Revenue Assurance Risk and Maturity Presentation to the

Revenue Assurance, Risk and Maturity Presentation to the 4 th IIR Global Forum on Telecoms Internal Audit, Risk Management and IT Controls 9 th May 2007 Eric Priezkalns ACA MSc BA Revenue Protect Limited Copyright © Revenue Protect Limited 2007

Introduction Over 10 years of industry experience specialising in revenue assurance Head of Revenue Assurance Controls at Cable & Wireless RA & Billing Best Practice Manager at T-Mobile UK Billing Integrity Manager at Worldcom UK Consultant and Financial Auditor at Deloittes Set up Revenue Protect Limited to • Offer freelance consulting • Found the Independent Practitioners of Revenue Assurance • Establish an on-line revenue assurance community Read more at revenueprotect. com 2 Copyright © Revenue Protect Limited 2007

What Is Revenue Assurance? Revenue assurance is “Data quality and process improvement methods that improve profits, revenues and cash flows without influencing demand. ” Source: Tele. Management Forum Manual TR 131 Why talk about methods instead of goals? How do methods about data differ to those about process? Why are the financial goals stated vaguely in this definition? Why exclude “influencing demand”? 3 Copyright © Revenue Protect Limited 2007

Revenue Assurance Basics The 4 C’s Capture Conveyance Collectio n Calculation Monitoring and Reporting Detect Correct Ensure The underpinning principle for the processing of data for metering and billing follows four logical steps: l Capture – recording the supply that is made l Calculation - the calculation of the charge due for the supply made l Conveyance – the transmission of data from the point of recording the supply to the point of presentation to the customer. 4 l Collection – the collection of the charge due from Revenue Assurance focuses on each of these areas in order to detect leakage, correct or fix the issue and then ensure that changes are made to prevent that same issue from occurring in the future. As RA develops other areas of leakage are identified throughout the metering and billing process. Using a mix of data analysis and process improvement techniques RA is able to move through the levels of maturity by striving for continual improvement. Data analysis is focused upon a known leakage or area of leakage and offers quantitative results that the team can monitor over time. At this point the process improvement team are used to identify the root cause. Process improvement considers the end to end process. Through this end to end understanding of the hand offs between processes potential revenue leakages are identified using risk analysis techniques. These areas are then handed over to the data analysis team to gather quantifiable results. the consumers of the service. Copyright © Revenue Protect Limited 2007

Revenue Assurance and Risk Revenue Assurance is concerned with internal operational risks Per Basel II, operational risk = “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events” More specifically, tends to be associated with losses related to execution, process and delivery management 5 Depending on the remit in the particular telco, may also cover some or all of • internal and external fraud • business disruption and system failures Copyright © Revenue Protect Limited 2007

Execution, Delivery and Process: More from Basel II The following Basel II events correspond reasonably well to the typical scope of revenue assurance Transaction Capture, Execution & Maintenance Monitoring and Reporting Customer Intake and Documentation 6 Miscommunication Data entry, maintenance or loading error Missed deadline or responsibility Model / system misoperation Accounting error / entity attribution error Other task misperformance Delivery failure Collateral management failure Reference Data Maintenance Failed mandatory reporting obligation Inaccurate external report (loss incurred) Client permissions / disclaimers missing Legal documents missing / incomplete Customer / Client Account Unapproved access given to accounts Management Incorrect client records (loss incurred) Negligent loss or damage of client assets Copyright © Revenue Protect Limited 2007

Predictability of Risks Associated with Revenue Assurance Most telcos invested in revenue assurance as a means to • address known or suspected recurring problems • with obvious financial implications • where there was a lack of suitable and available resources (manpower, tools, data) in the business to address them The implications 7 • may lead a Revenue Assurance department to be treated as a profit centre • high-probability, low-impact risks get most attention • low-probability, high-impact risks may get little or no attention • perceived drivers for risk management (governance, external scrutiny) may be different to drivers for revenue assurance (higher revenues, improved cash collection) Copyright © Revenue Protect Limited 2007

