Professional Documents
Culture Documents
R e v e n u e A s s u R A n c e s TA n d A R d s
ReleAse 2009
The
All rights reserved. Printed and bound in the United States of America. No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission in writing from the publisher. Use of a terms in this book should not be regarded as affecting the validity of any trademark or service mark.
Ta b l e o f C o n t e n t s
Table of Contents
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi Chapter 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Monetary Menials or Profit Prophets: The Revenue Assurance Phenomena . . . . . . . . . . . . . . . . . . . . . . . . . 1
Old School Revenue Assurance and the Monetary Menial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Introducing the BOM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Whatever Happened to the Product Manager? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 The Modern Telecommunications Management Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
The Demise of the BOM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 The Demise of the Full Life Cycle Product Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Welcome to the Telecom of the 21st Century . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Revenue Assurance: State of the Art Today . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Old School Revenue Assurance The Monetary Menials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Next Generation Revenue Assurance The Profit Prophet Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Prevention vs. Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Anticipation vs. Reaction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Becoming the Prophet of Telco Profits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
The Modern Revenue Assurance Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 The GRAPA Standards Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Challenges to the Establishment of Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Disparity in Size, ARPU and Headcount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Disparity in Technology (Age, Diversity, Complexity) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Disparity in Corporate and National Culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Disparity in Organizational Maturity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Revenue Assurance Standards: A Sliding Scale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
GRAPA
iii
Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 The GRAPA Benchmarks: The State of the Revenue Assurance Profession Today . . . . . . 21
GRAPA Benchmarks: Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Observations About the Volatility of the Benchmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Benchmark Respondents General RA Practices and Personnel Characteristics Background . 22 Line of Business of Respondents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
GRAPA
iv
Ta b l e o f C o n t e n t s
Background of Typical Revenue Assurance Professionals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Years of Experience (Employed in Telecommunications) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Basic Background and Training . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Educational Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 The Practice of Revenue Assurance within the Telco . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Revenue Assurance Performed by Other Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Self Assurance: Revenue Assurance Performed by Operational Departments Themselves . . . . 26 Where does Revenue Assurance Report? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Role and Positioning of Fraud Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Scope, Breadth and Depth of RA Participation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Biggest Needs within Revenue Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 The Future of Revenue Assurance 2009 Forecast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Conclusions Drawn from the Benchmark Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Sliding Scale Application of Revenue Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 Need to Define Boundaries between RA and Other Oversight / Assurance Groups . . . . . . . . . . . 30
Need to define boundaries between RA and Operational Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 The Need for Training and Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 GRAPA Standards Approach and Prerequisite Components (Practices and Body of Knowledge) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
The Standards Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 The Standards Development and Ratification Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
GRAPA Workshops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 GRAPA Committees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 GRAPA Benchmark Surveys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 GRAPA Town Hall Meetings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 GRAPA Standards Ratification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
GRAPA
Techniques and Practices Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Tools Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Line of Business Knowledge (Operational Domains) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
GRAPA Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Standard Controls Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 Diagnostic and Administrative Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 KPIs and Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
GRAPA Standards: Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
The Revenue Assurance Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 What Is Not Part of Revenue Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Developing a Non-Anecdotal Definition of Revenue Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
A Functional Description of Revenue Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 Note: Who Does What? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
GRAPA
vi
Ta b l e o f C o n t e n t s
Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 A Set of Guidelines Not an Instructions Manual . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 The Revenue at Risk Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 The Forensic Analysis Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Inputs to Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Managing the Queue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Who Does What? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 The Prioritization of Cases and Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 The First Revenue Assurance KPI Case/Domain Uptake Rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Exchange Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Process Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Systems Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Statistical and Numerical Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Outputs of Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Summary of the Case/Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Review of the Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Revenue at Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
The Second Set of Forensic KPIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Remedy Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Remedy Recommendation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 How Formal Does the Forensics Process Need to Be? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
GRAPA
vii
Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Controls, Corrections and Compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Management Decision-Making . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 The Management Decision Making Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Remedy Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Implementation Responsibility Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Funding and Budgeting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
The Controls/Corrections Development Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Understanding Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Definition of a Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Most Commonly Applied Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Threshold Response Monitoring based on Existing Operational Reports. . . . . . . . . . . . . . . . . . . . . . . . . . 70 Test Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Synchronization Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Change Management Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Auto-Adjustment Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Understanding Corrections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Understanding Compliance and Reporting (KPIs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 What is the Reason for Compliance Reporting? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Why is an Accurate Definition of Objectives Critical? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 Remediation, Detection and Deterrence (RDD) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Appetite for Risk and RDD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Scope and RDD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 What Kinds of Cases Should be Included in the Charter for Revenue Assurance? . . . . . . . . . . . . . . . . . . 81
GRAPA
viii
Ta b l e o f C o n t e n t s
Who Else is Available? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 The Six Mis Prefixed Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Leakage Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
KPIs for Forensics, Controls and Corrections for Leakage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Fraud Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
KPIs for Forensics, Controls and Corrections for Fraud . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Margin and Rate Plan Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Beyond Interconnect Margins Rate Plan Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Bundle and Subsidy Rationalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Cannibalism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 The Revenue Assurance Lifecycle and Rate Plan Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
New Product Development Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Product Assurance Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Market Assurance (Churn and Market Erosion) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 How Do You Assure Against Churn? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Determining the Loss and Risk of Loss Associated with Churn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Asset Utilization Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 BTS Outage Assurance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 RDD and Asset Utilization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 The Fluid and Expanding Scope of Revenue Assurance Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Chapter 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Domains and Scope Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Defining Scope by Function and Responsibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Starting with the ETOM model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
GRAPA Vertical and Horizontal Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Vertical Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Network Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 BSS and OSS Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 Operational Areas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Vertical Domain Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
GRAPA
ix
Line of Business Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Product Line Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Rate Plan Domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Market and Customer Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Taxonomy of Horizontal Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104 Revenue Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 1. Define the Horizontal Domain for the Mapping Exercise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 2. Decompose the Domain into Revenue Streams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 3. Obtain Revenue Numbers for Each Revenue Stream . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 4. Create a Revenue Map for Each Revenue Stream . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
a) Identify the Point of Revenue Transaction Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 b) Identify the Point of Revenue Transaction Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 c) Trace the Revenue Transaction Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 d) Assign Revenue Values to Each Component . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Revenue Map Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Creating a Payment Map for each Revenue Stream . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110 Horizontal Forensics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110
Risk Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Chapter 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Organizational Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 Making Revenue Assurance a Good Fit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .117 Separating Who Does What? from What Needs to be Done? . . . . . . . . . . . . . . . . . . . . . . . . . .118 The Coverage Challenge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .118 The Super-Revenue Assurance Department Temptation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Best Fit Criteria for Revenue Assurance on a Task-by-Task or Domain-by-Domain Basis . . . . . . . . . . . 119
GRAPA
Ta b l e o f C o n t e n t s
The Revenue Management Organizationand the Return of the BOM . . . . . . . . . . . . . . . . . . . . . . . . 121 The Shared Responsibility Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 Organizational Principle #1: The Relationship of Revenue Assurance to the Operational Team . . . . . 122
Exceptions and Conditions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Organizational Principle #2: The Relationship of Revenue Assurance to Other Support Organizations . 123 Organizational Principle #3: The Relationship of Revenue Assurance to Top Management . . . . . . . 123 A. Assess and Report Risk Forensics and Overall Risk Analysis . . . . . . . . . . . . . . . . . . . . . . . . 124
Assessing Risk vs. Performing Risk Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 End to End Assurance and Strategy vs. Tactical Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
B. Define and Recommend Rationalized Remedies Recommend Coverage Plans . . . . . . . . . 125 C. Implement Based on Management Decision and Appetite for Risk . . . . . . . . . . . . . . . . . . . . . 125
Top Management Must be Directly Involved . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Other Managers Can Take Responsibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 The Revenue Assurance Management Team Can Make the Decision . . . . . . . . . . . . . . . . . . . . . . . . . . 126 The Revenue Assurance Practitioner is Authorized to Make The Decision . . . . . . . . . . . . . . . . . . . . . . . 126
Management Decision-Making and Appetite for Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 D. Perform Within Formally Defined Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Chapter 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Operational Principles and Ethics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 The Core Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Consensus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Integrity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Rationalization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Ethical Principles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Corporate Responsibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Operational Independence Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Principles of Practice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Competency Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Transparency Requirement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Maximum Effect for Minimum Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
GRAPA
xi
The Need for a Professional Revenue Assurance Function. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Telco and Revenue Loss An Odd Relationship . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 The Revenue Assurance Job Today . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Benefits of Professionalization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 What Does Professionalization Mean? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Benefits of Professionalization for the Practitioner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Benefits of Professionalization for the Company . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Authoritative Body of Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
The Role of Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 What is Certification? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Why Pursue Certification? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Why Is It Required? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Knowledge Volatility (Continuous Source of Knowledge Upgrade). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Accessibility of Knowledge (Silos of Information) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
GRAPA
xii
Ta b l e o f C o n t e n t s
Career Anchor (Referential Positioning) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Control Rate of Growth (Self Guidance) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Measurement of Competence (Self Confidence) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
GRAPA
xiii
II.C. Interconnect Line of Business Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156 II.D. Roaming Line of Business Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 II.E. Value Added Services Line of Business Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 II.F. Cable-Based Services Line of Business Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 II.G. Streaming Services Line of Business Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 II.H. Data Services Line of Business Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 II.I. Content-Based Services Line of Business Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 II.J. Satellite Services Line of Business Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Payment Channel Domain Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 III.A. Point of Sale Payment Channel Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 III.B. Sales Channel Payment Channel Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 III.C. Prepaid Retail Payment Channel Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 III.D. Distribution Payment Channel Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 III.E. Credit and Collections Payment Channel Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 III.F. Credit Card and ATM Payment Channel Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Provisioning and Activation Process Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 IV.A. Provisioning and Activation Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 New Product Development Process Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 V.A. New Product Development Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Fraud Management and Crime Detection Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 VI.A. Fraud Management Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 Techniques Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162 VII.A. Revenue Assurance Lifecycle and Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 VII.B. Forensics Analysis Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 VII.C. Operational Monitoring (Controls Management) Techniques . . . . . . . . . . . . . . . . . . . . . . . 163 VII.D. Corrections Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 VII.F. Compliance Management Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 VII.G. Revenue Assurance Department Management Techniques . . . . . . . . . . . . . . . . . . . . . . . 164 VII.H. Fraud Management Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164 VII.I. Audit Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 VII.J. Margin Analysis Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
GRAPA
xiv
Ta b l e o f C o n t e n t s
VII.K. Revenue Stream Maximization Network Element Outage Assurance Techniques . . . . . 165 VII.L. Revenue Stream Maximization Fraud Management Assurance Techniques . . . . . . . . . . 165 VII.M. Rate Plan and Bundle Assurance Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Tools Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 VIII.A. Fraud Management Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 VIII.B. Probes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 VIII.C. Test Call Generators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 VIII.D. Parallel Rating Engines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166 VIII.E. Business Intelligence Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 VIII.F. Revenue Assurance Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
GRAPA
xv
Ta b l e o f C o n t e n t s
GRAPA
xvi
Foreword
Foreword
In January of 2009, the Global Revenue Assurance Professionals Association (GRAPA) formally published the official Standards for the Practice of Revenue Assurance for 2009. These Standards are the result of many hours of hard work by dozens of volunteers who labored to make the Standards as neutral, unbiased, practical, and useful as possible for the thousands of people who are currently employed as Revenue Assurance professionals in the Telecommunications industry. This book is an in depth review and exploration of the current Standards. The Standards Document itself is only 18 pages long, but the implications and interpretations of the dozens of different principles are extensive. It is our hope that the majority of the people practicing Revenue Assurance around the world today take the time to review these Standards and make use of whatever they find to be beneficial. In an effort to encourage the dissemination of these Standards as quickly and accurately as possible, it was decided to make this book available via several channels: 1. 2. 3. GRAPA members can download a PDF version of the book, free of charge, using their GRAPA Membership ID on the GRAPA website. Anyone wishing to obtain a copy of the book without providing personal contact information can purchase an e-download from a number of sources. The book will also be made available in soft- and hardcover format and can be purchased from a number of sources.
