Blog

Today, the popularity of telephone calls remains largely unbroken – people still ring each other, but they do not need and do not use public telephones for that anymore. Economically speaking, the demand and the market continue to exist, and have even grown significantly in volume since then, but have shifted to other providers that deliver a more convenient and in the end more valuable service for customers (e.g. mobile phones).

As this is a blog focused on TIC, with a reputation for slightly apocalyptic statements, most of you know which analogy we are trying to imply. It is not too difficult to imagine a similar development in TIC: the demand for safety and security might still be there in the future, but could be satisfied by other providers from outside the current industry landscape, if TIC incumbents fail to recognize new market needs, to update their business models and capabilities and to adapt to and adopt new technology properly.

The TIC industry associates great hopes with “Digital TIC”, the “Industry of Things” (IoT) and “Industry 4.0”. Yet, as neutral observers, we rather have to note that others are winning in these games:

• The Cloud Services market is dominated by a few notorious players. Some TIC players’ efforts to establish “safe 3^rd party clouds” for trusted data exchange have more or less failed
• Specialized IT companies, most of them from the U.S. and many of them VC-fueled start-ups, have effectively seized the market for holistic IT environment safety and security (“network and device monitoring, threat detection and incident management”)
• With IT security inevitably (also) becoming a hardware feature, IoT security standards are increasingly defined and set by hardware companies on chipset level. Logically, these also perform subsequent certifications, for which they only selectively involve a small number of testers, and rather newcomers than incumbents
• Auditing and Accounting companies recognized the business potential of “Cybersecurity” a long time ago and have successfully positioned as major players in that field. For them, 2^nd party audit services around IT security are an entry ticket, based on which they sell more comprehensive technology consulting and implementation services

It feels that many TIC players are more and more reduced to a mix of ISO 27001, PEN-testing and Common Criteria – still somehow active and present in the market for Cybersecurity, but increasingly marginalized. In other words: The mainstream of the TIC industry is not winning the future, but losing it – at least reg. “Digital TIC”.

It’s not enough to be a mere technology user, if one wants to be trusted as an expert. The quality and credibility of TIC services depend on the technical competence and the understanding of the underlying subject-matter. From our point of view, large parts of the TIC industry are not even close to investing enough, and frequently enough, into “Digital”, not only seeing it as an efficiency tool, but as a future business. If this industry, with the exception of the few TIC players who have understood and risen to the challenge, continues on that path, it will most likely have to pay a bitter price for this negligence and oscitancy in the medium term.

For those TIC providers who made it into that game, this provides a pleasant field of activity with stable revenues, limited competition and low risk – and with limited need for marketing, as customers are forced to come to them anyway. It is not surprising that this allowed the TIC SVI specialists to optimize operations and to achieve attractive profit margins.

For the TIC industry, things could stay that way, but the disruptive changes in the Automotive industry prompt the question whether these might impact SVI as well. Electric vehicles may not require emissions testing at all, or a significant part of technical supervision and condition monitoring could be performed remotely in the near future (thanks to connected cars). Or, if people choose to not buy and own cars anymore, because ridesharing services such as Uber or Lyft are so much more convenient, there might be a lack of vehicles to be tested in the first place.

In this context, it is worthwhile to take a look at the upcoming discontinuation of the mandatory emissions testing scheme in the U.S. state of Washington. The scheme will be discontinued from Dec 31, 2019, onwards. Until then, vehicles older than nine years will have to undergo a mandatory emissions testing upon tab renewal – about 900,000 vehicles per year, at an inspection fee of USD 15.

The reasons for the discontinuation are revealing. It is both the perceived ineffectiveness of the scheme and the decreasing validity of the fundamental logic behind it:

• “Washington state style” emissions testing turned out to be ineffective, given the lenient vehicle age threshold and generous waiver conditions. Even with multiple failed tests, vehicle owners could still renew their tabs by proving that repairs (of whatever kind, not necessarily the exhaust or engine) of at least USD 150 had been performed.
• More importantly though, at least in the eyes of the Washington Department of Ecology, technical progress has eliminated the underlying need for emissions testing. The DOE stated that “newer vehicles are much cleaner and air quality from vehicle emissions has improved across the state”

One could argue that a surprising ruling in a rather remote and rainy part of the United States does not have a lot of relevance in the bigger scheme of things. However, nor is the state of Washington rural backcountry; with the rapidly growing Seattle metropolitan area, it is home to the 15th largest urban area of the United States, where air quality is a topic. And neither is this the result of a fanatic “tea party” anti-bureaucracy crusade, but was enacted by a moderate Democrat government. In fact, no U.S. state has gone longer without a Republican governor than this, with Democrats in control of the Washington Governor's Mansion for more than 32 years.

If not the result of backwardness or madness, alternatively this decision could be based on a logical rationale. Indeed, depending on regulator's goals and expectations, technical progress may have rendered, or soon might render, SVI and emissions testing less necessary or even pointless. The key question then is how quickly regulators react to that. Maybe, emissions czars at the Washington state DOE found inspiration in the disruptive "move-fast" strategies of the local high-tech giants such as Amazon, Microsoft or Intel, and simply acted earlier and more decisively.

Is this a reason to panic? No, because the Washington state decision is unique and caught most other state representatives by surprise – and thus is unlikely to be replicated in the short term.

TIC companies will have to watch this carefully though, and maybe should re-consider their planned investments or intended participations in SVI tenders. Change is likely to be slow and gradual, but it could soon become painful for those TIC players with significant SVI exposure, considering the business’ role as a profit engine and cash cow. And most importantly, it may have started already.

Not meant in an impious and disrespectful way, rather well aware of the human tragedy, we would like to comment that this is not first time that disaster strikes even though a TIC company was somehow involved with some kind of service or after it had performed some sort of “inspection”. Just recall:

• The PiP breast implants scandal (TÜV Rheinland)
• The collapse of Rana Plaza in Bangladesh (Bureau Veritas, among others)
• The VW diesel emissions scandal (TÜV Nord)

In each of these cases, TIC companies could not be held responsible, legally. So far, so good? Not really, in our opinion – because something sticks.

For an industry dependent on its reputation of untouchable impartiality and superior technical competence, for an industry conveying the image that it is worthwhile to pay the price for its services because these safeguard and enhance safety, such events occur far too often and have far too dire consequences.

TIC companies should finally scrutinize their service portfolios and begin to discontinue those services with an unreasonably high reputation risk (in relation to the often miniscule revenue and profit generated by them) or substantial survival risk (killing the company if something goes wrong) – or install functioning, much tighter control mechanisms for the risky businesses, if deliberately deciding to perform/offer these. In other words: Either don't do it at all, or exercise extra care when doing it.

The more negative news somehow associated with or connected to TIC, the less will customers and consumers believe in the viability and value of it. The TIC industry should not stretch the limits of its business model too far in search for the quick dollar – or it might wake up one day without a business model at all.

It must be read as a warning sign that several commentators have begun to draw analogies between Auditing/Accounting and TIC, indicating that the latter could be caught in the same massive conflict of interest as the former, and that stricter regulation in a similar vein is necessary. This would mean to strictly separate Audits and Consulting work, by law. And that would be the end of any “Assurance”-type TIC concept of integrated support along the value/supply chain some industry participants actively promote.

With the TIC Council formed, now an association exists that covers almost all of the industry. In the interest of all participants, it should not just send out fancy press statements on ethics and compliance, but maybe start enforcing these and put its own rules to the test.