Flat-Rate Security Audits: How We Price, Why Size Isn't Everything

If we can’t quote it, we can’t scope it.

Pricing transparency is not a marketing position. It is an operational discipline. If we cannot quote an engagement in writing before it starts, we have not scoped it carefully enough. If the quote moves after the work starts, we scoped it wrong.

Flat-rate pricing forces us to do the planning work up front. It gives the organization a number they can take to their board or leadership without caveats. And it aligns our incentive with theirs: deliver a thorough, useful audit at the price we quoted.

How we calculate a quote.

Three factors drive the price of an audit. Facility size is one of them. It is not the largest one.

Factor 1: Operational complexity

How the space is used matters more than how big it is. A facility with multiple programs, split shifts, or significant volunteer churn takes more audit time than a facility with a single program and a stable team.

We look at:

• Number of distinct programs or services run from the facility
• Staffing patterns (single shift, split shift, volunteer-heavy, 24/7 operations)
• Visitor volume and patterns (weekly services, events, continuous public access)
• Cash and asset handling (rare, daily, continuous)

A small senior living facility with 24/7 operations and a memory care wing is more complex than a large office building used for business hours only.

Factor 2: Scope

What we are reviewing. A full audit covers the physical space, policies, personnel practices, technology, and training posture. A scoped engagement might focus on one or two of those domains.

Common scope variations:

• Full audit: all domains, comprehensive report with 30/60/90-day plan
• Focused audit: a specific concern, facility wing, or protocol area
• Policy and personnel audit: no physical walkthrough, policy and practice review only
• Technology posture audit: alarm, access control, and camera systems only
• Pre-event audit: facility readiness for a single large event (gala, festival, annual conference)

Scope decisions are made collaboratively during the pre-engagement conversation. We do not sell the full audit when a focused audit is what the organization needs.

Factor 3: Deliverable depth

A representative P23 audit produces a written report, a 30/60/90-day action plan, a verbal readout with leadership, and a close-out review at 90 days. Some engagements include additional deliverables: board presentation, staff training session, written policy updates, vendor management documentation.

Additional deliverables are priced separately and transparently. The base audit delivers a complete written product. Additions are added if they are useful, not because they inflate the invoice.

What makes a quote go up.

We do not hide the variables that drive cost. Specifically:

• Multiple buildings or campuses. Each additional building adds walkthrough time, staff interviews, and scope.
• 24/7 operations. Senior living and residential facilities require observations at different times of day.
• Interview-heavy scope. If the audit requires ten or more staff interviews, that is a material time commitment.
• Policy review depth. An organization with ten written policies takes longer than one with three.
• Vendor and contract review. Reading monitoring contracts, installer agreements, and vendor terms adds time.
• Presentation or training deliverables. Board presentations and staff sessions are separate from the core audit.
• Travel outside our core region. We are based in Southwest Florida and primarily serve Lee, Collier, and Charlotte counties. Engagements outside that region include travel time.

What makes a quote go down.

The flip side:

• Single-building, single-program organizations. The simplest full audits.
• Prior audit history. If we have audited you before, the follow-up is less intensive than the first engagement.
• Active fDoS relationship. The annual audit in an fDoS engagement is substantially more efficient because we already know the space and the program.
• Well-organized existing documentation. Organizations that maintain current policies, rosters, and emergency plans save the auditor significant time.
• Focused scope. If you want a targeted review rather than a full audit, the price drops accordingly.

What the quote includes.

A P23 audit quote includes:

• All on-site time (walkthrough, interviews, observation at various times of day)
• All off-site time (report writing, plan development, policy review, research)
• The written report and 30/60/90-day action plan
• A verbal readout meeting with leadership to walk through findings
• One 90-day close-out review meeting
• Basic email follow-up for 30 days after delivery for clarification questions

What it does not include, unless explicitly added:

• Implementation work (we audit; implementation is a separate engagement)
• Board presentation (we recommend this as an add-on for organizations that want the audit presented to trustees or elders)
• Staff or volunteer training sessions
• Written policy drafting (review is included; drafting replacements is additional)
• Vendor management services beyond contract review

The line between included and additional is written into the engagement letter. No ambiguity, no scope creep.

The grant pathway.

For organizations that qualify, FEMA’s Nonprofit Security Grant Program (NSGP) can cover audit and hardening costs. Churches, faith-based organizations, and nonprofits serving vulnerable populations often qualify. Florida’s share of NSGP funding is meaningful and has grown since 2020.

We have a separate piece on the grant process, including how to apply, what is required, and what the compliance cycle looks like after an award. For organizations that cannot presently fund an audit from operating budget, the grant pathway is often the right starting point.

The passage is a charge to stewardship. A security audit is a stewardship exercise for a physical space and the people inside it. The cost of the audit is the cost of knowing well the condition of your flock.

What we will tell you before you sign.

In every pre-engagement conversation, we commit to telling the organization:

• Whether we think an audit is actually the right tool for your question, and if not, what is
• What scope we recommend, and why, based on what we learned in the conversation
• The flat-rate number, in writing, that the engagement will cost
• What is included and what is additional
• Timelines: from signed engagement to on-site work to delivered report
• Whether grant funding might be available for your organization

If after that conversation the organization decides not to proceed, no fee. We would rather be the team an organization hires when it is ready than the team that pushed them into an engagement they were not sure about.

The honest version of pricing.

Security consulting has a reputation for opaque pricing. We understand why. Many organizations have had experiences where the quoted number was the start of the conversation, not the end of it. The hour-based invoice arrived with surprises. The “Phase 2” was more expensive than Phase 1.

We priced P23 the way we wish we had been priced. Transparent flat rates. Quoted in writing. Held to. Scope clearly defined, with any additions priced separately before the work starts.

If you are evaluating a security audit for your organization in Fort Myers, Cape Coral, Naples, or Port Charlotte, we would be glad to have the pre-engagement conversation. No pressure, no meter, no surprises. If we are the right fit, we will say so. If we are not, we will say that too.