This book (and the Standards) represent a work in progress; not a definitive last word on the practice of Revenue Assurance. We hope that it provides professionals with a rich body of knowledge, a perspective to clarify their thinking, and that it improves their professional careers. If you are genuinely interested and/or engaged by this book, we hope that you are inspired enough to join the GRAPA organization and become further involved in the ongoing refinement of these Standards. Although it is not be possible for me to give credit to all of the many people that participated and helped with this process, I must acknowledge some of those that had a major role in making the book happen. My thanks and gratitude goes out to: Mike Sullivan (USA), Wessel Scheepers (South Africa), John L. Myers (USA), Henry E. Whyte (Ghana), Sriram Dharmarajan (India), Baba Diomande (Gabon), Dsir Nindjin (Ivory Coast), Robert Martignoni (Germany), Carola Rusch (Germany), Enid Mullin (South Africa), Victoria de Aboitiz (Argentina), Theodore Daniel Toma (Egypt), Pete Van Cleve (USA), Ravikumar Jigajinni (India), Anthony Cruz (Philippines), Malthesh Gududappa (India), along with the U.S. GRAPA team members who helped to make this happen including Brigitte Mattison, Chris Yesulis, Laura Knigge, Dustin Mattison, Eva Pristera, Nathan Langlois, Michael Crowley, Amy Beymer, Teresa Shepp, Jade Blackwater, and many others. This work could not have been completed without your dedication and continuous effort. I would also like to acknowledge and thank our copy editor, Rick Alaska, who made this book read as smoothly as it does.
GRAPA
xvii
GRAPA
xviii
Seems like a great job, doesnt it? But looking around the Telecommunications industry today, you can easily find hundreds of job openings with exactly these kinds of qualifications and terms. More unbelievably, you will also find a core group of highlymotivated individuals who are willing to voluntarily take on these tremendous jobs. To the casual observer and even to the seasoned Telecommunications professional, the phenomenon known as Revenue Assurance creates quite a bit of confusion and at times some controversy. Despite the confusion, the bickering and apathy, it is clear that Revenue Assurance is growing in scope, depth and breadth on nearly a daily basis.
GRAPA
GRAPA
GRAPA
GRAPA
To take on the mantle of prevention, we have to define exactly how far to take it.
GRAPA
GRAPA was founded and has as its primary mission the job of aiding Revenue Assurance professionals around the world in the definition, standardization and professionalization of the Revenue Assurance job. Early in the life of the organization it became clear that the key advantage that most members were seeking was a clear set of standards by which they could set their goals and objectives. There are many reasons why GRAPA has taken on the development of a clearly defined, industry-wide, globally accepted set of standards for the practice of Revenue Assurance. Standards of this kind provide support from many peoples perspectives. 1. Top Management: By establishing a clear set of standards, it will be possible for companies to: a. Better understand, manage and finance Revenue Assurance activities b. Better judge the skills, strengths and weaknesses of Revenue Assurance departments c. Develop a clear set of expectations, KPIs and budgetary guidelines for the conduct of Revenue Assurance within the organization d. Decide upon clear boundaries and assignment of responsibilities between the Internal Audit, I/T, Sarbanes-Oxley, Business Process Engineering, and Operational Management teams. 2. Revenue Assurance Managers: Standards make it possible for Revenue Assurance managers to: a. More efficiently organize and run their departments b. More effectively recruit and train people with the right skills and dispositions c. Develop clear career paths and salary scales for RA professionals d. Gain acceptance, support and a shared vision between the RA, Operational Management, and Top Management teams. 3. Revenue Assurance Professionals: These standards make is possible for individuals to: a. Better understand their own mission and value to the organization b. Build a comprehensive career development plan c. Increase their value to the organization d. Improve their sense of mastery, accomplishment and proficiency In general, the objectives of these standards are to help the industry overall, and the Revenue Assurance professionals as individuals to improve the quality, quantity and effectiveness of their activities to the benefit of all parties involved.
GRAPA
Figure 1.1 Optimum size and nature of RA team in relation to the ARPU and Headcount of carrier
GRAPA
Figure 1.2 Optimum structural and automation approach based on the ARPU and Headcount of carrier
Older Technology Simpler Environment Less Need for Revenue Assurance More Need for Revenue Assurance
Figure 1-3 Relationship between the complexity and age of technology to the need for RA support
GRAPA
Older Organization Mature Processes And Operations Less Need for Revenue Assurance More Need for Revenue Assurance
Figure 1-4 Relationship between age and maturity of an organization and its need for Revenue Assurance support
GRAPA
GRAPA
10
C h a p t e r 2 - I n t r o d u c t i o n t o G R A PA
More importantly, this discussion demonstrated that Revenue Assurance professionals are very interested in learning what other RA professionals are doing. A desire to share information, to learn from each other, and to create a community of professionals has been continually expressed by Revenue Assurance professionals. About six months later, a small group of people decided to turn these needs and concepts into a viable professional association. This association was dedicated exclusively to creating a Revenue Assurance community and solidifying the professionalization of the discipline.
GRAPA
11
GRAPA
12
C h a p t e r 2 - I n t r o d u c t i o n t o G R A PA
It was decided that, in order to target as large a population of professionals as possible, the criteria for membership and for participation had to be geared towards the entire spectrum of carriers, geographies and situations.
Total membership: Over 1800 Proportion of members who work for carriers in Revenue Assurance and Internal Audit capacity: 75% Average number of GRAPA members per carrier: 2.5 Continent with the most GRAPA members: Africa Continent with the least GRAPA members: Northern Asia (China, Korea, Japan) Countries with the most GRAPA members: India, Nigeria, South Africa Participants in GRAPA Benchmarks in 2008: over 300
GRAPA
13
GRAPA Countries
Afghanistan Albania Algeria Angola Anguilla Argentina Armenia Aruba Australia Austria Azerbaijan Bahrain Bangladesh Barbados Belgium Belize Benin Bolivia Bosnia and Herzegovina Botswana Brazil Brunei Darussalam Bulgaria Burkina Faso Cambodia Cameroon Canada Cayman Islands Central African Republic Chad Chile China Colombia Congo Costa Rica Cote dIvoire Croatia Czech Republic Democratic Republic of Congo Denmark Dominican Republic Ecuador Egypt El Salvador Estonia Fiji France Gabon Georgia
Germany Ghana Great Britain Greece Grenada Guatemala Haiti Honduras Hong Kong Hungary India Indonesia Iran Iraq Ireland Israel Italy Jamaica Japan Jordan Kenya Kuwait Latvia Lebanon Lesotho Libya Lithuania Luxembourg Macedonia Madagascar Malawi Malaysia Maldives Malta Mauritius Mexico Mongolia Morocco Mozambique Namibia Netherlands Netherlands Antilles New Zealand Niger Nigeria Norway Oman Pakistan Palau Palestinian Territory
Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Rwanda Saint Lucia Saudi Arabia Senegal Serbia and Montenegro Sierra Leone Singapore Slovakia Slovenia South Africa Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syria Taiwan Tanzania Thailand Togo Tonga Trinidad and Tobago Tunisia Turkey Uganda Ukraine United Arab Emirates United Kingdom USA Uzbekistan Venezuela Vietnam Yemen Zambia Zimbabwe
GRAPA
14
C h a p t e r 2 - I n t r o d u c t i o n t o G R A PA
Members' Regions
GRAPA members can bet found in every region of the world. Our greatest membership numbers are currently in Africa and Southern Asia, but we are gaining quick acceptance and growth in the South American, European and Northern Asia markets as well.
1.79% (3) 7.74% (13) Asia Africa Middle East W. Europe E. Europe N. America Latin America S. Pacific
.
11.31% (19)
33.33% (56)
GRAPA members work with all of the major lines of business in telecommunications today: Wireless (GSM and CDMA), Wireline, DSL, Cable, Satellite, Long Distance, Roaming, WiFi, WiMax and many other technologies. As you can see by this graph, GRAPA members provide a highly representative coverage of each of these "lines of business".
GSM CDMA Wireline WiFi WiMax Cable Broadband DSL Satellite Content Other: Frame Relay VAS Wireless 3G
10
20
30
40
50
60
GRAPA
15
14.29%
1 to 300,000 300,001 to 600,000 600,000 to 1,000,000 1,000,001 to 2,000,000 2,000,001 to 3,000,000 3,000,001 to 5,000,000 5,000,001 to 10,000,000 More than 10,000,000
27.38% 7.14%
7.14%
12.50%
2.
GRAPA
16
C h a p t e r 2 - I n t r o d u c t i o n t o G R A PA
(The rationale for this is simple. If GRAPA is developing the standards, body of knowledge and professionalization that people really want and need, then they should be willing to pay for it. In fact, if they are not willing to pay for it, then that actually proves that the material being developed is offering no real value to the constituency. The success of the Revenue Assurance academy, and the certification program is, in fact, a very powerful and crystal clear litmus test for the effectiveness of the association and the work that it performs. If what the association creates is relevant, adds value to peoples careers and makes sense to managers, then the classes and certification will be filled. If not, then the association is clearly failing.)
These small teams provide support to the different committees and members in the accomplishment of their objectives.
GRAPA
17
GRAPA Benchmarks
One of the more prominent and useful of the GRAPA activities in 2008 was the GRAPA benchmarks, which consisted of a number of different questionnaires. These were designed to help the GRAPA organization and members to understand current Revenue Assurance practices around the world. The rules for GRAPA benchmarks are simple. If you participate in the benchmark, you get to see the results. Over 300 members participated in our benchmarks in 2008 and several dozen are planned for 2009.
GRAPA in 2009
2009 will see a number of improvements and re-commitment to many things that worked well in 2008. More importantly, we will continue with our innovation by providing a number of new activities.
GRAPA Certification
Simultaneous with the release and promotion of the GRAPA ratified standards will be the launching of the GRAPA Certification Program. This program was designed to assist Revenue Assurance professionals in establishing clear goals and objectives for their career paths. It is designed foremost to accomplish the primary objective of GRAPA, which is the professionalization of the industry. GRAPA certification includes requirements for members in the areas of training, testing and real world experience. GRAPA will be assembling a support staff to support this certification effort.
GRAPA
18
C h a p t e r 2 - I n t r o d u c t i o n t o G R A PA
For more information about the GRAPA certification program, see the GRAPA website at www.grapatel.com/A-GRAPA/02Certification/Certification.asp
This same organization administers the GRAPA certification program, a program designed to assist Revenue Assurance professionals in defining a career path and attaining the training and experience necessary to accomplish those objectives. For more information about GRAPA training see the Revenue Assurance Academy website at: www.ra-academy.org 2009 expansion will include: 1. Alignment of the curriculum with the GRAPA Standards, specifically, the principles, practices and body of knowledge requirements. It is the commitment of the Revenue Assurance Academy to enable members to attain the knowledge, skills and experience they need to accomplish their certification objectives. A more conservative caldendar The Revenue Assurance Academy will be offering more venues in 2009, and will be announcing tentative dates well in advance (12 months). This calendar was assembled to help as many members as possible reach certification in less than 1 year (if possible). Expansion of curriculum a number of GRAPA members have been recruited to write much of the training required by the new expanded body of knowledge requirements. Expansion of faculty The Revenue Assurance Academy is planning on adding a number of instructors to the staff in 2009 in alignment with the new curriculum and certification requirements.
