Revenue Assurance, Risk and Maturity Presentation to the 4 th IIR Global Forum on Telecoms Internal Audit, Risk Management and IT Controls 9 th May 2007 Eric Priezkalns ACA MSc BA Revenue Protect Limited Copyright © Revenue Protect Limited 2007

2 Introduction Over 10 years of industry experience specialising in revenue assurance Head of Revenue Assurance Controls at Cable & Wireless RA & Billing Best Practice Manager at T-Mobile UK Billing Integrity Manager at Worldcom UK Consultant and Financial Auditor at Deloittes Set up Revenue Protect Limited to Offer freelance consulting Found the Independent Practitioners of Revenue Assurance Establish an on-line revenue assurance community Read more at revenueprotect.comrevenueprotect.com

3 Copyright © Revenue Protect Limited 2007 Revenue assurance is “Data quality and process improvement methods that improve profits, revenues and cash flows without influencing demand.” Why talk about methods instead of goals? How do methods about data differ to those about process? Why are the financial goals stated vaguely in this definition? Why exclude “influencing demand”? What Is Revenue Assurance? Source: TeleManagement Forum Manual TR131

4 Copyright © Revenue Protect Limited 2007 Revenue Assurance Basics The 4 C’s Revenue Assurance focuses on each of these areas in order to detect leakage, correct or fix the issue and then ensure that changes are made to prevent that same issue from occurring in the future. As RA develops other areas of leakage are identified throughout the metering and billing process. Using a mix of data analysis and process improvement techniques RA is able to move through the levels of maturity by striving for continual improvement. Data analysis is focused upon a known leakage or area of leakage and offers quantitative results that the team can monitor over time. At this point the process improvement team are used to identify the root cause. Process improvement considers the end to end process. Through this end to end understanding of the hand offs between processes potential revenue leakages are identified using risk analysis techniques. These areas are then handed over to the data analysis team to gather quantifiable results. Capt ure Conveyance Monitoring and Reporting DetectEnsure Correct Colle ction Calculation The underpinning principle for the processing of data for metering and billing follows four logical steps: Capture – recording the supply that is made Calculation - the calculation of the charge due for the supply made Conveyance – the transmission of data from the point of recording the supply to the point of presentation to the customer. Collection – the collection of the charge due from the consumers of the service.

5 Copyright © Revenue Protect Limited 2007 Revenue Assurance and Risk Revenue Assurance is concerned with internal operational risks Per Basel II, operational risk = “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events” More specifically, tends to be associated with losses related to execution, process and delivery management Depending on the remit in the particular telco, may also cover some or all of internal and external fraud business disruption and system failures

6 Copyright © Revenue Protect Limited 2007 Execution, Delivery and Process: More from Basel II The following Basel II events correspond reasonably well to the typical scope of revenue assurance Transaction Capture, Execution & Maintenance Miscommunication Data entry, maintenance or loading error Missed deadline or responsibility Model / system misoperation Accounting error / entity attribution error Other task misperformance Delivery failure Collateral management failure Reference Data Maintenance Monitoring and ReportingFailed mandatory reporting obligation Inaccurate external report (loss incurred) Customer Intake and Documentation Client permissions / disclaimers missing Legal documents missing / incomplete Customer / Client Account Management Unapproved access given to accounts Incorrect client records (loss incurred) Negligent loss or damage of client assets

7 Copyright © Revenue Protect Limited 2007 Predictability of Risks Associated with Revenue Assurance Most telcos invested in revenue assurance as a means to address known or suspected recurring problems with obvious financial implications where there was a lack of suitable and available resources (manpower, tools, data) in the business to address them The implications may lead a Revenue Assurance department to be treated as a profit centre high-probability, low-impact risks get most attention low-probability, high-impact risks may get little or no attention perceived drivers for risk management (governance, external scrutiny) may be different to drivers for revenue assurance (higher revenues, improved cash collection)

