Enforcing authorities act against the responsible person. Article 5 of the Order fixes the duties on the role, extends them to others with control of the premises, and leaves no route by which a bad report becomes a defence. Telling an inspecting officer that a consultant wrote the document explains the failure; it does not move the breach. The wider picture of who carries safety duties is covered in who is legally responsible for a risk assessment.
The assessor is exposed on a different front. A consultant who produces a defective assessment can face contractual claims, negligence claims and damage to accreditation, which is why serious practitioners carry professional indemnity insurance and work within third-party schemes such as BAFE SP205, FRACS or the IFE registers, with BS 8674 as the competence framework behind them. Since Section 156 of the Building Safety Act 2022, a careless appointment is a breach in its own right, so checking credentials is now part of the competent person question rather than good practice alone.