2.
3. 4.
New Committees
In addition to the already exciting work being done by existing committees, several new committees are being formed. Included will be committees to address: 1. Credentialization - Determining which major certification / industry standards bodies GRAPA should align with. GRAPA is already engaged in the study and consideration of membership in the TIA, working with the ITU at the national level, NOCA and several others. 2. Spanish, Arabic and French Language Development - GRAPA understands the importance of the accessibility of information and training in a language that is comfortable for the member to undertand. For that reason, we will be launching several major initiatives to deploy the standards, Townhalls, training and other GRAPA materials in French, Spanish and Arabic.
GRAPA
19
GRAPA
20
C h a p t e r 3 - T h e G R A PA B e n c h m a r k s
Chapter 3 the Grapa benChMarks: the state oF the revenue assuranCe proFession today
What exactly is the status of the Revenue Assurance profession today? How extensive is it? How is it practiced? Who is doing the job? How does it vary from one location to the next? These are just a few of the questions that the GRAPA organization has set out to answer through execution of a number of different benchmark surveys?
The Revenue Assurance Team Member Profiles attempted to help us understand: 1. 2. 3. The background and skills of existing Revenue Assurance team members The basic professional training and level of experience of a typical Revenue Assurance professional A general understanding of career paths and plans of these professionals
In total, over 200 people participated in these benchmarks, providing solid information about the state of the profession for those individuals. The relatively small size of the benchmark compared to GRAPA membership is primarily due to the fact that GRAPA membership was approximately 300 at the beginning of 2008, but grew to a staggering 1700 by the end of the year. As a result, the number of participants represents approximately 25 to 35% of the membership at the time the surveys were conducted.
Copyright 2009 Rob Mattison GRAPA 21
2.
Some of the volatility that we discovered in these surveys is attributable to the high percentage of African, Middle Eastern and South Asian members in GRAPA. These markets are currently undergoing some significant volatility at the highest level. It is important to note that even the more stable European and North and South American carriers had their fair share of this type of volatility, although it was not quite as severe. Equally important is the fact that these markets are quickly overtaking the European and American markets as the thought leaders and trendsetters in the industry. As the shift of emphasis and innovation moves from the old school European and American carriers to the new leading African, Asian and Middle Eastern operators, the importance of these markets and their behaviors will continue to increase.
GRAPA
22
C h a p t e r 3 - T h e G R A PA B e n c h m a r k s
10
20
30
40
50
60
4.76% 3.57%
32.14%
11.31%
33.33%
GRAPA
23
Less than 1 year 1-2 years 3-10 years 11-20 years More than 20 years 0 50 100 150
Accounting I/T Operations (Billing) Operations (Network) Operations (Mediation) Operations (Accounting /Finance) Other, specify: 0 20 40 60 80 100
GRAPA
24
C h a p t e r 3 - T h e G R A PA B e n c h m a r k s
The Other category yielded an amazing mix of skills including: Product Development Business Analyst Credit Management Data Warehouse / DBA / IT Security Officer Interconnect Operations Manager
Educational Background
The educational background of most Revenue Assurance professionals is higher than that of most typical Telecom employees. The vast majority of Revenue Assurance practitioners have a four-year college degree and almost half of them also have advanced degrees.
Trade School Some College Bachelors Degree (4 years) Masters Degree (2+ years of post graduate work) PHD (3+ years of post graduate work) 0 50 100
GRAPA
25
The largest group is made up of the Internal Audit organizations, but Sarbanes-Oxley, Quality Management, and Risk Management groups are also well-represented.
Sarbannes-Oxley Internal Audit Risk Management Corporate Performance Mgmt Corporate Governance
50
100
150
Network Operations Mediation Postpaid Prepaid Roaming Interconnect Provisioning Sales Credit Collections 0 10 20 30 40 50 60 70
GRAPA
26
C h a p t e r 3 - T h e G R A PA B e n c h m a r k s
4.17%
61.31%
8.93% Partial
GRAPA
27
It is in this area, that the GRAPA Standards were seen as a more critical tool. Without a standardized way of dissecting and explaining the various aspects of the Revenue Assurance job, it is clearly impossible to assess the extent to which Revenue Assurance is actually being done. In general, the surveys showed that Revenue Assurance teams were involved in dozens of areas. Many of these areas appear to be quite inappropriate and out of scope for what we would traditionally consider to be the Revenue Assurance job. While the classical switch to bill job shows up, its importance continues to diminish as bigger risks to revenue are discovered, and as the reliance on the simplistic postpaid, voice and circuit-based business models give way to the exponentially more complex models of the twenty-first century. The scope of Revenue Assurance clearly includes the following areas in many Telcos around the world. Any attempt to define a set of criteria for measuring the actual penetration and assignment of responsibility to Revenue Assurance for these areas is greatly confused by: 1. 2. 3. 4. 5. The shared nature of Revenue Assurance responsibilities The almost random practice of self-assurance by different departments The almost random acceptance of Revenue Assurance type responsibilities by Internal Audit, SOX and other oversight groups The maturity, skills and adequacy of the Revenue Assurance teams themselves The size, profitability and nature of the Telco organization
However, taken as a whole, you will find Revenue Assurance departments responsible for the revenue and operational integrity aspects of every single line of business with which Telcos are involved. This is along the entire depth and breadth of the Revenue Management streams from Network Operations, Switch Utilization, Network Investment Assurance, Network Outage Assurance, Marketing, Churn, Sales Channel Security and Assurance, Credit, Collections, Product Development, Prepaid, Interconnect, Roaming, and dozens of other areas. The scope of Revenue Assurance in Telecommunications today is undeniably: 1. 2. 3. Extensive Inconsistently applied between Telcos Expanding in scope and importance.
For a comprehensive listing of the currently defined and approved body of knowledge considered to be in-scope for Revenue Assurance as of 1 January 2009, see the GRAPA Body of Knowledge Index in the Appendix of this book as well as the details of the Objectives (Levels of Assurance) section of the Standards.
GRAPA
28
C h a p t e r 3 - T h e G R A PA B e n c h m a r k s
Training of personnel Standards and procedures Budget Systems selection System development Cooperation between groups Role within the overall organization Staffing Technical skills development New product development integration 0 50 100 150
Rapid Growth
Shrinking
0 0
50
100
150
200
GRAPA
29
GRAPA
30
C h a p t e r 3 - T h e G R A PA B e n c h m a r k s
GRAPA
31
GRAPA
32
C h a p t e r 4 - G R A PA S t a n d a r d s A p p r o a c h a n d P r e r e q u i s i t e C o m p o n e n t s
Chapter 4 Grapa standards approaCh and prerequisite CoMponents (praCtiCes and body oF knowledGe)
Based on our best understanding of how Revenue Assurance is being practiced today, and given the clear mandate by the members of GRAPA regarding what their biggest needs and concerns are, the GRAPA organization set out to develop a set of standards that would: Meet the needs of Revenue Assurance professionals around the world Have enough legitimacy to make it acceptable to the majority of Revenue Assurance professionals Include enough value to make it attractive for CFOs, CEOs and other top managers to be motivated to align with the standards
The biggest needs and issues as determined by our benchmarks, town hall meetings and seminars are: 1. The need to define the fit of Revenue Assurance within the organization, especially in regards to top management, other assurance organizations (Internal Audit, Sarbanes Oxley etc), and the critical relationship with Operational Managers. In other words, determining the issues of responsibility and accountability. The need to define a mechanism for the organization of the Revenue Assurance job so that managers can train, staff, organize, measure, and assess the effectiveness of practitioners. The need to create a clear, consistent vocabulary and structure that can be applied to the majority of the vastly different implementations of Revenue Assurance across different geographies, technologies and cultural templates.
2. 3.
The structure employed to accomplish these objectives involved the definition of the standards themselves, along with related and supporting information and structures.
GRAPA
33
the definition of best practice is problematic at best. GRAPA has prepared and will begin to build a comprehensive library of such practices as the next step in the standards and certification processes. Standards Standards are built on the foundation, and assumption of the existence of practices and body of knowledge. They describe the structure, operating principles and guidelines for the organization, along with the fit and execution of Revenue Assurance.
Standards
Body of Knowledge
Practices
GRAPA Workshops
The GRAPA membership disseminates its knowledge, expertise and intentions through a variety of mechanisms. One of the most compelling and effective is GRAPA workshops. Workshops are combined training/problem solving sessions wherein GRAPA members meet to discuss their common problems, approaches and solutions. These sessions, offered through the GRAPA Revenue Assurance Academy, provide a compelling, in- depth and personal source of input and knowledge-sharing. More than twenty workshops were held around the world in 2008 in Asia, Europe, Africa, Middle East, North and South America. These workshops were each attended by at least fifteen participants and included Revenue Assurance Managers, CFOs, Internal Auditors, Revenue Assurance Practitioners, Management Consultants, Software Engineers, and IT personnel.
GRAPA
34
C h a p t e r 4 - G R A PA S t a n d a r d s A p p r o a c h a n d P r e r e q u i s i t e C o m p o n e n t s
GRAPA Committees
GRAPA hosted a number of committees for the development of standards in 2007 and 2008. These committees were used for most of the advance work in the standards process, such as defining the basic parameters, guidelines, body of knowledge and framework. Committee members came from Management Consulting, Software and Revenue Assurance departments.
GRAPA
35
GRAPA
36
C h a p t e r 4 - G R A PA S t a n d a r d s A p p r o a c h a n d P r e r e q u i s i t e C o m p o n e n t s
Tools Knowledge
In addition to knowledge of domains and techniques, the practitioner must also be familiar with and conversant in the utilization of the wide variety of different systems, applications and other tools especially designed to aide in Revenue Assurance activities.
GRAPA Practices
The GRAPA Practices Library defines the sum total of the best estimate of how different professionals perform the Revenue Assurance job. Practices are divided into the following major categories: 1. 2. 3. Standard Controls Inventory Diagnostic and Administrative Techniques KPIs and Measures
GRAPA
37
The job of the Revenue Assurance professional is to take a look at the existing environment and determine: 1. 2. 3. 4. The exact level of risk of loss associated with each control The level of assurance that should be applied The tolerance for risk/loss that should be integrated into the environment. Note: We refer to steps 1, 2 and 3 as the Forensics process. That controls are implemented and enforced. This is referred to as the Compliance process.
The Standard Controls library forms the foundational reference for the Revenue Assurance professional. Note: The Practices library for GRAPA is currently found embedded in the GRAPA certified training courses. Work on a true reference library will be undertaken as the need arises.
