I mentioned recently a client of ours was supposedly quoted over $1M for nothing more than an ISO27001 scoping engagement by a Big consultanting firm. (The real work came later!) My recent post in the forum about the ATO’s latest problems made me think about how many of these “big” consulting engagements still happen. You know the ones; Big firm comes in, spends months “auditing”, creates large report with a handful of high-level recommendations and gets a couple of million for it!

I can’t for the life of me see even a small blip on the bang-for-buck monitor from these audits. Had you told me some of these reports were created in a few weeks, I might say, “okay”, but seeing the results, recommendations, levels of detail and moreso, what they more than likely missed, just has me shaking my head. It’s 2008 and we’re still seeing big bucks being paid to Big name firms by people in business who should really know better than to just trust names and wild proposals in terms of time-frames, price but most importantly, what the hell is going to be delivered.

It’s a whole other story as to what companies do with reports they’re given and left for another post, (though there’s probably a score of posts in BorB that more than cover it already!). Sour grapes…nah!? Double-standards – sure…..I wouldn’t bitch if the ATO offered Securus Global a couple of million to hang around for a while and tell ‘em what they should so.

Pretty confident we would add a lot more value and bang-for-buck than any of the Big guys! But it’s all a game at some levels – who you know, how well you know them and what you know you can get away with!….It really is!