Introduction
We recently conducted an independent security risk assessment for a government-owned entity in Gauteng, identifying risks that standard assessments often overlook. This approach enables us to recommend practical measures that enhance the overall safety and security of the property.If you would like to learn more about our assessments or have specific topics you’d like us to address, please email your suggestions to andre@alwinco.co.za. We will create and publish articles tailored to your interests on our website.
Independent security risk assessment and Red-tape.
Technically, there is only one independent security risk consultant in South Africa. The reason for the distinction is that payment comes from a single source, the company or property requesting the independent security risk assessment, rather than multiple revenue streams. The financial reward is limited, and the return on investment is low.
I have attempted to bring on BEE partners.
We tried to bring in others willing to collaborate as well, but the low return on investment remains a barrier. With independent security risk assessments, payment comes solely from the client, whether it is a business, enterprise, or property requesting the assessment. Those interested in partnering with Alwinco often say the return is insufficient. Some then try to change Alwinco’s concept, suggesting selling and installing equipment to make up for lost income.
This, however, defeats the purpose of an independent security risk assessment. This explains why there is only one independent security risk consultant in the country.
Did you know that for over 20 years, it has been normal in security risk assessments for a Request for Quotation (RFQ) to produce only one response, if any?
Occasionally, the same RFQ must be issued three or four times, often without better results. Occasionally, a new security provider or an ambitious risk manager will enter the process, hoping for a different outcome. However, experience shows that the pool of respondents rarely expands.
Please read the explanation below, which outlines the differences between a security risk assessment, a risk manager, and a security provider.
Why does this happen? Part of the reason lies in the maze of red tape. Procurement procedures, combined with obstacles in other departments, slow the process and stall meaningful progress.
Did you know that, according to the Association of Proposal Management Professionals, nearly 30% of business proposals are rejected due to minor non-compliance, even when the core offering is strong? Picture this: you are at a checkpoint where the rule is simple—present three diamonds to pass. There is a problem; you only have one genuine diamond. To get through, someone carefully cuts two pieces of glass to resemble real diamonds. On paper, the requirement of three diamonds is met, and the process moves forward. Yet beneath the surface, it rests on a falsehood.
This scenario mirrors how RFQs (Request for Quotation) are sometimes handled in the real world.
The focus too often shifts from genuine quality to the mere appearance of compliance. Procedures are followed, boxes are ticked, and on paper, everything seems in order. But if we look closer, what are we really delivering? Genuine value, or just clever imitations?
Big mistakes such as cutting corners or accepting flawed solutions are key reasons we are losing the fight against crime. Without honesty and rigorous standards, progress is compromised and the integrity of the entire system collapses.
As one informer explained, repeatedly inspecting a space often uncovers hidden issues, just as repeated RFQs attract companies that believe they can conduct a security risk assessment. To be effective, an independent security risk assessment must remain completely independent.
Often, security risk assessments only proceed after a crime incident has occurred and companies have already spent thousands on security that does not cover the risk; only then do companies grant special permission for the security risk assessment to start.
Experience is critical.
A competent security risk assessor must have police and crime scene experience, investigative expertise, and experience interviewing suspects and victims. They must understand crime, evidence collection, and how to conduct a thorough security risk assessment that identifies security risks. Real security experience is essential, including guards, armed response, control rooms, and security management, along with knowledge of hardware, installations, and data systems.
Even with all this experience, a consultant still cannot be part of the solution. Assessing a system in which you are involved compromises the process, as you cannot assess yourself.
Independence is key. Consultants must not sell hardware or provide solutions; they only assess.
There is no formal definition of an independent security consultant, but independence is essential. Repeated RFQs and red-tape delays explain why crime remains high, particularly in large corporate companies and state-owned enterprises.
Understanding master copies, incident registers, and other required documentation is essential, especially with the use of AI. Compiling this information into a readable document requires skill. The final report should read like a story, a book, or guidelines, not a block of text. Reports typically contain between 160 and 210 sections.
I have tested, reviewed, and interviewed those who claim they can perform independent risk assessments. In most cases, they cannot. Many lack the necessary experience and confuse independent risk assessment with risk management or health and safety.
Please read our definitions below.
Because true independent consultants are rare, companies often turn to other providers. Comparing an independent security risk assessor to a service provider is like comparing a luxury jet to a car; they are not comparable. Receiving only one response to an RFQ is normal, and even handling the same RFQ multiple times is common. Red tape remains one of the biggest risks in security, placing the most people in danger and costing lives.
Article written by Andre Mundell.