GRAPA
38
C h a p t e r 5 - G R A PA S t a n d a r d s : S t r u c t u r e
Chapter 5
One of the biggest challenges in the development of a set of standards is determining how to organize the material. Many people in the GRAPA organization had great ideas about what Revenue Assurance is, how it should be done, what works and what doesnt, in addition to what is important and what is not. If the standards are going to be effective they must be: 1. 2. 3. 4. Organized Clear Easy to understand Relevant
We believe that the standards specified here accomplish these objectives. When documenting standards of this nature, you need to determine how to separate each of the concepts, while simultaneously pointing out their interrelationship. The standards as specified here, when coupled with the practices and body of knowledge, present an amazingly clear and straightforward way to organize and professionalize the practice of Revenue Assurance. There is a risk, however, that the reader will examine some aspects of the standards and fail to see how they are appropriate. This reader may have missed how the other parts of the standards make them appropriate. Therefore, we ask the reader to review the standards in their entirety, before jumping to any conclusions about their adequacy or appropriateness. These standards are an interlocking set of foundation stones which, when utilized together, will deliver what we believe is a highly effective Revenue Assurance practice. The GRAPA Standards themselves have been organized into the following four major categories: 1. Disciplines and the Revenue Assurance Lifecycle Which define the four major Jobs in the Revenue Assurance domain (Forensics, Controls Management, Corrections Management, and Compliance) and the way they work together to assure revenue risk. The four core disciplines that make up the job of Revenue Assurance often surprise people when they first review them. But for most practitioners, the soundness of the approach quickly helps them to understand their jobs in new and more manageable ways. Not only does the definition and delineation of the Revenue Assurance Disciplines provide a badly needed organizational reference, it makes interdepartmental boundary setting, establishment of measures and KPIs, and the negotiation of responsibilities quite clear and straightforward.
GRAPA
39
2.
3.
4.
Domains Which provide the vocabulary and method for designating what is in and out of scope for Revenue Assurance activity. By far, one of the most confusing and difficult to manage aspects of the Revenue Assurance job is the continuous ebb and flow of responsibility and scope. Revenue assurance is, by definition, a fill-in job, a stopgap and supporting role to the major function of the Telco, which is the operational part. If Revenue Assurance is to be successful, it must have a method and a process for defining what it is doing, where it is doing it, and what it is expected to deliver as a result of that involvement. Domain management and definition is a foundational concept of the standards for this reason. Objectives (Levels) Which define what the purpose of the Revenue Assurance activities are to be in each area. By far the most controversial, interesting and exciting aspect of the practice of Revenue Assurance is the incredible diversity in the definition of exactly what the objective of that effort should be. Under GRAPA, we refer to the different objectives as levels of assurance. Assuring against current revenue losses, prevention of losses, anticipation of loss, and mediation of all losses in all of their forms comprises the second critical aspect of Revenue Assurance scope definition and control. Principles Which define the organizational and operational guidelines for establishing a Revenue Assurance group. The principles address the ethics of how Revenue Assurance should be practiced, as well as establishing the guidelines for how the Revenue Assurance practitioner is to relate to and work with top management, related assurance groups, and the Operational Managers they serve. It is our firm belief that, if Revenue Assurance is to graduate from the status of a part-time, ad hoc, short term solution to a profession, then establishing an ethical foundation and declaring clear and enforceable organizational boundaries is critically important.
Developing a comprehensive definition of revenue assurance, requires that we create a definitive summary of all of the different aspects embodied by these standards. The decision of whether to include this definition in the standards was a difficult one. In the final analysis, the statement of the definition of the Revenue Assurance discipline is by far our boldest statement. It leaves little room for doubt and confusion in peoples minds. The definition of Revenue Assurance as to the practice of the standards defined here is the keystone that holds the rest together and, as with all aspects, it is subject to legitimate query as well as less than legitimate name calling and nay saying by the people who consider this to be a topic for the water cooler rather than in the board room.
P r in c ip le s
D o m a in M a n a ge m e n t
D e fi n i t i o n Of R e v e nue A s s ura nc e
O b je c t iv e s ( L e v e ls o f A s s ura nc e )
D is c ip lin e s
As indicated by this diagram, the GRAPA Standards are organized into four major areas: Principles, Domain Management, Objectives (Levels of Assurance), and the Disciplines. Each of these is based upon and borrows from the others, and they are tied together through the definition of exactly what Revenue Assurance is, as defined by these standards.
GRAPA
40
Chapter 6
In order to conduct an intelligent discussion about how to organize, manage and standardize the Revenue Assurance function, we need to first define is exactly what the Revenue Assurance job consists of.
GRAPA
41
2. 3. 4.
GRAPA
42
In other words, understanding forensic analysis of a postpaid billing system is a valuable skill, but understanding the principles of forensic investigation is much more valuable. If you understand the discipline behind how to organize and execute a forensic analysis, you can apply it to any domain or subject area. Conversely, if you understand only how to investigate a particular brand of billing system, you are lost as soon as your domain changes.
2. Economy of Scale
Accompanying the development of these disciplines is the ability to greatly increase the effectiveness of individuals and teams by enabling them to scale their knowledge and make themselves more effective in more domains in less time. It is in this area of economy of scale of skills that Telco organizations face the biggest challenge. It is easy to assure a particular system or domain in telecommunications if you are an operational and technical expert in that domain. But if you are not an expert, you are severely limited. The development of these disciplines and the science that goes with them will greatly change this factor.
3. Ability to Organize
Ask Revenue Assurance managers what their biggest constraint is, and they will tell you that it is people. Having the people with the vast knowledge required for the many different Revenue Assurance jobs is a huge challenge. Consequently, most Revenue Assurance teams are organized by domain. A network specialist assures all network issues. A billing specialist assures billing issues. The problem of course is that few organizations can afford to hire enough specialists to cover all of the areas. A more effective approach is to re-think the way you organize your teams. Organizing teams by discipline (forensics, controls, corrections, compliance) instead of by domain opens some exciting possibilities for getting a more effective organization of a Revenue Assurance team (and for attracting and training specialists to fill out the coverage requirements).
GRAPA
43
GRAPA
44
RA Lifecycle Phase I
Forensic Analysis
Management Internal Audit Customer Complaints Internal Incidents External Incidents Operational Monitoring
Cases
Domains
F o r e n s i c s
Management
While this may seem obvious and trivial when presented in this manner, it is amazing how many Revenue Assurance problems occur because people did not understand this basic fact. A staggering number of organizations have attempted to implement Revenue Assurance systems at the cost of hundreds of thousands and often millions of dollars, without doing a basic forensic analysis beforehand! Unbelievable, but true in more cases than you might imagine. People go through the incredible trouble and expense of installing a Revenue Assurance system, basically a system designed to automate and report on controls. They then discover that the area being monitored is not losing any revenue, or is losing much less than the cost of the system implemented to manage the control! Nothing could be more obvious, or more critical. You must perform a disciplined, rationalized analysis of an area before you can decide what the appropriate level of assurance needs to be. Some examples can help illustrate this point. Take a mediation system for example. Following are two organizations with the same number of customers, same revenue and same type of traffic, but with very different mediation environments. 1. Carrier one has a one-year old, commercial off-the-shelf mediation system. There is a team of four experienced personnel in charge of operations in that area, and all major mediation controls are already reported by the existing mediation system daily reports that the mediation operations team checks anyway for operational control reasons. Carrier two has an eight-year old system written by a company that is no longer in business. There is only one person, assigned part-time to the operational control of that system. That person runs none of the standard reports, and does not know what they mean.
2.
Clearly, the decision for setting up the appropriate controls for these two environments is quite different and only an in-depth, disciplined analysis can be counted on to recommend the appropriate coverage plan.
GRAPA
45
3.
4.
5.
GRAPA
46
RA Lifecycle Phase II
Implementation of Corrections and Controls
F o r e n s i c s
While it is clearly the job of the Forensic Analyst to investigate root causes, diagnose the situation and offer alternatives, it is equally clear that the decision about which one to implement should not normally fall within the Revenue Assurance organization. There are several reasons for this. 1. First, if Revenue Assurance recommends a change in policy, procedure, IT systems, or the operational environment, then the consequences of such a decision go far beyond the narrow Revenue Assurance consequences. Decisions to implement corrections clearly require top management and operational management approval before they can even be considered. In the case of the decision to implement a control, the same rules apply, only not quite as strongly. Appropriate, required controls are typically assigned to the operational team to implement and monitor. This is certainly the case under SarbanesOxley guidelines, as well as GAAP, IFRS and other standards groups. There are very good reasons for this. There are few, if any, Revenue Assurance controls that do not fall under the definition of standard controls that operational groups should be checking. If the Revenue Assurance controls that are recommended reveal that there are problems with the way the operational system is running, then the most sensible approach is for the operational area management team to take responsibility.
2.
3.
There are several exceptions to this conclusion however. 1. 2. Sometimes the operational team is not capable of running and interpreting the controls. They are either understaffed or unstaffed. This means that, if someone else does not implement the control, it will simply not be run at all. It has occurred on some occasions that an operational team was less than thorough in implementing controls, because those controls made it look as thought its operations were not being run well. In most cases this is true.
GRAPA
47
3.
Because of these exceptions, the decision about the implementation of controls, like those regarding corrections, must usually be brought before top management and the operational management team for a final decision about how, where and when the corrections and controls will be implemented.
As long as the points above are understood, it is expected that each organization will use its own judgment for implementation of this phase.
Cases
Domains
F o r e n s i c s
Recommended Corrections
Correction
Coverage Plan
Controls
C o m p l i a n c e
M a n a g e m e n t
A well designed compliance operation will summarize each of the different activities of Revenue Assurance, and allow management to know quickly and easily the status of different initiatives and, most critically, the location and degree of risk across the myriad systems and operations within the environment.
GRAPA
48
RA Lifecycle Phase IV
Feedback Mechanisms (Alarms, Alerts, AutoCorrections)
Management Internal Audit Customer Complaints Internal Incidents External Incidents Operational Monitoring Assessment
Report to: -Management -Internal Audit -Operational Management
Cases
Domains
F o r e n s i c s
Recommended Corrections
Correction
Coverage Plan
Operational Monitoring
C o m p l i a n c e
M a n a g e m e n t
Each correction that has been specified needs to be tracked, and management kept informed about how and when the correction will be implemented. When the corrected procedure yields new cases, these need to be fed back into the forensic process for further review. The fact that controls have been created is only the beginning of the Revenue Assurance process. The real work begins after they have been implemented. The point of controls is to: 1. 2. Provide management with an assurance that the risk of revenue loss is being monitored on a regular basis (by the running controls and reporting via compliance). Generate alarms when revenue risk levels surpass the management specified levels (appetite for risk threshold). When the threshold is violated, the forensic team needs to be notified so that appropriate investigation and adjustment can happen.
With the implementation of appropriate feedback and communication mechanisms, the basic Revenue Assurance Process is complete.
Phase IV++
After the successful establishment of the Revenue Assurance environment for the cases and domains that were specified as the initial scope of the Revenue Assurance group, the real work of Revenue Assurance begins. Now, the Revenue Assurance team must maintain vigilance and control over the areas currently in scope. At the same time, the team will be reviewing and expanding scope by adding more domains and cases to the environment.
GRAPA
49
With patience, professionalism and trust, the scope of Revenue Assurance will continue to expand to include more of the Telco environment.
Ad d
or e
ca se s
an d
do m
ai ns
GRAPA
50
Chapter 7
foRensic analysis
Provided with the general overview of the Revenue Assurance function, as defined by the Revenue Assurance lifecycle in the previous chapter, it is now possible for us to provide a more in-depth review of each of the four basic disciplines that make up the Revenue Assurance environment. As we said earlier, at this point, our objective is to define what needs to be done in order to assure the different revenues of the Telecom. We leave the discussion about who should do it for later. There is no reason to assume that a formally-defined Revenue Assurance team should be expected to have the manpower, expertise or predisposition to do any of the jobs we are talking about here. Indeed, there are some Telcos where there is little or no need for a Revenue Assurance group. Internal Auditors, Business Process Reengineering teams, Sarbanes-Oxley, Operations can all get the same job done. The critical point is not who does it, but that someone does.
foRensic analysis
The first of the four Revenue Assurance disciplines is Forensics (or Forensic Analysis). You may be asking, How did you come up with the term Forensic Analysis for this function? Why not Systems Analysis or Assurance Review? The decision of what to name this function was not an easy one to make. We tested several different names and approaches, but most of the more neutral and acceptable names carried such a large backlog of assumptions and pre-determined ideas about what it meant and what was involved that we decided on the more exotic term Forensics. The dictionary includes several definitions for the term Forensics but one of them fits our meaning. It states that Forensics is relating to the use of science or technology in the investigation and establishment of facts or evidence.
