The document discusses the importance of enhancing revenue assurance (RA) maturity by implementing risk management techniques. It outlines various maturity levels of revenue assurance and emphasizes a shift towards preventative actions and dynamic risk management, where both primary and secondary controls are crucial. The document concludes that more effective automation and targeted investment in RA initiatives are necessary for improved performance and effectiveness.

1. Revenue Risk Management
The Future of Revenue Assurance
Exploiting risk management techniques to
accelerate Revenue Assurance maturity
January 2014
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 1

2. Introduction
• How can we improve RA maturity?
• How much of my revenue is at risk?
• How can we improve the
effectiveness of RA operations?
• How can we maximise the return on
RA invesment?
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 2
Geoff Ibbett
Senior Consultant
rrmSolutions
RA
Maturity
Revenue
Gradient
Revenue &
Cost Risk
Modeling
Primary &
Secondary
Controls
Expected vs
Actual Risk
Reduction
Control
Effectiveness
Dynamic Risk
Management

3. Revenue assurance maturity
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 3
Source: TM Forum, TR131
Recovery
Avoidance and correction
Prevention

4. TM Forum Maturity Levels
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 4
Level 5: OPTIMISING
Integrated revenue risk management programme, complete revenue & cost risk framework
RA objectives directly linked to the goals of the business
Level 4: MANAGED
Full coverage, primary and secondary controls, approach based on risk mitigation
RA is a shared responsibility throughout the whole organisation
Level: 3 DEFINED
Independent RA team, automated RA system, limited coverage
Control operation is centred on the RA team
Level 2: REPEATABLE
RA team, part of another dept, limited resources, no dedicated tooling
Issues likely to recur, limited access to information, data prep dominates activities
Level 1: INITIAL
No dedicated RA team, set of independent initiatives
Ad hoc reaction to circumstances, inconsistent approach
2013
1998

5. The revenue gradient
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 5
Order
management
Network Pricing Charging
Payment/
Settlement
Reporting
$
Value of
services
ordered
Value of
services
supplied
Value of
rated
services
Value of
charged
services
Value of
services
paid for
Reported
value of
services
Fines
COA mapping errors
Error/suspense
External fraud
Bad debt
Margin errors
Over payments
Rebates
Penalty payments
Internal fraud
Charging errors
Invoicing errors
Internal fraud
Metering errors
Usage mgmt errors
Tariff mgmt errors
Rating errors
Subscriber mgmt errors
Subscription errors
Stranded assets
Inflated costs
Logistics errors
Quality of service issues

6. Risk management concepts
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 6
• Vulnerability
• Threats
• Risks
• Consequences
• Inherent risk
• Controls
• Measures
• Risk reduction
• Residual risk
• Performance indicator

7. Consequences of RA issues
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 7
Under
billing
Over
billing
Rebates Penalties
Contractual
liabilities
Fines
Inflated
costs
Impaired
cash flow
Opportunity
loss
Elevated
fraud risk
Customer
satisfaction
Customer
churn
Staff churn
Qualified
audits
Reporting
inaccuracy
Reputational
damage

8. Inherent vulnerabilities
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 8
Systems
integration
Processes &
procedures
Degree of
manual
processes
OSS/BSS
systems
Product
management
Business
rules
Change
management
Testing
strategy
Reference
data
management
Configuration
management
Logistics
Quality of
service
Customer
service
Controls
Knowledge of
end-to-end
bus. processes
Corporate
maturity

9. Key risk areas
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 9
Source: TM Forum, GB941
1. Product and offer management
2. Order management and provisioning
3. Network and usage management
4. Rating and billing
5. Receivables management
6. Finance and accounting
7. Customer management
8. Partner management

10. Example of control and its measures
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 10
Element Description
Vulnerability Poor systems integration
Threat Data loss
Control Ensure completeness of data transfers
Measures File count
Block count
Record count
File sequence gap check
Block sequence gap check
Record sequence gap check
Inter CDR end-time gap check

11. RA risk assessment
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 11

12. Risk levels
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 12
Time
Level
of
Risk
Inherent risk
Target risk
Residual risk
Expected
risk
reductionTarget
risk
reduction Risk assessment
New threat
Change in
risk appetite

13. Control effectiveness
Scope
FrequencyCorrectness
Accuracy
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 13
The
coverage
provided by
the control
How often
the control is
operationalFitness for
purpose
Quality of its
implementation

14. Risk levels
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 14
Time
Level
of
Risk
Inherent risk
Expected risk
Actual risk
Expected
risk
reduction
Actual
risk
reduction
Risk assessment
New threat
Target risk
Change in
risk appetite
Target
risk
reduction
Residual risk

15. Systems
& processes
Primary
(in-line) Controls
Secondary
(RA) Controls
Primary vs secondary controls
Copyright © 2008-2012 Revenue Risk Management Solutions 15
$
Threat Threat
Threat
Threat

16. Primary vs secondary controls
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 16
Order
management
Network Pricing Charging
Payment/
Settlement
Reporting
Primary (in-line) controls
Secondary (RA) controls
Revenue Assurance
• Primary controls should be designed to protect against revenue risk on a continuous basis
• Primary controls should be operated by the responsible department
• Secondary controls should be used to test the effectiveness of primary controls
• Secondary controls should be performed by the revenue assurance team

17. Dynamic risk management
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 17
Risk
Assessment
Control
Measure
Risk
Reduction
Residual
Risk
Monitor
Measures
Risk Events
Re-evaluate
Risk
Threat
Inherent
Risk
Primary
Controls
Expected
risk
Actual
risk
Dynamic Risk
Management
RA
Systems
Operational
Systems
Primary
Controls
Secondary
Controls

18. Business benefits
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 18
Improved
understanding of
risk profile
Identify
preventative
actions
Baseline for
cost/benefit
analysis
Prioritise control
deployment
• Monitor control operation
• Actual vs expected residual risk
• Verify accuracy of risk assessments
• Help to eliminate assumptions
• Prevent recurrence
• Anticipate future risks
• Establish cost of controls
• Eliminate over-protection
• Based on risk mitigation
• Target controls more effectively

19. Summary
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 19
The rate of improvement in RA maturity is slowing
• In many cases it has reached a ceiling
• In some it has stagnated
A fundamental change of approach is required
• A shift to preventative rather than corrective actions
• Change from bottom-up, reactive activities to top-down, risk based initiatives
• Separation of primary and secondary controls is essential
• Revenue & cost risk must be a shared responsibility throughout an organisation
• Target RA budgets to where they are needed
Extract more value from our investment in RA tooling
• Improved automation of routine tasks
• Notification when something needs to be investigated
• We need to work smarter not harder

20. Questions and answers
Copyright © 2008-2014 Revenue Risk Management Solutions Limited 20
Geoff Ibbett
Senior Consultant
rrmSolutions
RA
Maturity
Revenue
Gradient
Revenue &
Cost Risk
Modeling
Primary &
Secondary
Controls
Expected vs
Actual Risk
Reduction
Control
Effectiveness
Dynamic Risk
Management
A risk-based approach
to Revenue Assurance