Determining the cost of your solution or a price for your time is an extremely difficult and challenging exercise for the majority of security consultants. They are likely to use a set schedule of fees, day rates and consumables, much like you would experience with accountants, lawyers and other professional services. Alternatively, they ‘have a guess’ at what it’s worth based on how much the client can absorb or is willing to spend for the task/project, ensuring there is at least some margin for profits. There is a third version however, used by more sophisticated buyers and professionals termed “value based fees”. Like it or not, there are times, primarily due to the prospect or client where you will have to use more of the first 2 options, because clients simply don’t understand or consume professional services well enough to understand and embrace value based fees.
Hourly and day rates originated from the professional sector as a means of consistency and appeasement of financial controllers and accounting departments….to make it easier for them. This in turn educated consumers, your clients, to buy said services in these neat hourly/daily boxes, much like the would fruit and vegetables, regardless of the shape or size of the produce to be consumed. This results in a lot of waste, for both client and provider, but it makes accounting software, departments and managers happy. Even worse, it creates a ridiculous economy where hourly/day rates are deemed as comparable from one consultant to another or from company to company. Somehow, despite all the experience, development, infrastructure, etc, every security service is as simple as a single number universal to all companies, quality and outcomes. Sounds ridiculous when you put it like that, never-the-less, it happens a thousand times a day all around the world. Desperate and questionable companies use this process to win contracts based on “loss leader” sales, where this contract looses money, but they will make it up later when they upsell to the client another product/service once they are in the door. Clients aren’t stupid, there are some that play providers off against each other all the time, getting these loss leading deals over and over again and simply changing providers each and every time. Like lemmings, they keep coming back and chasing the elusive profitable contract from this company, over and over again. I know of numerous instances where a security services providers has intentionally offered below cost quotes, with the intention of implementing “ex-post rent extraction” upon the client, whereby the win the contract at the agreed price to only then return time and time again with ‘unforeseen’ delays and issues that require extra investment by the client in order to get the desired outcome. This creates profit for the provider and destroys the clients budget and usually results in some negative outcomes for the manager/s that signed off on the deal. The reason the client retains the provider that is doing this to them is it has been too costly, time consuming and the project is too far into the delivery stage to change providers now…and the provider knows it. It is these practices and experiences that have tainted much of the market and user’s experiences.
If you insist on selling your product/services like vegetables, don’t be disappointed when customers insist on buying it like vegetables, by numbers alone.
In order to effectively determine the true value of your services requires you to conduct advance diagnostics of the problem, your relevance and value in delivering a positive result/service and collaborative input from the prospect. If the prospect emails you an RFT [request for tender] or RFI [request for information] I wouldn’t bother unless you are a major business and the value of the contract is worth your time. Blind RFT’s and RFI’s are evidence that the prospect has no idea of what they really need or want and think that applying the usual procurement template they will protect themselves from poor work and high prices. More often than not, it is the reverse. The business will not get the best services or the best price by demanding templates quotations. More alarming is when either a 3rd party or someone internal has already ‘determined the value of the services’ and is seeking market verification and a suitable provider. I have never come across an accurate forecast of services conducted by someone who is not a commercial provider and subject matter expert. Take the time to understand the requirement, develop a specific plan and promote the benefits of you/your approach.
There is no music if you don’t blow your own horn!
Even if you are not perfect with your estimate, you engage with the client, explain the process and jointly steer a beneficial course for both parties, you will always retain the confidence and support of the sponsoring manager/department and the business. Exploit them or take advantage of them, and you end up like all the others and further tarnish the industry.
If you are competing on cost alone….you’re really not competing.
Don’t hover around the average day rate and hourly fees. If the market rate for consulting is $1,500 -$2,500 per day, don’t select a number somewhere in this band after you consider your operational/capital expenditure. If your estimate and quotation for the work/s comes within this band, all well and good, but don’t work backwards from a number. Sophisticated clients will know it and it telegraphs just how you will approach complex and personal work….imagine a collective outcome and fabricate a work-plan to support it. In short, never, ever “guess”.
Develop metrics, formulas and standard procedures for quotations. Identify stakeholders, external costs and other contributing expenses likely incurred for the work and use this/these formulas to approximate quotations and pricing for work. For example, if you routinely outsource to sub-contractors, establish rates in advance [with creep for variations in expertise, technical competencies, etc] and create cost codes and trackable consumables in your accounting process/software. Better yet, develop sub-contractor criteria, encourage the use of apps and empower your providers to be as competent and sophisticated as you are/aspire to be. If it’s good enough for the building and construction industry, why not security consulting?
Value based fees requires education on your behalf and education of the client. Don’t force a square peg into a round hole. For example, a priority request for quotation in support of a large contract required the development and delivery of 3 key resources, all highly technical and based around compliance and governance standards. In consultation with partners, we submitted a very competitive quotation and outline plan for the support of the project, ensuring the quotation and outline included advanced techniques and high level experienced facilitators [based on the client’s insistence of being a sophisticated buyer]. From experience, we knew the areas where we would consume time and resources and areas where we had pre-developed support content and resources. The big variable was the client’s allocation of support and access to the project area. Whilst our quotation was competitive and within 30% of other submissions, the client opted for a quote and provider that submitted a quote barely 30% in value of our overall price point, with less than a page of supporting collaterals on how or why they were the provider of choice [yep, direct appointment collusion is alive and well]. To nobody’s surprise but the ignorant manager and client organisation the service delivery and outcome was a complete train wreck. They failed to deliver, embarrassed the client, exposed all parties to legal liabilities, created a repetitional issue for the client and generally could not have done a worse job if they tried, but they were cheap! Of course there were other mystical excuses used by the client but we have never responded to the client nor partaken in any other possible work with that prospect until the management has changed and they have learnt the lesson the keep repeating…just not at our expense.
The flip side of this is a company paid a consultant to distill his 20+ years of experience into a technical security manual for their employees and businesses to use around the world. It would have cost the business years in time and revenue to come even close to bottling this expertise. Instead, they paid a modest amount for a finished product that is considered an industry benchmark, delivered in a couple of months. That is smart.
Value based fees brings the fastest and most beneficial result to the client. Hourly and day rates delays the outcome and ‘deliverables’ until the last minute of the forecasted time, or you loose revenue as a provider. Who is the real benefactor in each scenario?
Security consulting fees, pricing and establishment of value is not an art form, it is pure estimations governed by sound project delivery and financial controls.
Demonstrate that you are an effective professional services individual/company and you will go a long way to address every new prospect’s major concerns….have I made the right choice for the right price? Be flexible to provide solutions based on the context and client but even if takes an eternity, invest in educating buyers to the benefits of purchasing smarter and more efficiently through joint consultation. This doesn’t mean the cheapest, it means the best possible return for their expenditure, in the shortest possible time.