Where to start?

When developing audit instruments for clients, the first two items we review are the current contract and the vendor's proposal.  These documents provide a good starting point because the contract outlines agreed-upon service expectations while the proposal may contain other vendor service guarantees.  After extracting the most promising standards, we'll determine if they meet the requirements of useful metrics.

Be SMART about your metrics.

If metrics are not created properly, they will have little value and, worse, may cause confusion and distract from your security mission.

The first step to a comprehensive audit program involves developing SMART standards.  They must be:

Specific - Avoid miscommunication and set clear expectations.

Measurable - Create quantifiable standards to determine compliance and permit enforcement.

Achievable - Establish challenging goals that are possible to accomplish.

Realistic - Make sure each standard supports your organization's goals and is cost-effective.

Timely - Set goals that can be performed within a given timeframe.

SMART standards are easy to measure and difficult to dispute.  Because of its quantifiable nature, pricing is relatively easy to verify, but companies can also create measurable standards for other service areas. 

Inspections, for example, are critical to the supervision of security guards.  Standards may address days of the week inspections occur (weekdays/weekends), the qualifications and/or level of the inspector (manager/supervisor), frequency of the inspections (daily/weekly), and shifts inspected (day/night).  Other standards may govern selection, training, turnover and invoicing, among other areas.  Determining these standards will aid in contract development and allow for effective audits.   

Get your vendor involved.

Asking vendors to take part in developing standards gives them a vested interest in their performance and reduces the chance of miscommunication.  Such collaboration also offers an opportunity to learn more about a vendor's systems and documentation standards so you know what to look for when conducting audits. 

Audits do not have to be adversarial. 

Organizations can maximize vendor performance, manage costs and increase the effectiveness of the security program.  Issues can be immediately identified and corrected.  Additionally, audits allow vendors to prove how effective their quality-control programs are, while differentiating themselves from the competition. 

Creating and using an audit system to monitor security contractors makes good business sense for both parties and, over time, will help foster a strong, long-term partnership.