The study, which is due to be published some time in the next few weeks, is expected to show that users do not have sufficient concerns to justify a complex and potentially expensive licensing programme for IT security consultants.
The report was commissioned by the Department of Trade & Industry in an attempt to end the uncertainty surrounding last year's Private Security Industry Act, which calls for the regulation of "security consultants".
Although conceived as a way of regulating security guards and nightclub bouncers, in practice the Act could potentially be used to make licensing a requirement for IT security professionals.
The DTI report is understood to have identified significant practical barriers to the regulation of the profession, which will make any licensing system less likely.
There is no evidence that information security consultants present any greater threat than other business consultants, the DTI is expected to say.
Many of the real-life problems faced by IT departments result from badly written specifications and difficulties in the implementation stage, rather than from poor advice from security consultants.
The DTI report is expected to conclude that there would be no straightforward way of identifying what an IT security consultant is. Any definition based on skills would be likely to bring general business consultants under the scope of the licensing regime.
However, the DTI's findings are unlikely to end the uncertainty surrounding the Private Security Industry Act. Whether IT security professionals are regulated or not will ultimately depend on how the newly formed Security Industry Authority chooses to define the term "security consultant".