Copyright 2009 Rob Mattison GRAPA 51
That is precisely what Forensic Analysis is all about in this case. We want people to make decisions in the area of Revenue Assurance based upon facts not guesses and we want those facts to be based on an organized, dependable scientific method. It should not be based on an infinite collection of random observations, assumptions and gut-level guesses about revenues, loss, and most critically -- the risk and forecast of loss.
When the Forensic Analyst takes on a case or domain, the objective is primarily to determine the amount of revenue that the company risks losing in this particular situation.
Cases Domains
Fundamentally, we can view the Forensics Process as consisting of three parts, the Inputs to the Process, The Forensics Disciplines themselves (scientific methods employed) and the Outputs.
GRAPA
52
Cases
The first and most common input to Forensics is the case. There are many different kinds of cases but they have one thing in common; they are discretely-defined events which indicate a possible or definite risk of revenue loss. There are many different sources of cases. One source is the straightforward and usually random cases that are reported. These include: 1. 2. 3. 4. 5. Customer complaints Management observations and directives Whistle Blower reports (for fraud cases) Operational personnel observations and reports Internal Audit recommendations
These random reports of cases, while important and useful, usually represent a small percentage of the total number of cases that a forensic team will review. The most common and largest single source of cases is from alarms and alerts issued by controls. Ultimately, the goal of the overall Revenue Assurance process is to install enough controls, so that all revenue risks are adequately anticipated and reported as alarms that the Forensic Team can analyze and respond to. Alarms of this type include: 1. 2. 3. Report of a higher than normal loss of CDRs from the Mediation System Report of a higher than normal percentage of rating errors from the Billing System Report that a new interconnect partner has been brought online without completion of the proper assurance checklist
Domains
The other, equally important input is a domain. Whereas a case is a discreet event that is turned over to the Forensics Team for diagnosis, domains represent a completely different kind of input. A domain of interest for the Forensics Team is a complete subsection or component of the companys Revenue Management chain or product group that management has decided should be included within the scope of Revenue Assurance. Domains are turned over to the Forensics Group so that they can do a comprehensive evaluation of the potential lost exposure that the area represents so that a proactive and well-developed coverage plan can be recommended. In other words, cases are reactive notifications that the Forensics Team needs to try to backtrack and determine what happened. Domains are areas where management has decided that the Revenue Assurance team should be proactive, and determine ahead of time where the most likely leakage points might be. They then recommend controls and corrections in order to prevent it from happening in the future.
GRAPA
53
Domains can include: 1. 2. 3. 4. 5. The prepaid billing system The interconnect line of business Development of the new 3G product offering Switch operations and controls Many others
We will withhold our detailed discussion of domains for the chapter on Standards, which is dedicated to that topic. Suffice it to say that domains are broader and more comprehensive in scope than cases. Domains are typically assigned to the Revenue Assurance team by top management. Domains are also assigned by invitation, issued by the manager of a particular operational area, or by edict, at the direction of Internal Audit, Sarbanes-Oxley or another Compliance Management group.
GRAPA
54
No
We provide a brief description of each area here. The techniques utilized in each area are considered part of the Practices section of the standards and are a critical part of the GRAPA Body of Knowledge for Revenue Assurance professionals.
Risk Analysis
Risk Analysis is the application of predefined and proven techniques for the assessment and determination of the level of risk of loss, or the extent of the risk of loss to be found within a particular domain or case.
GRAPA
55
Risk Analysis techniques provide the Forensic Analyst with tools that allow him/her to determine the level of probable risk without experiencing the extreme expense of extensive, detailed, specific quantification. The purpose of Risk Analysis is to allow the Forensic Analyst to draw preliminary conclusions about the extent of the risk of loss before investing in a more extensive evaluation. Forensic Analysis is costly in terms of time, money and effort, and the Forensic Team must be sure it is prioritizing efforts based upon a foundation of the best return on investment. This requires a clear understanding of the amount of revenue at risk, and the magnitude of that risk, prior to engaging in an in-depth evaluation. There are many different techniques that we include in the ever-growing collection of Forensic Risk Analysis practices. Some of the most common and best understood include: Revenue Mapping This is the rigorous process of identifying each of the major revenue streams that the company has, and mapping out each of the different systems and operations involved in the realization of revenue. A Revenue Map traces the progression of a revenue transaction from the point of activation/provisioning, to the point of revenue generation (usually on the network), through the different systems that handle the transactional information. This is done to the point where the money is collected and credited to the customers account and the customers prepaid balance and general ledger as recognized revenue. Risk Mapping A Risk Map is a derivation of a Revenue Map, which allows the Forensic Analyst to understand in relative and absolute terms, the differences and degree of revenue at risk within each component of a Revenue Stream. Noise Analysis Noise analysis is a process that allows the Forensic Analyst to determine the relative revenue at risk, based upon collateral and coincidental data related to each link in the revenue chain, as defined by the Revenue Map. Noise analysis is an extremely powerful Risk Assessment technique that allows the analyst to identify the greatest risk exposure with a minimum need for numerical and analytical work. Gross Tally Analysis this is the process of creating meaningful and easy to generate metrics, ratios and indicators that allow the analyst to quickly estimate loss exposures. Typical GTA metrics include: 1. 2. 3. 4. 5. Average value of customer Average value of CDR Average value of 1 Erlang Average value of a particular network element Many others.
Environmental Risk Assessment The Environmental Risk Assessment technique provides the Forensic analyst with a list of collateral and secondary conditions that can be tested in order to assess the relative risk associated with a particular component. For example, the age of a switch, the proficiency of the network team managing that switch, the frequency of audits and the percentage of faults and corrupt CDRs that a switch generates can provide the Forensic analyst with a great deal of valuable collateral and generalized risk information, which can help narrow down the analysis and scope. One of the most powerful techniques that can be integrated into risk analysis is the utilization of statistical analysis. Sampling, distribution analysis, forecasting, cluster analysis and other techniques can be utilized by the analyst to do preliminary risk analysis, as well as the more advanced Revenue at Risk forecasts generated as the last step in the process. Note: For detail on these techniques see the Numerical/Statistical Analysis Techniques section. There are many more Forensic risk analysis practices, but the above examples provide you with an idea of what is involved in these practices and how they are utilized.
GRAPA
56
It is as this point that the analyst determines which additional analytical techniques should be used, and what degree is most appropriate. Each of the downstream processes has an objective, with specific skills and techniques associated with them. In general, it is uncommon for a Forensic investigation to employ all of them.
Exchange Analysis
Exchange Analysis is the process of reviewing all of the terms and conditions associated with the contracts and/or regulations to which the Telco is subject. Exchange in this context refers to the economic exchange between two legal entities. The typical exchanges reviewed under exchange analysis include: 1. 2. 3. 4. 5. 6. The contract and arrangement between a carrier and interconnect partners The contract and terms between a carrier and content providers The contract and terms between the company and the organization that prints top-up cards The contract between the Telco and the bank that supports ATM -based top-up The contract, terms, conditions and service level agreements associated with rate plans to consumers The regulatory constraints on prices, contracts and service level guarantees as declared by government, association or other legally binding conditions
Exchange Analysis can have a fundamental impact on the effectiveness of any Forensic Analysis that involves customers, regulators or partners. Failure to include an analysis of these contracts (explicit and implied); laws and agreements leave the Forensic Analyst unable to answer many key questions regarding how things should or should not be handled. The following examples illustrate this point: 1. Do customers pay for an SMS message that is not delivered? In some countries they do, in others they do not. Which is correct in your case? 2. When the SS7/C7 Network fails between the Switch and IN, are the customers calls cut off, or are they allowed to complete the calls at no expense? In some countries the Telco is required to complete the call for the customer. In others it is okay if they do not. In some cases there is a service level commitment to customers to let them finish the call. Unraveling the complicated legal and contractual issues is a critical component to many Revenue Assurance situations.
Process Analysis
Process Analysis is a well known, well understood and well practiced discipline. It involves the utilization of process models, process narratives and a well defined set of tools and techniques to help the analyst understand, document and recommend improvements to processes that are not optimal.
GRAPA
57
Process Analysis is an important part of many Forensic Analysis situations. Process Analysis is integral when multiple organizations and complex interrelationships make operations confusing, contradictory and a danger to the efficient and effective capture and processing of revenue.
Systems Analysis
As is true in the case of Process Analysis, Systems Analysis is a well-defined and well- understood discipline in its own right. While Process Analysis focuses on people and operations, Systems Analysis focuses on computer systems and network element operations. Some of the disciplines associated with Systems Analysis are similar to those utilized in Process Analysis, but many are unique to the IT and Network world. Decision trees, logic maps and a host of other tools help Systems Analysts understand and diagnose problems with revenue flows related to systems.
GRAPA
58
Some of the more useful statistical techniques include: 1. Sampling Allows the analyst to utilize a small sample of the entire population of data to draw conclusions about the risk of loss and the extent of a condition without needing to review all of the data 2. Cluster Analysis Leverages the power of Statistical Analysis software to identify underlying patterns and complex (and sometimes causal) relationships between factors 3. CART/CHAID A technique often applied to the prediction of churn, failure of network elements, credit default, and fraud 4. Neural Networks Often integrated into fraud management systems, as well as utilized to predict credit default and network element failure 5. Distribution Analysis An extremely powerful and easy to implement visual technique for tracking patterns and identifying discrepancies in the normal flow of revenue 6. Analysis of Central Tendency An extremely simplified form of Distribution Analysis that allows the analyst to make use of different measures of central tendency to set up and test controls and conditions 7. Regression Analysis A long utilized method for prediction and forecast The table below illustrates some of the areas where these techniques are commonly applied.
Risk Analysis Root Cause Analysis Early Detection Forecast Controls Design
X X X X
The subject of Statistical Techniques and their application to Forensics is vast and wide and far beyond the scope of this book, but the preceding summary should help provide an overview of the area. It is clear that an industry-based investment in the exploration and application of Statistical Techniques to the challenges of Forensics will undoubtedly deliver extensive and effective benefits to the industry over the next several years.
mp lin g Cl us ter An Ch al y aid sis /C AR Ne T ura lN etw Di or str k ibu tio nA Ce na nt lys An ral T is aly en Re si de nc gr s es y sio n
Sa
X X X X X X X X X
X X
X X
X X X
GRAPA
59
Revenue at Risk
Based upon the material collected and reviewed in the previous sections of the document, the Forensic Analyst is ready to summarize the findings in the form of a Revenue at Risk Statement. The Revenue at Risk Statement reports on: 1. 2. 3. How much revenue has been lost to the firm over the past 12 months due to this condition or situation How much revenue loss can be anticipated over the next 12 months if no action is taken The rationalization and justification for those numbers.
Calculating and reporting the revenue at risk for each case or domain might at first seem to be a lot of trouble, especially if it is being forced into this rather rigid format. But there is a very good reason for imposing this discipline, and that has to do with the KPIs for Forensics.
GRAPA
60
4.
