Risk Based Approach to RA
description
Transcript of Risk Based Approach to RA
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 1
Revenue Risk Management
The Future of Revenue Assurance
Exploiting risk management techniques to accelerate Revenue Assurance maturity
January 2014
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 2
Introduction
• How can we improve RA maturity?• How much of my revenue is at risk?• How can we improve the
effectiveness of RA operations?• How can we maximise the return on
RA invesment?
Geoff IbbettSenior Consultant
rrmSolutions
RAMaturity
Revenue Gradient
Revenue & Cost Risk Modeling
Primary & Secondary Controls
Expected vs Actual Risk Reduction
Control Effectiveness
Dynamic Risk Management
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 3
Revenue assurance maturity
Source: TM Forum, TR131
Recovery
Avoidance and correction
Prevention
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 4
TM Forum Maturity Levels
Level 5: OPTIMISINGIntegrated revenue risk management programme, complete revenue & cost risk framework RA objectives directly linked to the goals of the business
Level 4: MANAGEDFull coverage, primary and secondary controls, approach based on risk mitigationRA is a shared responsibility throughout the whole organisation
Level: 3 DEFINEDIndependent RA team, automated RA system, limited coverageControl operation is centred on the RA team
Level 2: REPEATABLERA team, part of another dept, limited resources, no dedicated toolingIssues likely to recur, limited access to information, data prep dominates activities
Level 1: INITIALNo dedicated RA team, set of independent initiativesAd hoc reaction to circumstances, inconsistent approach
2013
1998
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 5
The revenue gradient
Order management Network Pricing Charging Payment/
Settlement Reporting
$
Value of services ordered
Value of services supplied
Value of rated
services
Value of charged services
Value of services paid for
Reported value of services
FinesCOA mapping errors
Error/suspense
External fraudBad debt
Margin errorsOver payments
RebatesPenalty payments
Internal fraudCharging errorsInvoicing errors
Internal fraudMetering errors
Usage mgmt errorsTariff mgmt errors
Rating errorsSubscriber mgmt errors
Subscription errorsStranded assets
Inflated costsLogistics errors
Quality of service issues
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 6
Risk management concepts
•Vulnerability
•Threats
•Risks
•Consequences
•Inherent risk
•Controls
•Measures
•Risk reduction
•Residual risk
•Performance indicator
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 7
Consequences of RA issues
Under billing
Over billing Rebates Penalties
Contractual liabilities Fines Inflated
costsImpaired cash flow
Opportunity loss
Elevated fraud risk
Customer satisfaction
Customer churn
Staff churn Qualified audits
Reporting inaccuracy
Reputational damage
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 8
Inherent vulnerabilities
Systems integration
Processes & procedures
Degree of manual
processes
OSS/BSS systems
Product management
Business rules
Change management
Testing strategy
Reference data
management
Configuration management Logistics Quality of
service
Customer service Controls
Knowledge of end-to-end
bus. processes
Corporate maturity
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 9
Key risk areas
Source: TM Forum, GB941
1. Product and offer management
2. Order management and provisioning
3. Network and usage management
4. Rating and billing
5. Receivables management
6. Finance and accounting
7. Customer management
8. Partner management
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 10
Example of control and its measures
Element Description
Vulnerability Poor systems integrationThreat Data lossControl Ensure completeness of data transfersMeasures File count
Block countRecord countFile sequence gap checkBlock sequence gap checkRecord sequence gap checkInter CDR end-time gap check
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 11
RA risk assessment
Link to revenue streams to
assess revenue at risk
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 12
Risk levels
Time
LevelofRisk
Inherent risk
Target risk
Residual risk
Expectedrisk reductionTarget
risk reduction Risk assessment
New threat
Change in risk appetite
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 13
Control effectiveness
Scope
FrequencyCorrectness
Accuracy
The coverage
provided by the control
How often the control is operationalFitness for
purpose
Quality of its implementation
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 14
Risk levels
Time
LevelofRisk
Inherent risk
Expected risk
Actual risk
Expectedrisk reduction
Actualrisk reduction
Risk assessment
New threat
Target riskChange in risk appetite
Targetrisk reduction
Residual risk
Copyright © 2008-2012 Revenue Risk Management Solutions 15
Systems& processes
Primary(in-line) Controls
Secondary (RA) Controls
Primary vs secondary controls
$
Threat Threat
Threat
Threat
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 16
Primary vs secondary controls
Order management Network Pricing Charging Payment/
Settlement Reporting
Primary (in-line) controls
Secondary (RA) controls
Revenue Assurance
• Primary controls should be designed to protect against revenue risk on a continuous basis• Primary controls should be operated by the responsible department• Secondary controls should be used to test the effectiveness of primary controls• Secondary controls should be performed by the revenue assurance team
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 17
Dynamic risk management
Risk Assessment
Control
Measure
Risk Reduction
Residual Risk
Monitor Measures
Risk Events
Re-evaluate Risk
Threat
Inherent Risk
Primary Controls
Expected risk
Actual risk
Dynamic Risk Management
RA Systems
Operational Systems
Primary Controls
Secondary Controls
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 18
Business benefits
Improved understanding of
risk profile
Identify preventative actions
Baseline for cost/benefit analysis
Prioritise control deployment
• Monitor control operation• Actual vs expected residual risk• Verify accuracy of risk assessments• Help to eliminate assumptions
• Prevent recurrence• Anticipate future risks
• Establish cost of controls• Eliminate over-protection
• Based on risk mitigation• Target controls more effectively
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 19
Summary
The rate of improvement in RA maturity is slowing• In many cases it has reached a ceiling• In some it has stagnated
A fundamental change of approach is required• A shift to preventative rather than corrective actions• Change from bottom-up, reactive activities to top-down, risk based initiatives• Separation of primary and secondary controls is essential• Revenue & cost risk must be a shared responsibility throughout an organisation• Target RA budgets to where they are needed
Extract more value from our investment in RA tooling• Improved automation of routine tasks• Notification when something needs to be investigated• We need to work smarter not harder
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 20
Questions and answers
Geoff IbbettSenior Consultant
rrmSolutions
RAMaturity
Revenue Gradient
Revenue & Cost Risk Modeling
Primary & Secondary Controls
Expected vs Actual Risk Reduction
Control Effectiveness
Dynamic Risk Management
A risk-based approach to Revenue Assurance