A proposal for a revenue and cost risk catalogue for the telecommunications industry


Discussion Paper

A proposal for a revenue and cost risk catalogue for the telecommunications industry

Version 2.2

April 2018

Copyright 2017-2018 © Geoff Ibbett.

Copyright Licence        The information contained within this document is licensed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivatives International 4.0 Licence the full text of which can be found here:




1        Introduction        3

1.1        Background        3

1.2        The Proposal        3

1.3        Objectives        3

1.4        Purpose and Scope        3

1.5        Copyright Licence        4

1.6        Future Extensions        4

1.7        Feedback and Contributions        4

2        The RAG RA Risk Map        5

3        The RAG RA Risk Catalogue        9

3.1        Introduction        9

3.2        The RAG Risk Model        9

3.3        Using the RAG RA Risk Catalogue        11

3.3.1        Revenue Stream        11

3.3.2        Service        11

3.3.3        System        12

4        Example of the RAG RA Risk Catalogue        13

  1.  Introduction

  1. Background

Revenue assurance within the telecommunications industry has been a maturing discipline for many years but the rate of maturity improvement appears to be slowing as traditional approaches to tackling revenue and cost risks reach their limit.

Yet there remains more that we need to do as an industry to improve the effectiveness and efficiency of our revenue assurance operations to mitigate the risks within our businesses, as services and infrastructure change and evolve.

Indeed, there remain differences of opinion regarding what should be within the scope of a revenue assurance programme, differences in approach to common problems, historic problems still blight the industry and newcomers often find it a daunting task even just to know where to start.

  1. The Proposal

As part of the RAG’s Innovation Programme, this paper outlines a proposal for us to collaborate as an industry by pooling our knowledge of the threats and risks that we face, their underlying root causes and ultimately, the measures that we can take to mitigate these issues.

The proposal consists of two parts: firstly, to establish a Revenue Assurance Risk Map to identify our key risk areas of concern and secondly, to develop a Revenue Assurance Risk Catalogue where our individual experiences can be combined and shared, for the purposes of supporting a risk-based approach to revenue and cost issues.

When combined with suitable risk modelling software, such as A1 Telekom’s risk modelling tool, the RAG Risk Catalogue will provide a valuable resource for risk modelling within the telecommunications industry.

  1. Objectives

It is intended that, by this approach, the industry will benefit by sharing hard won practical experience between organisations and that the risk catalogue will adapt as new threats emerge, new root causes are identified and new techniques and innovative approaches to tackling these issues evolve.

  1. Purpose and Scope

The purpose of this paper is to propose a RAG Revenue Assurance Risk Map to provide a framework from which the RAG Risk Catalogue can be derived.

  1. Copyright Licence

This document and the resulting RAG RA Risk Catalogue are intended to be shared resources within the industry and so, both resources are made available under the terms of the Creative Commons Attribution-NonCommercial-NoDerivates International 4.0 Licence, the full text of which can be found here:


  1. Future Extensions

In the fullness of time this approach could be extended to cover other areas of risk, such as fraud.

Ultimately, the vision of the author is that together we build a Business Assurance Risk Map and associated Risk Catalogue that covers all areas of risk present in our industry.

  1. Feedback and Contributions

To date, the author has received informal encouragement but now is the time to bring these ideas to a wider audience and seek formal feedback and contributions, from the industry as a whole, to guide the development of these ideas.

Consequently, the author encourages direct feedback in the form of comments, suggestions and contributions relating to this initiative.

The author can be contacted by email at geoff.ibbett@rrmsolutions.co.uk.

  1. The RAG RA Risk Map

The purpose of the RAG RA Risk Map is to present concisely the common grouping of risks that are inherent within the telecommunications industry as they relate to the end-to-end business processes that we operate.