It is the only way that you can establish a simple and easy to understand metric. This will enable the Revenue Assurance team to compare the benefits and risks to the business across the myriad operations and processes involved. It is the ideal least common denominator for all Revenue Assurance reporting.
Remedy Review
After the reporting of the revenue at risk for the case or domain, the next component in the findings report is a review of the different remedies for the situation. Remedies can be recommendations to change policies, procedures or systems, or they can involve nothing more than the formalization and reporting of operational monitoring that is already being practiced. In all cases, a review of possible remedies should clearly show the advantages and disadvantages of each alternative, in addition to the rationalization and return on investment that each anticipates.
Remedy Recommendation
Finally, the Forensic Findings Report should include the recommendations of the Forensic Analyst and the reasons for the recommendation.
GRAPA
61
GRAPA
62
The following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards Document and ratified by the membership January 2009. I. The Revenue Assurance Disciplines - Forensics a. Forensic Analysis - The different subdisciplines that make up the forensic discipline include: i. Risk Analysis The process of quickly and cost effectively evaluating the depth and/or degree of risk associated with a particular area BEFORE expending the groups resources on in-depth investigation. 1. Revenue Mapping The process of creating an exhaustive mapping of all of the different processes and systems involved in a particular revenue chain and the actual amount of revenue that each manages. 2. Risk Mapping The process of assigning risk (subjective and objective) to each of the components of the revenue map in order determine the relative risk that each component represents. 3. Noise Analysis The process of determining the difference between revenue accounting for, and revenues unaccounted for in order to quick assess the revenue at risk level BEFORE indepth examination of particular reasons and amounts. 4. Gross Tally Analysis - The process of creating meaningful benchmark and thumbnail estimates of the revenue generating activity of a component in order to assist in risk analysis. 5. Environmental Risk Analysis Utilization of key benchmark information to assist in the setting of a subjective level of risk based upon environmental factors. ii. Exchange Analysis The process of examining the all aspects of the rules of exchange (exchange of value) between the carrier and outside parties (regulators, partners, suppliers, customers, channels etc). in order to fully define and understand the terms, conditions and risks associated with the relationship. 1. Contract Analysis The process of examining and understanding the terms defined in a contract between the carrier and other parties in order to understand the constraints and risks associated. 2. Service Level Agreement Analysis Review of the explicitly stated, and implied service level agreement between the carrier and customer , or between the carrier and supplier, in order to better understand the risk/ functionality conditions. 3. Pricing Analysis Extensive review of the price-promise, and price-billing scenarios to assure alignment, accuracy and compliance. 4. Regulatory Constraint Analysis Review of regulatory constraints associated with revenue related situations. iii. Process Analysis The utilization of standard process analysis techniques in order to assist the analyst in understand how processes work, and how the fit and hand off information between. 1. Flowcharts Standard mechanisms for the graphing of the logical relationships between processes or steps. 2. Cross Functional Flowcharts Standard technique for the mapping of processes between different organizations. 3. Process Narrative Written narrative description of a process iv. Systems Analysis The utilization of standards systems anlaysis disciplines and techniques in order to assist the analyst in understanding how systems work and interact, and to identify risk to revenue vulnerabilities.
GRAPA
63
1. Data Flow Diagrams Standard I/T technique for the tracking of data flow through systems/operations. 2. Entity-Relationship Diagrams Standard DBA technique for the capture and documentation of the relationships between data elements. 3. Normalization Standard technique for the documentation and clarification of the relationship of data elements. 4. Systems Flowcharts Technique for the mapping and diagramming of the interrelationships between programmatic and hardware components. 5. Network Topology Diagrams Standard diagrams utilized to show the physical and logical organization of the network. 6. Network Technical Diagrams Any of a vast assortment of network diagrammatic techniques. v. Statistical and Numerical Analysis The utilization of advanced business intelligence and statistical analysis techniques to assist in the understanding, diagnosis and evaluation of revenue risk situations. 1. Risk Analysis Employment of risk assessment techniques to assist in the quantification of risk after in depth analysis. 2. Root cause analysis utilization of statistical methods to determine the source reasons for revenue risk 3. Early Detection utilization of statistical techniques to be pre-emptive in the determination of where risk will occur 4. Forecasting providing management with a clear forecast of potential future loss given current conditions. 5. Sampling statistical technique that allows the analyst to examine a small number of records and infer the true nature of risk for the entire population 6. Cluster Analysis statistical technique that allows the analyst to identify patterns and possible root causes based upon the natural clustering of cases or conditions 7. CART/CHAID graphical techniques that provides accurate and effective forecasts or many different risk conditions 8. Neural Networks tools that provide for forecasting and prediction using modern statistical methods 9. Distribution Analysis utilization of graphical distribution charts to help the analyst spot patterns, trends and disparities that can indicate loss risk scenarios 10. Analysis of Central Tendency utilization of average, mean and mode to provide analysis of large populations of data 11. Regression Analysis traditional statistical technique for prediction and root cause analysis of revenue at risk scenarios vi. Coverage Plan Development 1. Rationalization a. Quantification of Risk (Determine Revenue at Risk) b. Annualization (Forecast 12 month loss) c. Alternative approach development 2. Solution Development a. Root cause analysis b. Identification of Key Control Points 3. Feasibility and Estimation of Each Solution 4. SWOT-CB (Strength, Weakness, Opportunity, Threat, Cost, Benefit) for each alternative 5. Recommendation of best alternative
GRAPA
64
Chapter 8
Upon completion of the Forensics Process, the Revenue Assurance Team is ready to proceed with the rest of the Revenue Assurance lifecycle.
RA Lifecycle
Cases (Alerts/Alarms)
Management Internal Audit Customer Complaints Internal Incidents External Incidents Operational Monitoring
Cases
Domains
F o r e n s i c s
Recommended Corrections
Correction
Coverage Plan
Controls
C o m p l i a n c e
M a n a g e m e n t
Cases (Alerts/Alarms)
GRAPA
65
Management Decision-Making
You should recall that, after the Forensics Findings Report is created, the next step is for management to review the report and to make some decisions about how to proceed.
Forensics Team
Top Management
Selection Of Remedy
Implementation Decisions
Forensics Team
Top Management
Selection Of Remedy
Implementation Decisions
Before we get into an in-depth discussion about the implementation and activation of corrections and controls, it is important that we consider the management decision-making process in more detail. After the Forensics Team has developed its best assessment of the case or domain in question, the team members might decide that they understand the situation well enough to make the decision about the control/corrections on their own. While this may be true in many cases, the situation is usually not that simple. To be effective, the control or correction in question must be implemented and agreed upon by top management and the involved operational area. Revenue Assurance typically does not set out to override the authority and responsibility of Operational Teams, only to supplement and assist them.
GRAPA
66
This means that the Forensics Team should, in most cases, review its findings with the operational area in question before submitting it to management for approval. There are several reasons for this: 1. 2. It is possible that the Operational Manager will agree with the findings and recommendations and decide to implement them immediately. This will make the entire implementation process much easier. If the Operational Manager has concerns or disputes the findings, it is best to listen and attempt to resolve them before involving top management in unnecessary controversy. The Operational Manager may not always agree with the findings, but it shows respect for the role and position when you consult this manager and solicit opinions. Based on the feedback provided by the Operational Manager, improvements to the recommendations can probably be made.
3.
Once the Operational Team involved in the area under review is consulted, the Forensics Analyst can submit the final report to management for review.
Remedy Selection
The first decision to be made is determining which remedy should be implemented. If the Forensic Team did a good job of exploring the problem and presenting different alternatives, the management job should be relatively simple and straightforward. The risk/cost tradeoffs associated with each remedy should be clearly spelled out in the Forensic Findings Report. If they are, then the top managers can focus on their part of the process, which is to set their tolerance for risk, and to decide how much they are willing to spend in exchange for the level of risk that the remedy assures.
GRAPA
67
It is one thing to create a control, another to monitor it, and yet another to ensure that the monitoring is happening. In addition, the alarms and alerts must be escalated appropriately, and management must be assured that everything is functioning the way that it was specified. These negotiations can be especially sensitive since they often involve assurances that operational personnel report information to the Revenue Assurance Compliance and Reporting Team.
4.
This development process is simple and straightforward at this very high level. But it will vary greatly in complexity based on the extent of the correction or control involved.
undeRstanding contRols
Creation and administration of controls is a major part of most Revenue Assurance Departments activities. As with all of the other disciplines, it involves an assortment of varying approaches and levels of expertise.
Definition of a Control
The first step in understanding Revenue Assurance controls is to determine what exactly is meant by the term. The term control in this case is borrowed from Finance and refers to the same things as an accounting control (as specified by auditors and management accountants). One of the most common definitions of accounting controls is that they are procedures used to assure accuracy in the record keeping function. Controls exist to ensure source data placed in the system are proper and correct. In short, a control is a procedure that double-checks some aspect of an operation or system.
GRAPA
68
There are several types of controls, and many different ways to categorize them. These include categorization by: 1. 2. 3. 4. 5. 6. Level of Automation Manual, semi-automatic and fully-automated controls Continuity Continuous (ongoing), periodic (regular schedule) and sporadic (random sample based) Frequency hourly, daily, weekly, monthly, annual Triggering Mechanism time, calendar, event, condition Control Type Audit, change control, threshold response Mechanism Operational Report review, overlay system or function
While the review of these different aspects and mechanisms is as much a part of Controls Design (a Forensic Process) as Controls Implementation, we have included the complete discussion at this point for the sake of continuity.
Audits
The term audit in the context of a Revenue Assurance control is not the same as a typical audit done by an internal auditor. Within our context, an audit is a predefined, manually executed series of tests that allow the auditor to verify that the system or operation under review is working as specified. In this context, an audit can be done every day or many times a day if required. The most commonly practiced and easily understood example of an audit of this type is the typical postpaid billing system invoice audit. In most cases, the people running postpaid billing systems will extract a sample of bills from each billing cycle, and manually verify that the charges and calculations are executed correctly, before releasing the cycle for printing. The specifications for audits are:
GRAPA
69
For many organizations the audit is one of the most commonly applied controls because the cost to implement them is low when the check does not need to be done often. As the frequency, volume of information and level of risk increases, the appropriateness of the audit decreases. Threshold Response Monitoring based on Existing Operational Reports
Generally speaking, the threshold based Operational Report review is the undisputed and most commonly applied control. Using this approach, the Forensic Analyst identifies reports already created by different operational systems that can provide the Revenue Assurance Team with the level of risk and alert/alarm information it requires. The analyst can then simply ensure that someone checks the reports and makes compliance reports about the levels. By formally identifying and designating existing (or commissioned) reports being generated as a normal part of the operational activities in the area as controls, the Forensic Analyst provides optimum coverage for minimum cost. In a surprisingly large number of cases, the information required by the Revenue Assurance organization to monitor the level of risk associated with a particular area is already being captured and reported by operational systems. In fact, this is quite logical. How can an operational system run effectively if critical information about the integrity of revenue related operations is not being checked? The process of establishing these kinds of controls is easy if the Forensic Analyst understands the system being assured. The first step is for the analyst to identify the standard controls associated with that particular function or system. The GRAPA Practices and Training Classes provide an in-depth review of standard controls for all areas of Telco operations identified as part of the Body of Knowledge. The analyst then reviews the existing operational environment and attempts to identify the specific reports that generate the information. If the information is found in place, the analyst then identifies: 1. 2. 3. 4. 5. The specific reporting information to be checked Which report? Which fields? The Periodicity How often should it be checked? The Thresholds Values and Conditions (to be ignored if normal), Alerts (to be responded to), and Alarms (to be responded to immediately and emphatically) The Escalation Procedures How should the Operational Team handle each situation? The Compliance Requirements What should be checked and reported and how often?
