Australian Security Corruption Scandal
A major scandal is rocking the Australian security industry. The government alleges corrupt awards [link no longer available] for multi-million dollar surveillance contracts. The case is now before the Commission Against Corruption and the transcripts are amazing [link no longer available] presenting a rare glimpse into the underbelly of security contracting. While it is still ongoing, the commission's key allegations identify fundamental risks that all security professionals globally should keep in mind. As of June 1, 2013, this investigation is still ongoing. Full update here.
Perhaps the best quote from the transcripts is this:
"The agencies failed to recognise the security consultants were not independent in the security industry."
Here are more risks identified:
Sharing Confidential Details
Beware of consultants sharing confidential details, like the available budget or rival's bids, to 'friends' of the consultant. The more friendly and connected the consultant is to the bidders/integrators, the more likely this is to happen.
The complaint repeatedly cites a concern with an integrator paying for trips to consultants and/or users to ISC West (viva las vegas!). Of course, it is simply defended as networking but the government is understandably concerned about the influence bidders can have over supposedly independent individuals when taken on free vacations (e.g., crusies).
The complaint alleges that a preferred integrator's qualifications were fabricated to show significantly more certified technicians than they had. Even if it is not fabricated, biased consultants can look the other way to faked qualifications or shape qualifications to favor a preferred bidder. See our recommendations on selecting a quality integrator.
Gifts and Unrelated Payments
One of the craziest elements of the complaint is that an integrator paid an end user thousands of dollars a year to clean a boat. It is defended as an unrelated side job, but these type of financial connections can build bonds that favor one bidder over another.
The complaint notes:
"Some of the agencies have dealt with the issue of gifts poorly. And those agencies have failed to recognise the risk of gifts influencing or being seen to influencing their staff. Some agencies did not adequately manage conflicts of interest between staff and consultants."
Security manufacturers are the same way, saying inane things like 'just because I buy them gifts, doesn't mean I am guaranteed the deal'. Indeed, in the transcript, the defendant remarks at one point, "I don't go out there to say hey, I'll buy you a beer, make sure we get the contract."
Bidders can play dumb all they want but it is obvious why they do it and why most governments and large corporations have rules against gifts for employees - gifts routinely result in awards favoring bidders at the detriment of the buyer's organization.
Open vs Invitation Only Tenders
The use of invitation only tenders is cited as a corruption risk:
"An open tender [may] have been adopted rather than a tender by invitation in order to increase the prospects of competition and reduce the opportunity for collusion between tenderers."
While invitations may help select the 'best' bidders, it may also be misused to select those the consultant is biased towards. This equally and regularly happens with product specifications. See our review of low quality RFPs.
End User Lax Management
The complaint emphasizes that the government agencies were naive:
"Most agencies responded to the challenges of undertaking a specialised project by hiring an external security consultant to provide advice. These agencies failed to put in place any safeguards to verify the advice they received. Instead there was a general view that the external security consultants provided a layer of probity as their independence safeguarded the process."
Anywhere in the world, simply assuming your consultant is independent is a fast way to get screwed.
The complaint concludes:
"In many ways the consultants were handed end to end control over the security projects as public sector managers effectively outsourced accountability."
While it may be hard work and require more resources, end users need to exert more control and more skepticism over the actions of their consultants. Otherwise, they risk falling into a similar situation to what is happening in Australia.
[UPDATE June 5, 2013]: The government's inquiry was originally supposed to take about three weeks, but still no final report or additional information has been released. We checked in with the New South Wales Independent Commission Against Corruption to see the status of this case and it released this statement:
The Commission extended the scope of this inquiry, which meant it did proceed for more than three weeks. At this point, the Commission is in the process of preparing its report into the investigation, which will contain any findings and recommendations that the Commission deems appropriate. The report will be furnished to the New South Wales Parliament in due course, which then makes the report public.
The Commission says it does not have an estimated timeline on when this will happen.