They are important because they impact our businesses in many ways, including:

Under charging

Over charging


Penalty payments

Contractual liabilities


Unnecessary costs

Inflated costs

Impaired cash flow

Opportunity loss

Bad debt write-off

Elevated fraud risk

Customer satisfaction

Customer churn

Regulatory compliance

Reputational damage

Reporting inaccuracy

Qualified accounts

Staff churn

Shareholder value

The Risk Map defines the key risk areas that should be considered when managing revenue and cost risk within any organisation.

Figure 1 – The RAG Revenue Assurance Risk Map

To illustrate this, examples of some of the threats associated with each of the key risk areas are shown below.


Key Risk Area

Example Risks


Asset Assurance

Stranded assets, under/over capacity, assets not decommissioned in a timely manner


Billing Assurance

Post-paid invoicing errors, usage allowed when credit limited reached, discount errors, mutually exclusive discounts applied, incorrect tax calculations, incorrect manual intervention on billing system, discounts given when contract terms not complied with, expired promotions


Bypass Assurance

SIM Boxing, PBX by-pass, VoIP by-pass, OTT by-pass


Charging Assurance

Pre-paid balance movement errors, concurrent real-time charging losses, prepaid service allowed with zero/negative balance, excess charges not applied


Contract Assurance

Incorrect bespoke pricing, handsets on wrong tariff, bulk rate changes applied incorrectly


Credit Assurance

Customer risk profile too low, bad debt write off too high, missed revenue opportunity


Customer Experience Assurance

Products not used as expected, customer complaints, adverse social media, reputational damage, customer churn, sales growth lower than expected, early termination of contracts, poor quality of service, violation of service level agreements


Equipment Assurance

Unnecessary delay to supply of customer premises equipment, shipping of incorrect equipment, over supply of customer premises equipment, stock write-off, equipment not repossessed at end of contract


Grey Traffic Assurance

Traffic from unknown sources, unable to determine charging zones, billable traffic made to look like unbillable traffic


Partner Assurance

Under and over charging of partners, under and over payment by interconnect, under and over charging by interconnect partners, re-file traffic, arbitrage, unexpected traffic mix, to include resellers, MVNOs, wholesale partners, commission payments.


Loyalty Assurance

Awards made to non-qualifying members, over charging by suppliers of loyalty services, access to loyalty programme continues after contract terminated, expired loyalty promotions


Marketing Assurance

Product definitions do not align with network capabilities, published tariffs do not agree with price book, marketing campaigns do not deliver expected take-up


Network Assurance

Basic operation of the network including allowing unexpected service usage and barred numbers not implemented


Number Assurance

Inefficient management of allocated number range(s)


Payment Assurance

Payment credited for the wrong amount, payment credited to the wrong account, payment not linked to account, payment credited more than once, employee charges not deducted from salary correctly, top-up errors


Policy Assurance

Fair use policy implemented incorrectly, fair use policy not enforced


Pricing Assurance

Incorrect event-based pricing, incorrect event-based discount applied, incorrect zero/default rated event, incorrect apportionment between time bands, expired promotions


Process Assurance

Incorrect process steps, process gaps, high level of manual tasks, unapproved workarounds, informal hand-offs between teams, out of date business rules


Procurement Assurance

Purchasing of third party resources at pre-negotiated rates, bought-in third party services do not align with customer sales


Product Assurance

New product launched but cannot be billed, products with low/negative margin products, products with low take-up, product cannot provide all services and features, offers can be exploited by customers


Profitability Assurance

Unprofitable tariffs, unprofitable subscribers, unprofitable partners, unprofitable transit services, unprofitable marketing campaigns, unnecessary costs or costs that are higher than expected, out-payment errors, rebates, etc.