8 Copyright © Revenue Protect Limited 2007 Problems With Embedding RA In Enterprise-Wide Risk Management Personnel may not recognise that revenue assurance is an element of enterprise-wide risk management little or no training or awareness of risk management poor demarcation of responsibilities between the different teams addressing risk “our scope is undercharging, not overcharging” Confused or conflicting priorities, either within or between departments, are not resolved reliability of financial reports vs. generating returns prevention vs. detection control environment vs. quick fix/win mentality “we cannot afford to spend time addressing root causes” “The RA department is a control; controls do not apply to us”

9 Copyright © Revenue Protect Limited 2007 The Dangers of Piecemeal Risk Management “While many firms have invested in enterprise risk management, few adequately manage risk interdependencies. Most firms manage risk in ‘silos,’ often leaving them blind to relationships between risks.” Because revenue assurance tends to be directed at high- probability, low-impact risks there may be a temptation to assume that there is no linkage with low-probability, high- impact risks But consider the relationship between the accuracy of transaction processing and reputation Source: Deloitte “Disarming the Value Killers: A Risk Management Study”

10 Copyright © Revenue Protect Limited 2007 From Tiny Acorns... “Companies need to go beyond risk management in silos to create an integrated, organization-wide risk management function.” But how do you build such a function, without stifling invention, without compromising other priorities, without creating a monolithic structure, whilst allowing room to utilise the knowledge and initiative of individuals to counter risk? Need a method that has this end goal in mind, but is realistic about stages of development and enables people to retain a sense of purpose and direction at all times And can be applied to individual “silos” like revenue assurance Source: Deloitte “Disarming the Value Killers: A Risk Management Study”

11 Copyright © Revenue Protect Limited 2007 Assessing the Maturity of Revenue Assurance The RA maturity assessment and benchmark was developed in collaboration with a number of TMF members including Cable & Wireless cVidya Ernst & Young IBS SubexAzure Telenor Telstra

12 Copyright © Revenue Protect Limited 2007 Revenue Assurance Maturity: Goals Provide a simple standard assessment for service providers that can be completed in less than 90 minutes Avoid quantitative measures of performance that may not be readily available or which prejudge priorities in each business Give a simple scoring mechanism and enable benchmarking between service providers Applies equally well to all types of service provider

13 Copyright © Revenue Protect Limited 2007 Revenue Assurance Maturity: Principles State a model of growth that treats the silo as a transitional stage during development but not as the ultimate conclusion Assess the business as a whole, not just the people responsible for revenue assurance Address all relevant aspects of business performance Give a strategic roadmap which clarifies what the next series of ambitions should be Structure borrowed from the Carnegie-Mellon SEI CMMI Based on a Deming-like model of improvement, where performance follows a pattern of being increasingly repeatable, then measurable, then predictable

14 Copyright © Revenue Protect Limited 2007 Revenue Assurance Maturity: 5 Stages of Maturity 5.Continuous improvement via feedback. Decentralised, holistic ownership. 4.Leakage quantitatively understood and controlled. 3.Standardised approach developed. Designing-in control commences. 2.Basic project/process management. Repeatable tasks. 1.Ad-hoc, chaotic. Dependant on individual heroics.

15 Copyright © Revenue Protect Limited 2007 Revenue Assurance Maturity: 5 Aspects of Performance The assessment is divided between 5 distinct aspects: Organisation Influence People Tools Process Each is assessed separately To consolidate improvements in one aspect, the others must also mature, for example Cannot make use of good tools without right people Influence degrades if organisation wrong May not be able to quantitatively measure the success of process improvements without adequate automated tools All aspects must be aligned to avoid a silo mentality

16 Copyright © Revenue Protect Limited 2007 Key Maturity Thinking The maturity assessment started as an academic exercise, capturing past experiences of the individuals involved But the thought experiment generated interesting and unexpected results on the future of revenue assurance Being more mature does not mean having a bigger revenue assurance department Leadership in revenue assurance involves giving credit for relevant controls and monitoring performed in a wide variety of business functions and trying to align them into a common approach Daily operational monitoring and other revenue assurance controls can and should be exported to the relevant operational department even if developed/prototyped by the revenue assurance team first

17 Copyright © Revenue Protect Limited 2007 Any questions?