Skip to content

How to Outsource Wisely

​COMPANIES ARE MOTIVATED to outsource security functions because they see such ventures as advantageous. Some of the perceived benefits include lowering costs from expenses such as salaries, insurance, and training. Companies also hope to avoid both the costs and the hassles involved in teaching in-house security staff new skills or managing the department. However, many companies rush to outsource before properly assessing the status quo, determining what type of partnership they want with the vendor, and assessing exposures.

Risk Assessment

There are numerous examples of disasters that can result when risk assessments are neglected. At one large resort-casino operating nearly two dozen properties at varying locations, many of its nightclubs were experiencing fights and other disruptive events. At one of its main clubs, an incident resulted in a patron being brutally assaulted and incurring extensive brain damage.

During litigation, it was discovered that neither the risk management division nor the security division ever took the time to conduct assessments of the organization, its outsourced vendors, or other nightclubs in the same locality and region. The consequence of this self-imposed administrative ignorance was that management had no real appreciation of the frequency or severity of similar workplace violence already occurring at its own clubs or in the nightclub industry in general.

Adding to the problem, the risk management department and the security department failed to communicate with each other on a regular basis, each entity operating in its respective silo. Incidents occurred regularly and security responded reactively, taking reports and passing them on to risk management personnel, who, in turn, failed to track the frequency of these reports or the resulting claims that rolled in from the victims.

Had such tracking been done, the organization would have been able to forecast probable future occurrences and forward those statistical findings to the security department. Security could then adjust its staffing and training accordingly. Absent that context, each day’s events occurred in a vacuum, independent of all past events.

Because the casino had not been proactive, it had no choice but to settle the case.

Companies that conduct a thorough risk assessment may avoid that fate. They can determine what problems they are experiencing and what they need from a security contractor to help solve those specific problems.


Once a risk assessment has been completed, companies must determine what sort of relationship they want to have with the vendors they hire. This, in turn, depends on the company’s needs. In general, a company can seek out one of three outsourcing arrangements: operational, tactical, or strategic.

Operational outsourcing is short-term in nature. Examples of operational outsourcing would include the hiring of a company for added security during a special event. There is no expectation of a long-term relationship. This type of outsourcing merely supplements existing in-house talent.

Tactical outsourcing is more extensive than operational. Generally, the duration of retention is more extended and the intensity of talent more acute than in operational outsourcing. The duration can span from a seasonal sales cycle to a mission-specific project, each having a prearranged end point. Usually, the successful and competent completion of tactical projects can result in repeat business and renewed contracts.

Strategic outsourcing includes elements of both operational and tactical outsourcing, but with a significant added element—an integrated partnership. Such a partnership implies a special relationship, with each entity focused on the welfare, success, and development of the other. Moreover, strategic outsourcing means that generally there is no specific end point, save that which is spelled out in the contract. A company seeking to hire a vendor to take over a security function should seek a strategic outsourcing relationship.

In a strategic partnership, the client company should make every effort to ensure that its new partner shares the same strategic vision and fully comprehends the client company’s immediate goals and long-term objectives. In return, the client company ensures that the relationship has management’s active involvement and continued support, facilitated by open lines of communication. The client company is also responsible for drafting a well-conceived and comprehensive contract addressing foreseeable contingencies.


With every upside to outsourcing there are attendant disadvantages and potential risks. Depending on the type and scope of outsourced activity, such disadvantages can be controlled. However, the client company must be aware of these issues before the bid process starts. Factors include legal risks, compliance problems, employment issues, and loss of talent.

Legal risks. Though contracts can contain hold-harmless clauses shielding the client company, at the end of the day, the host is ultimately responsible when incidents occur on its property. For example, a vendor employee—a young college student—was brutally killed at a restaurant on the property of a large resort casino. The casino owned the restaurant but had hired a management company to operate it. Though the security staff at the restaurant was not employed by the casino, it was the casino that was named in the media and blamed by the victim’s estate.

The same thing happened to another casino when a young female patron died from a drug overdose in a nightclub that was operated by a third-party management company. The casino had to bear primary responsibility in the legal system and in the press.

Compliance problems. With regard to local and state laws, there should be some mechanism, such as a periodic audit, for ensuring that contractors are in compliance. Any failure to comply on the part of a contractor can reflect back on the client company.

At one casino, for example, certain forms regarding the declaration of gamblers’ winnings were not filed with the State Gaming Control Board. The casino was severely fined and reprimanded for the oversight, and its reputation was tarnished. Employees of an outsourced auditing company had failed to identify that the forms were stuffed into boxes and stashed in a storeroom, rather than being forwarded to the agency as required by law.

Employment issues. Even though the outsourced personnel are employees of the vendor company, long-term projects may require that they work at the client company’s facility. This means that the client company still has to manage and supervise them. All of the same issues arising from employment, safety, and disability regulations at the state and federal level remain the client company’s responsibility.

Loss of talent. By outsourcing key duties, the company misses the opportunity to cultivate a mature and skilled proprietary talent pool. Outsourcing transfers skill-based functions to outsiders, thereby effectively denying the client company a chance to convert a current weakness into a future strength. The company can compensate for this by, as mentioned earlier, making the relationship more of a partnership. Of course, it is saving money by having the vendor shoulder the training burden, but companies should be aware of the tradeoff being made.

Outsourcing has benefits, but improperly planned outsourcing will negate those benefits and may have a net negative result, causing everything from inefficiency to tragic loss of life. Managers charged with implementing outsourcing should be aware of the risks so as to chart a course around them.

D. Anthony Nichter, CPP, is senior analyst and instructor at the Institute for Strategic Executive Development in Las Vegas, Nevada, and Executive Security International of Colorado. He is a member of ASIS International and past chair of the Gaming and Wagering Council.