Bob Forsyth – Audits – a box ticking exercise or a critical tool to evaluate risk?

Bob Forsyth - Managing Director of MITIE Total Security Management
Bob Forsyth - Managing Director of MITIE Total Security Management

Bob Forsyth, the Managing Director of MITIE Total Security Management (TSM) introduces his twelfth blog on Bob writes: “Historically audits have been seen as a back-office function, and something that we have to have. But, I believe, if audits have the backing of the Board they become a driver of quality and enhanced business performance.

“To be seen as this, the audit function needs to change and refocus its process to concentrate on the wider risks for clients, rather than a series of tick box standards. If the audit function digs deeper into the clients’ operations, surpassing the standard questions, it will enable the scope to widen and incorporate their risk profiles. The outcomes can be evaluated and use the intelligence to inform operations. An example of a new approach to auditing could be to question the client about their last desktop exercise for disaster recovery planning.

“Too often the audit function in a business performs a random selection of reviews which do not deviate from the standard or explore other areas relevant to business success. The same outputs are often seen with no real surprises, and the function doesn’t create any impact on the business. The data and findings are not always communicated widely enough across the business which compounds the lack of understanding of what the function should be used for – sometimes through a fear of revealing under performance. This approach can hold a business back as it causes the issues to be covered in the misplaced trust that you are helping.

“My view is that the audit function must be supported by the Board and be directed to operate with a more open nature; being allowed to deviate from the standard and ask more probing questions of clients regarding their wider risks. Difficulties come from standards for people and equipment not being aligned, but if the review was based on the actual threat to clients, one set of standards around risk could be implemented. Of course clients need to be on board with this new approach as ultimately they are the risk owners and manage the risk tolerance for their organisation. In my view, not many would object to an audit that also assisted them in reviewing the wider risk factors, especially in the higher risk environments of CNI for example.

“The industry is basing its future on risk and the mitigation of risk, so why not change the scope of the audit to look more widely at the clients’ risk profile? With a client’s risk properly assessed, this approach would give security providers a clear focus for development in the industry as risk-based companies. Another benefit would come from the independent nature of the risk reviewer which in some cases could point out to a client’s inadequate security measures.

“The threats that we face have changed and developed but our auditing process has not and still relies on a basic check of low level issues rather than high level security flaws.”

MITIE Total Security Management Website

With over 17 years’ experience in the security industry, Bob is a proven achiever at a high level. He is a strong relationship builder who is financially astute with excellent negotiation and communication skills, with the ability to work with people at every level. A team player, Bob is able to lead by example.

Bob was promoted to the position of Managing Director of MITIE’s security business in April 2010 after several notable achievements since joining the company in 2004, including his win of the prestigious MITIE new business award.

Having successfully implemented the merger with Initial Security in the Southern region and developing a profitable part of the business, Bob has continuously worked towards expansion including the implementation of the response service, and has significantly contributed towards year on year growth. In June 2009, Bob initiated the launch of the business’ total security management ethos; to take an integrated risk-based approach to security, incorporating people, technology and consultancy services.

Bob continues to move the business forward and has delivered record EBITA profit. He has increased business retention and launched new services lines including lone worker, void secure, employee screening, and security risk and business resilience. Under his leadership, MITIE’s total security management business has grown into an organisation with a turnover in excess of £280m. He takes every opportunity to promote MITIE’s presence within the industry through his involvement with industry bodies such as City Security and Resilience Networks (CSARN) and the British Security Industry Authority (BSIA).

A member of the Institute of Directors (IOD), the Security Institute and Resilience Industry Suppliers Community (RISC), Bob is championing the development of the security industry from a guarding-focused, low-end purchase, to a risk-based, technology-driven industry, and plans to work closely with the BSIA and his peers to accomplish this. Bob is passionate about the security industry and enjoys speaking at events such as TINYg in New York, CSARN conferences, and various other security and risk events.

Bob writes a regular blog for the internet news provider to share his vision of the industry’s future. He is also an avid tweeter; taking to the social media site to both promote his ideas and listen to others from around the industry.

In his spare time Bob enjoys sports and is a devoted West Ham fan. He also appreciates current affairs, military history and travel.

Opinions expressed by contributors and commentators do not necessarily reflect the views of or Interconnective Limited.