Problems With Embedding RA In Enterprise-Wide Risk Management Personnel may not recognise that revenue assurance is an element of enterprise-wide risk management • little or no training or awareness of risk management • poor demarcation of responsibilities between the different teams addressing risk “our scope is undercharging, not overcharging” Confused or conflicting priorities, either within or between departments, are not resolved • reliability of financial reports vs. generating returns • prevention vs. detection • control environment vs. quick fix/win mentality “we cannot afford to spend time addressing root causes” 8 “The RA department is a control; controls do not apply to us” Copyright © Revenue Protect Limited 2007

The Dangers of Piecemeal Risk Management “While many firms have invested in enterprise risk management, few adequately manage risk interdependencies. Most firms manage risk in ‘silos, ’ often leaving them blind to relationships between risks. ” Source: Deloitte “Disarming the Value Killers: A Risk Management Study” 9 • Because revenue assurance tends to be directed at highprobability, low-impact risks there may be a temptation to assume that there is no linkage with low-probability, highimpact risks • But consider the relationship between the accuracy of transaction processing and reputation Copyright © Revenue Protect Limited 2007

From Tiny Acorns. . . “Companies need to go beyond risk management in silos to create an integrated, organization-wide risk management function. ” Source: Deloitte “Disarming the Value Killers: A Risk Management Study” 10 • But how do you build such a function, without stifling invention, without compromising other priorities, without creating a monolithic structure, whilst allowing room to utilise the knowledge and initiative of individuals to counter risk? • Need a method that has this end goal in mind, but is realistic about stages of development and enables people to retain a sense of purpose and direction at all times • And can be applied to individual “silos” like revenue assurance Copyright © Revenue Protect Limited 2007

Assessing the Maturity of Revenue Assurance The RA maturity assessment and benchmark was developed in collaboration with a number of TMF members including • Cable & Wireless • c. Vidya • Ernst & Young • IBS • Subex. Azure • Telenor • Telstra 11 Copyright © Revenue Protect Limited 2007

Revenue Assurance Maturity: Goals • Provide a simple standard assessment for service providers that can be completed in less than 90 minutes • Avoid quantitative measures of performance that may not be readily available or which prejudge priorities in each business • Give a simple scoring mechanism and enable benchmarking between service providers • Applies equally well to all types of service provider 12 Copyright © Revenue Protect Limited 2007

Revenue Assurance Maturity: Principles 13 • State a model of growth that treats the silo as a transitional stage during development but not as the ultimate conclusion • Assess the business as a whole, not just the people responsible for revenue assurance • Address all relevant aspects of business performance • Give a strategic roadmap which clarifies what the next series of ambitions should be • Structure borrowed from the Carnegie-Mellon SEI CMMI • Based on a Deming-like model of improvement, where performance follows a pattern of being increasingly • repeatable, then • measurable, then • predictable Copyright © Revenue Protect Limited 2007

Revenue Assurance Maturity: 5 Stages of Maturity 5. Continuous improvement via feedback. Decentralised, holistic ownership. 4. Leakage quantitatively understood and controlled. 3. Standardised approach developed. Designing-in control commences. 2. Basic project/process management. Repeatable tasks. 1. Ad-hoc, chaotic. Dependant on individual heroics. 14 Copyright © Revenue Protect Limited 2007

Revenue Assurance Maturity: 5 Aspects of Performance The assessment is divided between 5 distinct aspects: • • • Organisation Influence People Tools Process Each is assessed separately • To consolidate improvements in one aspect, the others must also mature, for example 15 • Cannot make use of good tools without right people • Influence degrades if organisation wrong • May not be able to quantitatively measure the success of process improvements without adequate automated tools • All aspects must be aligned to avoid a silo mentality Copyright © Revenue Protect Limited 2007

Key Maturity Thinking The maturity assessment started as an academic exercise, capturing past experiences of the individuals involved But the thought experiment generated interesting and unexpected results on the future of revenue assurance 16 • Being more mature does not mean having a bigger revenue assurance department • Leadership in revenue assurance involves giving credit for relevant controls and monitoring performed in a wide variety of business functions and trying to align them into a common approach • Daily operational monitoring and other revenue assurance controls can and should be exported to the relevant operational department even if developed/prototyped by the revenue assurance team first Copyright © Revenue Protect Limited 2007

Any questions? 17 eric. priezkalns@revenueprotect. com www. revenueprotect. com Copyright © Revenue Protect Limited 2007