protect them.
Those methods are described in detail elsewhere in Protection of Assets. Nevertheless, in
general, effective executive protection requires rings of protection: an outer perimeter, one
or more inner perimeters, and in some cases a safe room. (A safe room is a protected space in
the innermost part of the office or home to which the executive can safely retreat during an
attack.) Those rings are typically composed of physical security tactics such as perimeter
protection (using fences, gates, or other barriers), access control (using protective doors,
turnstiles, card readers, or other devices), lighting (to impede hiding and improve recog-
nition of adversaries), closed-circuit television (to identify visitors and to provide counter-
Protection of Assets Ɣ Copyright © 2012 by ASIS International 277
EXECUTIVE PROTECTION
9.9 The Advance
surveillance on adversaries who may be watching the site), and intrusion alarm systems (to
announce penetrations).
Executives who are at risk of attack tend to be more aware of security at work than at home. An
adversary, however, may actually find it easier to attack an executive at his or her residence.
Historically, the home is a softer target simply because an executive, at the end of a busy day,
wants to relax in an atmosphere that does not resemble a corporate security setting with lights,
cameras, and other equipment. An infamous example of the risk in and around an executive’s
home concerns Sidney Reso, a New Jersey Exxon executive who was kidnapped as he left his
home April 29, 1992. He was shot in the arm when he was seized and died five days later, found
bound and gagged in a sweltering storage locker (Chicago Tribune, 1992).
9.9 THE ADVANCE
In executive protection, an advance is the process of researching a destination before the
principal arrives—in effect, a preemptive strike against confusion and exposure. Advance
work requires that a member of the protection team actually go to the destination to prepare
the way. However, advance work does not apply solely to long-distance travel. Any location
that the executive intends to visit should be advanced—even if it is just across the street. An
EPS who has done a proper advance has a much better chance of keeping the principal out of
trouble. Further, should a threatening event actually occur, the EPS will know how to remove
the executive from the situation, whom to summon for help, and where to get medical or any
other type of needed assistance.
When two EP specialists are available, both need not be assigned to accompany the traveling
executive. A preferred method is to have one conduct the advance while the other
accompanies the executive. Advance work is that important.
A good advance reduces the executive’s exposure by smoothing logistics. If hotel check-in,
billing, baggage handling, parking, and other matters are worked out by the EP specialist
handling the advance, then the executive can exit his car at a hotel’s front door, walk straight
through the lobby to the elevators, and arrive quickly at his or her room. Similarly, if an
advance agent has scouted out the route to an executive’s speaking engagement and has
properly studied the meeting location, then the agent accompanying the executive can lead
him or her into the building through a side door if necessary or can take an alternate route to
avoid unfavorable conditions and circumstances (Oatman, 1997). Obviously, these tactics
can keep the executive out of many potentially undesirable encounters and locations.
278 Protection of Assets Ɣ Copyright © 2012 by ASIS International
EXECUTIVE PROTECTION
9.9 The Advance
Local Travel
If a protected executive must travel locally, the ideal arrangement will place the executive in
a suitable car driven by a trained security driver and accompanied by the EP specialist. The
route selected should be carefully previewed, and the rest of the company’s security function
should be aware of the plan.
While executives are vulnerable when they drive themselves, they do not need to be driven at
all times and to all places. The decision to use a car and driver should be based on a risk
assessment. If driven by someone else, however, the executive can work, rest, or, if an attack
occurs, lie down out of the line of fire.
The vehicle in which the executive is transported should provide generous interior space (for
the executive, the EP specialist, and any necessary equipment), substantial protective bulk
(for ramming), and a powerful engine (to escape attackers). The risk assessment should
determine whether an armored vehicle is needed. Most cars can be armored after manu-
facture, and some major automotive companies provide factory-armored vehicles. An
advantage of factory-armored vehicles is that they blend in with other vehicles and, thus, do
not attract attention to the principal.
Features of armored vehicles include bullet-resistant metal panels and glass; run-flat tires; an
anti-exploding fuel tank; a steel-reinforced front bumper designed for ramming; electric
dead bolt locks; a dual battery system; an inside/outside intercom; and a remote starter.
Many new cars, armored or not, now come with a device for opening the trunk from its
interior, which is useful if needed for escape. A car used for EP should also have a global
positioning system (GPS) to reduce the likelihood of getting lost; a locking gas cap; a mobile
phone; a protected exhaust pipe; an electronic aid system such as On-Star; and an alarm
system.
Regarding the driver, it is best to employ a trained security driver, not simply a chauffeur.
The security driver will know the protocol of a chauffeur plus have the ability to take evasive
action if needed (Scotti, 1995). If the security department’s staffing can accommodate it, the
security driver should be someone other than the EP specialist. If an EPS must also drive, he
or she will be unable to scan the travel route for potential threats and may have to drop the
principal at the destination and then park, leaving the executive alone during crucial arrival
and departure periods.
A key practice is for the EPS to call the main security office as soon as the executive’s trip gets
under way. By noting travel details, such as “We are leaving the plant and returning to the
office. It’s now 3:15 p.m., and we’re taking I-67 to U.S. 20,” the EPS makes it possible for other
security personnel or law enforcement authorities to retrace the executive’s steps if the car
should be missing. To prevent the communication from being heard by an adversary who
Protection of Assets Ɣ Copyright © 2012 by ASIS International 279
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Discover the best professional documents and content resources in AnyFlip Document Base.
Search