A proposal for a revenue and cost risk catalogue for the telecommunications industry
A proposal for a revenue and cost risk catalogue for the telecommunications industry
Copyright 2017-2018 © Geoff Ibbett.
Copyright Licence The information contained within this document is licensed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives International 4.0 Licence the full text of which can be found here:
1 Introduction 3
1.1 Background 3
1.2 The Proposal 3
1.3 Objectives 3
1.4 Purpose and Scope 3
1.5 Copyright Licence 4
1.6 Future Extensions 4
1.7 Feedback and Contributions 4
2 The RAG RA Risk Map 5
3 The RAG RA Risk Catalogue 9
3.1 Introduction 9
3.2 The RAG Risk Model 9
3.3 Using the RAG RA Risk Catalogue 11
3.3.1 Revenue Stream 11
3.3.2 Service 11
3.3.3 System 12
4 Example of the RAG RA Risk Catalogue 13
Revenue assurance within the telecommunications industry has been a maturing discipline for many years but the rate of maturity improvement appears to be slowing as traditional approaches to tackling revenue and cost risks reach their limit.
Yet there remains more that we need to do as an industry to improve the effectiveness and efficiency of our revenue assurance operations to mitigate the risks within our businesses, as services and infrastructure change and evolve.
Indeed, there remain differences of opinion regarding what should be within the scope of a revenue assurance programme, differences in approach to common problems, historic problems still blight the industry and newcomers often find it a daunting task even just to know where to start.
As part of the RAG’s Innovation Programme, this paper outlines a proposal for us to collaborate as an industry by pooling our knowledge of the threats and risks that we face, their underlying root causes and ultimately, the measures that we can take to mitigate these issues.
The proposal consists of two parts: firstly, to establish a Revenue Assurance Risk Map to identify our key risk areas of concern and secondly, to develop a Revenue Assurance Risk Catalogue where our individual experiences can be combined and shared, for the purposes of supporting a risk-based approach to revenue and cost issues.
When combined with suitable risk modelling software, such as A1 Telekom’s risk modelling tool, the RAG Risk Catalogue will provide a valuable resource for risk modelling within the telecommunications industry.
It is intended that, by this approach, the industry will benefit by sharing hard won practical experience between organisations and that the risk catalogue will adapt as new threats emerge, new root causes are identified and new techniques and innovative approaches to tackling these issues evolve.
The purpose of this paper is to propose a RAG Revenue Assurance Risk Map to provide a framework from which the RAG Risk Catalogue can be derived.
This document and the resulting RAG RA Risk Catalogue are intended to be shared resources within the industry and so, both resources are made available under the terms of the Creative Commons Attribution-NonCommercial-NoDerivates International 4.0 Licence, the full text of which can be found here:
In the fullness of time this approach could be extended to cover other areas of risk, such as fraud.
Ultimately, the vision of the author is that together we build a Business Assurance Risk Map and associated Risk Catalogue that covers all areas of risk present in our industry.
To date, the author has received informal encouragement but now is the time to bring these ideas to a wider audience and seek formal feedback and contributions, from the industry as a whole, to guide the development of these ideas.
Consequently, the author encourages direct feedback in the form of comments, suggestions and contributions relating to this initiative.
The author can be contacted by email at firstname.lastname@example.org.
The purpose of the RAG RA Risk Map is to present concisely the common grouping of risks that are inherent within the telecommunications industry as they relate to the end-to-end business processes that we operate.
They are important because they impact our businesses in many ways, including:
Impaired cash flow
Bad debt write-off
Elevated fraud risk
The Risk Map defines the key risk areas that should be considered when managing revenue and cost risk within any organisation.
Figure 1 – The RAG Revenue Assurance Risk Map
To illustrate this, examples of some of the threats associated with each of the key risk areas are shown below.
Key Risk Area
Stranded assets, under/over capacity, assets not decommissioned in a timely manner
Post-paid invoicing errors, usage allowed when credit limited reached, discount errors, mutually exclusive discounts applied, incorrect tax calculations, incorrect manual intervention on billing system, discounts given when contract terms not complied with, expired promotions
SIM Boxing, PBX by-pass, VoIP by-pass, OTT by-pass
Pre-paid balance movement errors, concurrent real-time charging losses, prepaid service allowed with zero/negative balance, excess charges not applied
Incorrect bespoke pricing, handsets on wrong tariff, bulk rate changes applied incorrectly
Customer risk profile too low, bad debt write off too high, missed revenue opportunity
Customer Experience Assurance
Products not used as expected, customer complaints, adverse social media, reputational damage, customer churn, sales growth lower than expected, early termination of contracts, poor quality of service, violation of service level agreements
Unnecessary delay to supply of customer premises equipment, shipping of incorrect equipment, over supply of customer premises equipment, stock write-off, equipment not repossessed at end of contract
Grey Traffic Assurance
Traffic from unknown sources, unable to determine charging zones, billable traffic made to look like unbillable traffic
Under and over charging of partners, under and over payment by interconnect, under and over charging by interconnect partners, re-file traffic, arbitrage, unexpected traffic mix, to include resellers, MVNOs, wholesale partners, commission payments.
