With business consulting you get on the road to success!
Is that really true? What makes a good or bad consultancy and how do you find the right consultant to reach your goals? in the following article we adress all these questions and also provide you with a free download file with various questions to help you select a suitable consultant.
What is business consultancy?
Conventional business consulting is used for a great variety of reasons:
The consulting is either done cross-company or department-specific. Information Security in particular is a specialized field for which consulting can be worthwhile. This is because small and medium-sized enterprises (SMEs) often do not have their own Information Security staff – such as a certified Data Protection Officer (DPO) or an Information Security Officer (ISO) who can implement the aspired projects.
Consulting can help you take a snapshot to determine where your business stands right now and what next steps could be. If you already know what you need to implement, a consultant can on the other hand help you implement a project or several upcoming projects.
So, for the following scenarios, consulting can be useful:
How to choose the right consultant / consultancy firm?
Since the consultation and its measures have a direct influence on essential business processes, you should not rush into choosing a consultant! Also, since a consultation takes many months, you should be sure about your choice. In addition, you should get along with the consultant at a personal level because there will be many intensive discussions and meetings waiting for both of you. A productive and harmonious cooperation is essential for the success of the projects.
But how do you choose the right candidate? If you search for “business consulting” on the Internet, Google gives you more than 17,700,000 results. Many companies are feeling insecure due to the large number of options, an enormous range of prices and a lack of experience, . They don’t know how to even make a preliminary selection.
To do List: What you should do before contacting consultants
If you don’t want to make use of consulting to take a snapshot of your current situation but to help you with specific implementation projects, you should define the issue, project or task you need assistance with. If you know exactly what projects you want to tackle, you can accurately assess what hardskills the consultant will need.
You can just do this by, for example, creating a mind map or Excel list. All points that are relevant to the project should be listed. If you already want to go a bit more into detail, you can also include visual links showing which points are related (e.g., which departments of the company would be affected if your company wants to get certified for TISAX®). Further details can then be written down for each point. If you, for example, already requested certification but failed at certain points, write that down. Mentioning how a problem arose could also be helpful.
These points you should pay attention to
Especially in the case of specialist projects such as TISAX®, B3S or ISO 27001 certification, you should pay attention to the experience and consulting skills. Since you already defined which skills are required for your project or task, you know what to look for while searching for consultants on the Internet.
In a first research, see who would be suitable for your projects and search specifically in “consultant niches”. Additionally, you can search based on your location. Possible search queries could be:
The more details of the consulting service (Skills, price, etc.) are placed on the website, the better you can assess whether the consulting would be suitable for you. Of course, the overall internet presence should be serious and appealing.
However, you will probably only find out about contract details and the scope of consulting services during a personal counseling meeting.
Pricing of Business Consultancy
The costs of a consultation depend on many factors. The crucial factor is whether you agree on a fixed monthly price or whether you are billed on a daily or hourly basis.
The amount depends on the duration of the project as well as the seniority and professional quality of the responsible consultant. Here, it can also make a significant difference whether you hire a larger consulting firm with several consultants or someone who works as an independent or freelance consultant.
Costs can vary from daily rates between $800 to $7,000. A fixed “All-Inclusive” price may be better if you can’t yet accurately estimate the duration of your project. Again, think of what works best for your needs. For example, you can set a budget range for each project or sub-project and then calculate a maximum budget you are willing to spend.
Do you want to achieve TISAX®, ISO 27001 or B3S certification?
We offer both: fixed prices until you achieve your desired certification or a monthly payment model. Take a closer look at our solutions:
After you decided on 2 to 3 potential candidates for consultancy, you can make an inquiry on their websites. After your inquiry, there is usually a 60 minute meeting to get to know each other. This way, both sides can make sure if the harmony is good.
Test for consultants | Information Security Edition
In the first meeting, where you get to know each other, you should not only check whether you get along, but also test the professional knowledge of your counterpart by asking specific questions.
We tell you which questions you can use to test the consultant’s competencies in the field of information security. You will also find all questions bundled in a free download document at the end of this article. The questions can be divided into 4 categories.