A large number of Revenue Assurance Departments run the majority of their operations utilizing spreadsheets, which identify each of these types of controls and the other required information that must be checked in order to make them effective.
GRAPA
70
Semi-automatic Continuous (Ongoing) , Periodic (Regular schedule) and Sporadic (Random sample based) As needed Event based (per cycle) Operational Report review Majority of automated (IT systems)
Test Plans
A test plan is a predefined set of procedures that allow the analyst to determine whether a particular function is working correctly or not. The difference between a test plan and an audit is that a test plan is more simplistic and single threaded in design, while an audit will typically involve several steps and checks. The most common practice test plan is a Test Call Discipline. Under a Test Call Discipline, the person running the control schedules a predetermined number of calls to be made at certain times to certain places. The date, time, destination and duration of the calls are logged, and the analyst then reviews the IN, VMS, Mediation or Billing System to verify that the call was routed and billed as intended. Test plans can be run manually, semi-automatically or automatically and are a crucial control for many aspects of operational review.
Manual, Semi-automatic, Fully automated Continuous (ongoing), Periodic (regular schedule) and Sporadic (random sample based) As needed Time, Calendar, Event, Condition Operational overlay Test Calls, anyplace where a single aspect of the system can be tested autonomously
Synchronization Mechanisms
Synchronization is the process of making sure that two or more sources of data that are supposed to have the same information, are in fact in alignment. Management of revenue in the Telco involves the synchronization of hundreds of pieces of information across dozens of systems. In a great number of cases, the effective synchronization of out-of-synch systems can save Telcos millions of dollars of jeopardized revenues. The most commonly implemented synchronization activity in the wireless business is the synchronization of the HLR with Billing. Failure to synchronize these two data sources can result in serious revenue loss due to the mishandling of revenue transaction information. In general, activation, provisioning, routing table, rating data, and other information repositories are potentially useful synchronization points.
GRAPA
71
A change management procedure typically consists of several elements including: 1. 2. 3. 4. 5. Checklists (to make sure certain tasks have been done) Tests (techniques utilized to verify that everything is working as it should) Audits (manual verifications of different aspects of the operation) Synchronization Others
Semi-automatic Continuous (Ongoing), Periodic (Regular schedule) and Sporadic (Random sample based) As needed Event based (per cycle) Operational Report Review Addition or modification of interconnect or roaming partners, changes in network configuration, changes in systems (version control) or replacement of systems
GRAPA
72
Auto-Adjustment Mechanisms
There is one special version of a control called an auto-adjustment mechanism. In the default case, controls generate alarms and alerts, which are to be responded to as part of the Forensic Process. When the domain of the control is tightly defined, it can be common practice to create a standardized response to certain levels of alert. In these cases, the Forensic Team does not need to be involved in the escalation. The person running the control, or another person in the operational area such as a manager, or a system, can make the adjustment to the operation to compensate for the perceived risk. For example, when a Bill Cycle Auditor discovers problems with billing system ratings, the next step is typically for that analyst to go through a verification sequence. This involves checking the accuracy of the rating tables, verifying synchronization with the HLR, checking the CDRs, and other manual checks. The analyst will be authorized to make adjustments as needed, giving a set of parameters when the identified variance requires escalation to a higher authority. Auto-adjustment mechanisms are powerful and useful, but also difficult to manage; so care must be taken when implementing them.
undeRstanding coRRections
While the topic of corrections could fill volumes all by itself, for the purposes of this standards exploration we will simply review the high level points that are pertinent to Corrections activity. As with controls, the Revenue Assurance Team may or may not be involved in the implementation of a correction. This depends on the Operational Teams capability and managements decisions. It is certainly not common for Revenue Assurance to oversee the implementation of new operations or major systems. However, Revenue Assurance does need to be involved in these processes. Most critically, the Revenue Assurance Team should be assigned responsibility to ensure that all the required controls and compliance for the new operations are implemented correctly, and as part of the design and build process. When a correction is complete, it should be considered as simply another control to be managed and monitored by the Revenue Assurance Team as part of the Controls discipline.
GRAPA
73
The key to establishing a Compliance Management environment is to understand: 1. 2. 3. 4. Who the recipients are of the different levels of Compliance information What they are going to do with the information (action ability) How to gain cooperation from all the different Operational Teams involved What to do when Compliance does not happen
As in many other cases we have discussed, the ultimate decision about what Compliance to enforce and the methods for structuring and reporting it are an issue of practices more than standards. From a standards perspective we can only identify the different types and levels of Compliance Reporting. We leave it for practitioners to determine which Compliance elements to include and how to manage them.
2. 3. 4.
To create a meaningful set of Compliance Reports and procedures without taking on a huge and disproportionate report expense or flooding management with too much data is a challenging job. The GRAPA Standards identify several areas of Compliance Reporting including: 1. Coverage a. Which domains are included as in scope of the revenue assurance activity? b. For those areas that are in scope, how well are they covered? Conformance a. How dutifully are the Operational Teams complying with their reporting and alarm requirements? b. Are the controls working correctly and who is not administering them as they need to be administered? Alarm Summaries and Detail a. What alarms are occurring? How many? How often? What level of revenue risk is involved? Corrections Follow-up a. Assuring that all specified corrections are being implemented on time and within budget.
2.
3. 4.
As we have stated earlier, the real work associated with Compliance Reporting is done at the point when the controls and corrections are negotiated and approved by management. It is at that point that the Revenue Assurance Team needs to be sure that the proper Compliance infrastructure and rules are implemented.
GRAPA
74
Conclusion
This concludes our discussion of the four Revenue Assurance disciplines and their application in the real world. In the following chapter we will investigate the next component of the Revenue Assurance standards, the Objectives (or Levels) of Revenue Assurance.
GRAPA
75
GRAPA
76
he following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards Document and ratified by the membership January 2009. I. The Revenue Assurance Disciplines b. Controls Management i. Types of Controls 1. Level of Automation (Manual, semi-Automatic, Automatic) 2. Continuity (Ongoing, periodic, sporadic) 3. Frequency (Real Time, Hourly, Daily, Weekly, Monthly, Annual) 4. Triggering Mechanism (Time, Calendar, Event, Condition) 5. Control Type (Audit, Change Control, Threshold Response) 6. Mechanism (Operational Report, Overlay System, Integral Function) ii. Major Controls 1. Audits 2. Operational Report Threshold Response 3. Test Plans 4. Synchronization 5. Change Management 6. Auto-Adjustment Mechanism b. Corrections Management i. Policy Change Changes that entail the change of an operational policy. ii. Procedures Change Changes that require that the way things are done be altered (without need for inter-departmental or systems modifications) iii. Operational Systems Change Changes to the I/T systems that run different operational areas. iv. Organizational Responsibility Change major changes in the assignment of responsibility to different people v. New Department Change a requirement to create a new department or major functional area. vi. Network Operational Change - a change to the way that network operations work vii. New Systems Deployment Change a requirement to deploy a new systems b. I.D. Compliance Management i. Forensics Compliance 1. Tracking of Cases and Domains In Scope a. New Cases / Domains added each month b. Cases closed each month c. Cases carried over this month d. Domains completed this month 2. Annualized Revenue at Risk Discovered this month 3. Annualized Revenue at Risk Containment Plan (Forecasted Risk Reduction0 4. Annualized Revenue at Risk - Recovery In Process (Coverage Plans in Implementation) ii. Corrections Compliance a. Corrections Recommended this month b. Corrections scheduled this month c. Corrections completed this month 1. Annualized Revenue at Risk (Forecasted Recovery) 2. Annualized Revenue at Risk Recovery
GRAPA
77
iii. Controls Compliance 1. # Controls in operation 2. Control Management Compliance (are the people responsible for managing this control doing their jobs?) 3. Controls Activity Reports (ongoing controls reporting activity) iv. Controls Exception Reporting 1. Major Alarms (Revenue at Risk greater than threshold) 2. Minor Alarms (Revenue at Risk within bounds) 3. Non Alarms
GRAPA
78
The first dimension in the process of developing our comprehensive definition of the Revenue Assurance operation was to define the Revenue Assurance lifecycle and the four main disciplines that it includes. The next challenge is to develop a consistent and inclusive definition of the objectives for the Revenue Assurance process. As we have stated, it is easy to find highly-generalized statements regarding what the goal of a Revenue Assurance operations should be, such as the protection of revenue streams or to champion the integrity of processes. It is also easy to find anecdotal references such as The goal of Revenue Assurance is to reduce leakage. The problem with these definitions is that they fail to provide us with a clear and quantifiable understanding of what is (and what is not) included in the Revenue Assurance charter.
GRAPA
79
1. 2. 3.
Evaluating the effectiveness of a Revenue Assurance investment Evaluating the effectiveness of a Revenue Assurance team Establishing reporting and tracking measures to monitor the activity of the group
One might say that the biggest reason for the ambiguity and dissatisfaction with the activities of Revenue Assurance teams is that no one has clearly defined what needs to be accomplished. Problems arise when attempting to define a meaningful and comprehensive definition for the goals of Revenue Assurance. The domain of most Revenue Assurance groups is vast, and the majority of their actions have a clear impact on the assurance of the companies revenues. However, due to the broad range of areas and disciplines involved, it can be extremely difficult to categorize and standardize.
GRAPA
80
For example, when a leakage is found in the Mediation System, should part of the remediation process be to repair the code involved and then reprimand the programmers involved? Or should the remediation be limited to making note of the situation without making any change at all? Where should Detection be performed and how much time and effort should be spent on it? When should Deterrence be priority and how much time and effort should it involve? These are questions that should be answered as part of the Forensic Analysis process, and prioritized based on managements tolerance for risk. Managements decision about how the revenue at risk should be handled and overall risk exposure should be effectively ameliorated.
What Kinds of Cases Should be Included in the Charter for Revenue Assurance?
In other words, what exactly does Revenue Assurance assure against? The RDD dimensions provide us with only one way of looking at what Revenue Assurance is supposed to achieve, (the Remediation, Detection and Deterrence of revenue loss). There are many ways to look at revenue loss, and we need to develop a clear understanding of which aspects of revenue loss are to be considered in scope for Revenue Assurance, and which are excluded. In one sense, everything is related to revenues one way or another. For example, by saying that Fraud Management is a part of Revenue Assurance, we open the door to the argument that employees stealing pencils is a Revenue Assurance issue. In the same manner, indicating that the security of network assets, such as login/password integrity, or protection against tap-in, and the physical violation of assets is a Revenue Assurance concern, opens the possibility of making the physical security of assets and site security as being in scope for Revenue Assurance as well. Clearly, we need a decision of where to draw the line when it comes to defining what aspects of revenue are valid targets for Revenue Assurance activity.
GRAPA
81
The point of these standards is to provide us with a solid starting point for discussion. As long as the dialog continues, as professionals, we can make refinements as we determine what works. In the following text I attempt to organize this disparate and eclectic list of Revenue Assurance objectives in a consistent and understandable manner. One way to look at this eclectic basket of Revenue Assurance objectives would be to say that Revenue Assurance has become a revenue related dumping ground for CFOs. In effect, if it is revenue related and you dont have anyone else to assign it to, then give it to the Revenue Assurance person. On the other hand, I believe this trend toward isolating and entrusting Revenue Assurance professionals with such a diverse range of issues is an incredible vote of confidence for the ability these people have. It takes a great amount of mental agility and focus to take on such a broad range of issues, and then to convert the initial chaos into an ordered and assured environment. Where will this end up? Who knows? It is clear that management has a serious need for someone to address the diverse set of revenue risks. The Revenue Assurance professional appears to be the best person available to handle the job.