Reference Data Assurance

Out of date reference data, incorrect reference data, incomplete reference data


Reporting Assurance

Incorrect chart of account mapping, annual report does not give a true and fair reflection of the business, over statement of number of subscribers, error/suspense management


Sales Assurance

Service contracts do not adhere to sales guidelines, sales contracts do not align with product definitions, services are sold that cannot be implemented by existing products, withdrawn products continue to be sold


Subscription Assurance

Service before charging, charging before service, under/over provisioning of services and features, service after cease, charging after cease, customer on wrong plan, ex-employees still receive staff discount after leaving


Tariff Assurance

Missing destinations, destinations do not align with traffic classes, rate plans do not agree with price book, incorrect fair use policy definition, incorrect provisioning strings associated with products, unauthorised tariff changes


Usage Assurance

Incomplete/incorrect recording of service usage, billable usage removed from the billing chain, unexpected/unauthorised usage, duplicated usage data, usage data not sent to correct billing/settlement system

  1. The RAG RA Risk Catalogue

  1. Introduction

To underpin the Revenue Assurance Risk Map, it is proposed that the RAG assembles and publishes a Risk Catalogue containing essential risk-related information that can be used by organisations to conduct risk assessments, identify control gaps and plan the introduction of controls to protect the integrity of their businesses.

  1. The RAG Risk Model

The following diagram illustrates the relationship between the three essential elements that need to come together in order to bring the model to life, they are:

  1. Risk Map
  2. Risk Catalogue
  3. Risk Modelling Tool


Figure 2 – The Risk Model


RA Risk Map

Is the diagram in Figure 1, above.

Key Risk Areas

Are the individual boxes contained in the diagram in Figure 1, above, e.g. Tariff Assurance.


Are the potential risks that relate to a Key Risk Area.  For example, that tariff configurations in billing systems do not agree with published tariffs.

Root Causes

Are the underlying reasons that the risks exist.  For example, lack of a master price book, uncontrolled tariff changes and data entry errors, etc.

Processes & Systems

Business processes are the things that are affected when a risk materialises and systems are the physical assets which support our business processes and are where risks manifest themselves.


Are the steps that can be taken to mitigate the risks identified.  For example, to establish a master price book, identify tariff changes and compare with expected changes, rate velocity checks, etc.

In effect, our controls are implemented through one or more measures that we take.

During the risk assessment process each organisation should identify the control Measures that are applied within their business, from which a gap analysis can be performed.

Measure Types

Are a classification of the different types of Measures that can be adopted, e.g. traffic analysis, trend analysis, test call generation, test data, tariff audit, etc.

From this model, it will be possible to:

  1. Using the RAG RA Risk Catalogue

It is anticipated that there are three dimensions within which the RAG RA Risk Catalogue can be applied to any organisation.  They form the following hierarchy:

  1. Revenue Stream

The highest level in the hierarchy is the Revenue Stream, or Line of Business.  The RA Risk Model can be applied to each Revenue Stream in turn, depending upon how a business is structured, examples include:

  1. Prepaid Consumer
  2. Postpaid Consumer
  3. Small Business
  4. Corporate
  5. Public Sector
  6. Interconnect
  7. Roaming
  8. Reseller
  9. MVNO
  10. Wholesale

  1. Service

Within a Revenue Stream, the RAG RA Risk Catalogue can be applied to the services available, examples include:

  1. Voice
  2. Data
  3. Messaging
  4. Value added services
  5. Mobile money
  6. Streaming video
  7. Broadcast TV
  8. Video-on-demand
  9. Virtual private networks/Closed user groups

  1. System

The lowest level at which the RAG RA Risk Catalogue is expected to be applied is the system level, i.e. the assets which support our business processes.  A threat can appear on one or more systems.  Some examples include:

  1. Network elements
  2. Service nodes
  3. IN nodes
  4. Mediation systems
  5. Rating platforms
  6. Billing systems
  7. Settlement systems
  8. Inventory system
  9. Order management systems
  10. Servication activation platforms

  1. Example of the RAG RA Risk Catalogue

The following table gives an example of the structure and content of the first version of the RAG RA Risk Catalogue.

Figure 3 – Example RAG RA Risk Catalogue for Tariff Assurance

Copyright 2017-2018 © Geoff Ibbett                Page  of