The trick is to balance the likelihood of an event happening with the cost of the recommended solution. If the frequency of occurrence is low or non-existent, then you may elect to eliminate the recommendation. If the likelihood that the identified risk will occur is high, then you need to either spend the budget dollars on the recommended solution or avoid the cost in lieu of accepting the risk by increasing your insurance coverage/premium for the identified risk. If the consultant you have hired is not providing you with this type of risk versus likelihood comparison and is expecting you to decide merely on his/her expertise, then I would say it is time to reconsider your business relationship with your consultant.
ABOUT THE AUTHOR: Thor A. Mollung, CHSII, Managing Director, Security Consultant, has over 20 years of experience in the industrial security industry with companies such as Fidelity Investments, Mellon Bank and State Street Corporation. Mollung is a member in good standing of the American Society for Industrial Security (ASIS-International), the National Fire Protection Association International (NFPAI), and the American College of Forensic Examiners Institute.
This was first published in February 2007