- What experience does he have in your industry?
- How many customers has he already served and from which industries did they come? (Can he prove this with the help of a reference list?)
- What is his reputation among other consultants or his clients?
- What other experience does he have besides ISO 27001 / TISAX® / B3S / …?
- What experience does he have with other relevant standards, e.g. ISO standards?
- Are there any possible conflicts of interest?
- How many ISO 27001 / TISAX® / B3S /… implementation projects has he successfully completed in the last two years?
- How many of his customers have applied for certification and how many have been successfully certified to ISO 27001 / TISAX® / B3S / … (in the first attempt)?
- What was the most complex project in this field that he has carried out? Can he briefly describe it?
- What trainings or degrees has he achieved, i.e. what certificates does he have to objectively demonstrate his knowledge?
- Does he also conduct information security trainings? If so, how many training sessions has he conducted and for how many people?
- Has he ever published any professional articles on the relevant or related topics? If so, how many and where has he published them?
- Has he worked as a certification auditor?
- Can he show you examples of risk assessment documents he has prepared for some of his clients?
- … briefly describe the requirements of ISO 27001 / TISAX® / B3S ?
- …. describe the phases of the implementation process?
- … name which documentation has to be created (at least!)?
- … name the most common problems he faced during ISO 27001 / TISAX® / B3S / … implementation projects and how he solved them?
- … estimate how long an implementation project usually takes and what the duration depends on?
- … estimate what the scope of the project would be in your case?
- … make a comprehensible proposal for defining responsibilities for specific tasks in the project?
- Do you have the feeling that you are getting along with each other?
- Does the consultant ask appropriate questions that give you the impression that he has prepared for the conversation and understands your situation?
- Does he listen to you and address your concerns?
- Does he ask what you would like to achieve and what should not happen during the process?
- Are any unanswered questions about the consulting service answered sufficiently so that you know exactly what you are hiring the person for?
- What does your intuition tell you – is the person you are talking to a sincere person with whom open and honest communication will be possible during the project?
Of course, you should not evaluate and select the consultant primarily on the basis of personal sympathy. Because you will not be meeting for a cup of coffee. It’s all about the future of your company and the implementation of complex projects. But for this intensive cooperation to succeed, you must of course get along with your consultant.
Integration into existing teams: Is there potential for conflicts?
In the best case, a consultant has exactly the qualities and knowledge that your team is currently lacking. In some cases, your employees may therefore be annoyed when an external party takes on a leadership role. Your involved employees should urgently be sensitized before the start of consulting. The collaboration should also be announced in advance.
Contracting: What you should consider when contracting
You should urgently clarify in advance what is included in the the consultation service (termination deadlines, additional services such as employee training, etc.) and what extra costs you might have to pay, e.g. for commissioning additional service providers that are necessary for the success of the project.
- Are the process and the components of consulting service clearly defined?
- For larger projects: Are interim goals and regular meeting appointments defined?
- Are documentation requirements determined?
- What is the total price for the services (make sure everything is included: analysis, interviews, preparation of documentation, training, transport costs, etc.)?
- Are termination regulations (e.g. no binding to a minimum number of working days, termination periods, etc.) determined?
- What additional services (and any costs) will you need to acquire from other service providers?
- What is the effort required of internal staff participating in the project?
During the business consulting
It is recommended, especially for longer and more extensive projects, to arrange regular meetings. This way, you can keep an eye on the progress of the project, see whether the consultant is fulfilling his agreed duties, and better plan for small deviations. In order to achieve your desired project goal, all steps must be documented in a comprehensible manner so that they can be accessed at any time – especially in audits.
End of the business consultancy
In the best case, consulting ends not with a termination, but with the successful achievement of your goals, e.g. obtaining the TISAX® label or ISO 27001 or B3S certification.
If everything has worked out well, you can also stay in touch with the consultant or consulting firm for future projects. If someone has successfully helped you achieve ISO 27001 certification, he will probably also be able to guide you to get the TISAX® label.