Awards made to non-qualifying members, over charging by suppliers of loyalty services, access to loyalty programme continues after contract terminated, expired loyalty promotions
Product definitions do not align with network capabilities, published tariffs do not agree with price book, marketing campaigns do not deliver expected take-up
Basic operation of the network including allowing unexpected service usage and barred numbers not implemented
Inefficient management of allocated number range(s)
Payment credited for the wrong amount, payment credited to the wrong account, payment not linked to account, payment credited more than once, employee charges not deducted from salary correctly, top-up errors
Fair use policy implemented incorrectly, fair use policy not enforced
Incorrect event-based pricing, incorrect event-based discount applied, incorrect zero/default rated event, incorrect apportionment between time bands, expired promotions
Incorrect process steps, process gaps, high level of manual tasks, unapproved workarounds, informal hand-offs between teams, out of date business rules
Purchasing of third party resources at pre-negotiated rates, bought-in third party services do not align with customer sales
New product launched but cannot be billed, products with low/negative margin products, products with low take-up, product cannot provide all services and features, offers can be exploited by customers
Unprofitable tariffs, unprofitable subscribers, unprofitable partners, unprofitable transit services, unprofitable marketing campaigns, unnecessary costs or costs that are higher than expected, out-payment errors, rebates, etc.
Reference Data Assurance
Out of date reference data, incorrect reference data, incomplete reference data
Incorrect chart of account mapping, annual report does not give a true and fair reflection of the business, over statement of number of subscribers, error/suspense management
Service contracts do not adhere to sales guidelines, sales contracts do not align with product definitions, services are sold that cannot be implemented by existing products, withdrawn products continue to be sold
Service before charging, charging before service, under/over provisioning of services and features, service after cease, charging after cease, customer on wrong plan, ex-employees still receive staff discount after leaving
Missing destinations, destinations do not align with traffic classes, rate plans do not agree with price book, incorrect fair use policy definition, incorrect provisioning strings associated with products, unauthorised tariff changes
Incomplete/incorrect recording of service usage, billable usage removed from the billing chain, unexpected/unauthorised usage, duplicated usage data, usage data not sent to correct billing/settlement system
To underpin the Revenue Assurance Risk Map, it is proposed that the RAG assembles and publishes a Risk Catalogue containing essential risk-related information that can be used by organisations to conduct risk assessments, identify control gaps and plan the introduction of controls to protect the integrity of their businesses.
The following diagram illustrates the relationship between the three essential elements that need to come together in order to bring the model to life, they are:
Figure 2 – The Risk Model
RA Risk Map
Is the diagram in Figure 1, above.
Key Risk Areas
Are the individual boxes contained in the diagram in Figure 1, above, e.g. Tariff Assurance.
Are the potential risks that relate to a Key Risk Area. For example, that tariff configurations in billing systems do not agree with published tariffs.
Are the underlying reasons that the risks exist. For example, lack of a master price book, uncontrolled tariff changes and data entry errors, etc.
Processes & Systems
Business processes are the things that are affected when a risk materialises and systems are the physical assets which support our business processes and are where risks manifest themselves.
Are the steps that can be taken to mitigate the risks identified. For example, to establish a master price book, identify tariff changes and compare with expected changes, rate velocity checks, etc.
In effect, our controls are implemented through one or more measures that we take.
During the risk assessment process each organisation should identify the control Measures that are applied within their business, from which a gap analysis can be performed.
Are a classification of the different types of Measures that can be adopted, e.g. traffic analysis, trend analysis, test call generation, test data, tariff audit, etc.
From this model, it will be possible to:
It is anticipated that there are three dimensions within which the RAG RA Risk Catalogue can be applied to any organisation. They form the following hierarchy:
The highest level in the hierarchy is the Revenue Stream, or Line of Business. The RA Risk Model can be applied to each Revenue Stream in turn, depending upon how a business is structured, examples include:
Within a Revenue Stream, the RAG RA Risk Catalogue can be applied to the services available, examples include:
The lowest level at which the RAG RA Risk Catalogue is expected to be applied is the system level, i.e. the assets which support our business processes. A threat can appear on one or more systems. Some examples include:
The following table gives an example of the structure and content of the first version of the RAG RA Risk Catalogue.
Figure 3 – Example RAG RA Risk Catalogue for Tariff Assurance
Copyright 2017-2018 © Geoff Ibbett Page of