Copyright © 2008-2014 Revenue Risk Management Solutions Limited 1

Revenue Risk Management

The Future of Revenue Assurance

Exploiting risk management techniques to accelerate Revenue Assurance maturity

January 2014

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 2

Introduction

• How can we improve RA maturity?• How much of my revenue is at risk?• How can we improve the

effectiveness of RA operations?• How can we maximise the return on

RA invesment?

Geoff IbbettSenior Consultant

rrmSolutions

RAMaturity

Revenue Gradient

Revenue & Cost Risk Modeling

Primary & Secondary Controls

Expected vs Actual Risk Reduction

Control Effectiveness

Dynamic Risk Management

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 3

Revenue assurance maturity

Source: TM Forum, TR131

Recovery

Avoidance and correction

Prevention

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 4

TM Forum Maturity Levels

Level 5: OPTIMISINGIntegrated revenue risk management programme, complete revenue & cost risk framework RA objectives directly linked to the goals of the business

Level 4: MANAGEDFull coverage, primary and secondary controls, approach based on risk mitigationRA is a shared responsibility throughout the whole organisation

Level: 3 DEFINEDIndependent RA team, automated RA system, limited coverageControl operation is centred on the RA team

Level 2: REPEATABLERA team, part of another dept, limited resources, no dedicated toolingIssues likely to recur, limited access to information, data prep dominates activities

Level 1: INITIALNo dedicated RA team, set of independent initiativesAd hoc reaction to circumstances, inconsistent approach

2013

1998

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 5

The revenue gradient

Order management Network Pricing Charging Payment/

Settlement Reporting

$

Value of services ordered

Value of services supplied

Value of rated

services

Value of charged services

Value of services paid for

Reported value of services

FinesCOA mapping errors

Error/suspense

External fraudBad debt

Margin errorsOver payments

RebatesPenalty payments

Internal fraudCharging errorsInvoicing errors

Internal fraudMetering errors

Usage mgmt errorsTariff mgmt errors

Rating errorsSubscriber mgmt errors

Subscription errorsStranded assets

Inflated costsLogistics errors

Quality of service issues

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 6

Risk management concepts

•Vulnerability

•Threats

•Risks

•Consequences

•Inherent risk

•Controls

•Measures

•Risk reduction

•Residual risk

•Performance indicator

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 7

Consequences of RA issues

Under billing

Over billing Rebates Penalties

Contractual liabilities Fines Inflated

costsImpaired cash flow

Opportunity loss

Elevated fraud risk

Customer satisfaction

Customer churn

Staff churn Qualified audits

Reporting inaccuracy

Reputational damage

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 8

Inherent vulnerabilities

Systems integration

Processes & procedures

Degree of manual

processes

OSS/BSS systems

Product management

Business rules

Change management

Testing strategy

Reference data

management

Configuration management Logistics Quality of

service

Customer service Controls

Knowledge of end-to-end

bus. processes

Corporate maturity

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 9

Key risk areas

Source: TM Forum, GB941

1. Product and offer management

2. Order management and provisioning

3. Network and usage management

4. Rating and billing

5. Receivables management

6. Finance and accounting

7. Customer management

8. Partner management

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 10

Example of control and its measures

Element Description

Vulnerability Poor systems integrationThreat Data lossControl Ensure completeness of data transfersMeasures File count

Block countRecord countFile sequence gap checkBlock sequence gap checkRecord sequence gap checkInter CDR end-time gap check

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 11

RA risk assessment

Link to revenue streams to

assess revenue at risk

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 12

Risk levels

Time

LevelofRisk

Inherent risk

Target risk

Residual risk

Expectedrisk reductionTarget

risk reduction Risk assessment

New threat

Change in risk appetite

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 13

Control effectiveness

Scope

FrequencyCorrectness

Accuracy

The coverage

provided by the control

How often the control is operationalFitness for

purpose

Quality of its implementation

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 14

Risk levels

Time

LevelofRisk

Inherent risk

Expected risk

Actual risk

Expectedrisk reduction

Actualrisk reduction

Risk assessment

New threat

Target riskChange in risk appetite

Targetrisk reduction

Residual risk

Copyright © 2008-2012 Revenue Risk Management Solutions 15

Systems& processes

Primary(in-line) Controls

Secondary (RA) Controls

Primary vs secondary controls

$

Threat Threat

Threat

Threat

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 16

Primary vs secondary controls

Order management Network Pricing Charging Payment/

Settlement Reporting

Primary (in-line) controls

Secondary (RA) controls

Revenue Assurance

• Primary controls should be designed to protect against revenue risk on a continuous basis• Primary controls should be operated by the responsible department• Secondary controls should be used to test the effectiveness of primary controls• Secondary controls should be performed by the revenue assurance team

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 17

Dynamic risk management

Risk Assessment

Control

Measure

Risk Reduction

Residual Risk

Monitor Measures

Risk Events

Re-evaluate Risk

Threat

Inherent Risk

Primary Controls

Expected risk

Actual risk

Dynamic Risk Management

RA Systems

Operational Systems

Primary Controls

Secondary Controls

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 18

Business benefits

Improved understanding of

risk profile

Identify preventative actions

Baseline for cost/benefit analysis

Prioritise control deployment

• Monitor control operation• Actual vs expected residual risk• Verify accuracy of risk assessments• Help to eliminate assumptions

• Prevent recurrence• Anticipate future risks

• Establish cost of controls• Eliminate over-protection

• Based on risk mitigation• Target controls more effectively

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 19

Summary

The rate of improvement in RA maturity is slowing• In many cases it has reached a ceiling• In some it has stagnated

A fundamental change of approach is required• A shift to preventative rather than corrective actions• Change from bottom-up, reactive activities to top-down, risk based initiatives• Separation of primary and secondary controls is essential• Revenue & cost risk must be a shared responsibility throughout an organisation• Target RA budgets to where they are needed

Extract more value from our investment in RA tooling• Improved automation of routine tasks• Notification when something needs to be investigated• We need to work smarter not harder

Copyright © 2008-2014 Revenue Risk Management Solutions Limited 20

Questions and answers

Geoff IbbettSenior Consultant

rrmSolutions

RAMaturity

Revenue Gradient

Revenue & Cost Risk Modeling

Primary & Secondary Controls

Expected vs Actual Risk Reduction

Control Effectiveness

Dynamic Risk Management

A risk-based approach to Revenue Assurance