GRAPA
82
Terminology and Examples Leakage Fraud Margin or Rate Plan Assurance New Product Assurance Asset Utilization Assurance Market Assurance (Churn)
Assure Revenues Against: Mis-handling of revenue transaction information Mis-appropriation of funds or services Mis-interpretation /mis-representation of the revenue stream Mis-alignment of the product planning process Mis-deployment of assets (Maximization of asset allocation) Mis-interpretation and/or mis-prediction of customer behaviors (Optimizing churn remedy decision-making)
The rest of this chapter will provide a quick summarization of each of these areas. This includes the rationalization for their inclusion, examples of how Revenue Assurance approaches them, and adds value.
leaKage ManageMent
By far the area of assurance most readily associated with Revenue Assurance is the management of leakage. But, for the nonTelecommunications professional, and even for many who have Telecommunications experience, there is a lack of clarity about how leakage is defined. In its simplest form, leakage is the loss of revenue due to a mishandling of the revenue transaction information by systems, people or processes. There is a significant body of knowledge and writing about leakage, including its causes and effects. This includes how bad it is, and how easy and/or how difficult it is to detect, deter and remediate. In the final analysis, Revenue Assurance (in no small way) is still about leakage. The key to leakage management, as in all areas of Revenue Assurance, is to develop an understanding of the following: 1. 2. 3. 4. 5. How the revenue loss occurs (root cause analysis) Estimating the extent and future value of that loss (quantification of revenue at risk) Determining alternative methods to protect against the risk Deploying corrections and controls to make that happen Monitoring and continuous review of controls to keep the risk in line
There is no one who will argue that leakage management does not belong in this list. In fact, the only controversy surrounding this particular aspect of Revenue Assurance is whether it should be the only aspect.
GRAPA
83
Measures of Operational Activity for all Revenue Assurance Activities Activity Forensics Controls Measure of Operational Efficiency # New cases/domains initiated # Cases/domains closed # Controls created # Alarms/alerts handled # Corrections initiated # Corrections completed Activity level reported Measure of Effectiveness Amount of revenue at risk reported (RAR Forecast) # Alarms/alerts handled (ROI based on RAR) # Corrections implemented (ROI based on RAR) Forecasted Risk Containment due to Compliance Enforcement (Based on RAR Forecast)
Corrections
Compliance
The measure of the effectiveness of the leakage containment activity must ultimately include:
1.
2.
3.
Remediation Activity Corrections KPIs How many cases of leakage were uncovered and resolved as a result of the corrections activities? What was the value of the revenue at risk associated with the leakage, and what was the net benefit to the Telco as a result of that correction? This is based on the Revenue at Risk reported in the Forensics Findings Report and the cost of the corrections activity that eliminated or reduced the risk. Detection Activity Forensics and Controls KPIs How much revenue at risk was discovered through the combined activities of forensics analysis and alarms as far as the number of leakage cases reported? This value can be derived from the sum total of the revenue at risk and alarm levels reported. Deterrence Activity Controls and Compliance KPIs How much revenue loss was prevented due to the Revenue Assurance activities implemented? This can be derived from a combination of forecasts of loss provided by the revenue at risk value and the compliance report, which verifies that the control or correction has been effective.
GRAPA
84
fRaud ManageMent
The second area of consideration is Fraud Management. While leakage management is undeniably within the purview of Revenue Assurance there is dispute regarding Fraud Management. There are three strong cases to be made for placing a large portion of Fraud Management under the Revenue Assurance umbrella. 1. It is an established fact that the majority of fraud cases are discovered by organizations that understand and make use of standard revenue protection controls. In other words, good Revenue Assurance controls are the best Fraud Management controls. Statistics show that standard revenue protection controls are the number one revealer of fraud, much higher than the fraud cases uncovered by audit, and slightly greater than the cases revealed by whistle-blowers and outside reports. The logic is clear. GRAPA benchmark surveys have revealed that over sixty-percent of Telcos worldwide place the Fraud Management group, or at least a major part of it, under the Revenue Assurance department. Another thirty-percent place Revenue Assurance and Fraud Management as peer organizations under the CFO, a Risk Management group, or some other related risk oversight organization. In short, we include fraud as a part of Revenue Assurance because most carriers treat it that way. The Revenue Assurance lifecycle specified here and the different disciplines involved are as applicable to the organization of a Fraud Management operation as they are to that of a Revenue Assurance group. In summary, there is significant economy of scale and efficiency to be gained by strategically blending Revenue Assurance and Fraud activities. For example, the majority of controls that a Fraud Management team requires for the review of internal fraud are exactly the same controls that the Revenue Assurance group needs to assure revenues. Why build the controls twice, or double up on the compliance activity?
2.
3.
Integration of Fraud and Revenue Assurance activities is greatly simplified with a good understanding of the Revenue Assurance lifecycle. What does it mean to integrate Fraud and Revenue Assurance? Who will handle Forensics? More importantly, what are the forensics associated with Fraud and how are they different from those required for Revenue Assurance? Can you easily train a Forensics Analyst to assess both leakage and fraud risk, or do you require a completely separate set of skills? When managing controls, do you need a separate person setting up controls for each? Who is monitoring those controls? How can one person be utilized to double the efficiency of the operation? There are fraud controls that require a specialized Fraud team to manage the Fraud Management systems. The physical network element security and other areas require specialists. And the operational leverage from integration is very high and is an important consideration.
GRAPA
85
Since all of the measures are being turned into a common unit (Revenue at Risk for a specified / forecasted period of time), management has the ability to clearly compare the effectiveness of each effort. This will include: 1. 2. Remediation Activity Corrections KPIs How many cases of fraud were addressed and resolved and what value was delivered to the business as a result? Detection Activity Forensics and Controls KPIs How much revenue at risk of fraud and actual fraud was discovered through the combined activities of Forensics Analysis? Deterrence Activity Controls and Compliance KPIs How much fraud loss was prevented due to the activities implemented?
3.
As in the case of Fraud, the management and measurement of this activity is consistent with the overall Revenue Assurance lifecycle and measures defined. In some cases of suspected revenue loss due to an interconnect margin problem, it is assigned to the Forensic Analyst for review. In other cases, where management suspects there may be a problem, the entire domain will be assigned to Revenue Assurance. In either case, the Forensic Analyst will investigate the situation utilizing risk, exchange, process, and systems analysis. Once the situation and environment is fully understood, the analyst will perform a numerical analysis to determine if there is a problem.
GRAPA
86
Based on its findings, the Forensics Team will: 1. 2. 3. 4. 5. Recommend changes in policies and procedures (how contracts are negotiated) Suggest creating some new operational procedures or reports to check on the condition Recommend that a new control be established to track rate changes Recommend that a new change management procedure be established to assure accurate tracking of interconnect network topology changes Suggest any number of other remedies
It is clear is that these types of outputs fit the structure of the Leakage and Fraud Domain Management approaches exactly.
GRAPA
87
The answer for many organizations has been to assign this responsibility to the Revenue Assurance group.
Cannibalism
Cannibalism is another tricky and often damaging consequence of unexpected consumer behavior. When marketers propose rate plans and programs, they usually create their forecast of the value of the offering based upon the net adds, that is, the number of new customers that will be attracted to the program. What is often not considered is the fact that new rate plans are usually available to existing subscribers as well as new customers. An attractive program launched to generate one million new customers may actually attract no new customers, but instead converts one million existing customers to the lower plan. The result is a money loser, not a revenue generator. Again, a consistent, independent monitoring of the rate plan forecasts and actual results is critical to genuine success.
The expansion of the scope of Revenue Assurance to include rate plan and margin assurance is significant for several reasons. 1. 2. 3. 4. It signals a new level of trust and sophistication in the role of Revenue Assurance. It represents a more complex framework for implementation. It moves Revenue Assurance into domains where the Revenue Assurance delivered can be significant and expands scope into the Marketing and Forecast of Revenues areas. It provides for a much more proactive and high value positioning for the group.
GRAPA
88
Assurance of new product development requires that the person doing the assurance understands: 1. 2. 3. 4. Network technology and topology Billing architectures (prepaid and postpaid) and how they work Revenue streams and their management Pricing and Sales Forecast Assurance
With the inclusion of margins and rate plans in the Revenue Assurance charter, we have a team that is perfectly positioned and equipped to take on the responsibility. It was not long ago that Revenue Assurance teams were fighting to get themselves included in the product development process. With the rapid implementation of more and more technologies, business models, marketing schemes, and operational innovations, Telco managers have learned the hard way that, without a qualified revenue management specialist involved in the final signoff on the rollout, the chances of losing money because of misalignment of the many different aspects of the process are very high. Products that are designed without the requisite hooks into the Telcos existing revenue streams (both prepaid and postpaid) might be very popular with customers, but extremely difficult to bill and manage. The history of Telco Revenue Assurance is loaded with examples of carriers who have deployed products too quickly, and without enough Revenue Management scrutiny. This resulted in deployment disasters when the product was released.
GRAPA
89
We will now consider each of these in more detail from a Revenue Assurance perspective.
GRAPA
90
The easiest way to determine the loss associated with Churn would be to view the reports written by the Marketing, CRM or Data Warehouse/Business Intelligence group that track the churn numbers for the firm. If such reports exist and are accurate, then the Forensic job is simple. It would involve looking at the current history of loss, noting the trend, creating a quick 12 month forecast, and reviewing the annualized revenue at risk number. If this number is larger than any of the other Revenue Assurance cases currently under review, then including Churn in the portfolio of domains is justified. Unfortunately, there are many if statements in that last sentence. What if there is no report about Churn available, or what if the report has results that are highly suspect? In such cases, the Forensic Analyst will need to perform the Process, Exchange and Systems Analysis to obtain the real numbers. Churn management and Churn reporting is a complex and highly sophisticated activity. But then again so is the assurance of a billing system or a switch. The Forensic Analyst will require a special set of skills and knowledge, but that is always true. In many cases, the only way to generate a truly meaningful forecast of Churn (in order to report the annualized revenue at risk) is through employment of sophisticated statistical methods. These methods are already included as part of our Forensic Methodology. Assuming that the Churn situation is serious, the Forensic Specialist needs to go about the process of defining the appropriate remedies. A common set of controls and corrections associated with churn management includes the following: 1. Creation of an application or data warehouse, which reports to management the history and forecasted loss due to Churn for a 12 month backward and forward period. This report is a foundational control and becomes the main control for other activities. Establishment of a procedure for the review of all Churn Management proposals by Marketing or CRM. This Change Management procedure is similar to the ones initiated for Rate Plan Assurance and New Product Development Assurance. They typically consist of a checklist of issues and aspects that must be considered with any Churn-based initiative. This requires that the initiative be traceable to an Impact Forecast, which is then measured. Ongoing tracking of the risk of Churn, the losses due to Churn, ongoing recommendation of remedies (changes in operations, policies and procedures), and controls.
2.
3.
Revenue Assurance groups that have taken responsibility for Churn have been very successful for the most part. I believe this is due to their revenue-based view of the problem, rather than a marketing-based view (emphasizing headcount and short term sales) or a CRM-based view (emphasizing customer satisfaction versus revenue actually delivered). The Revenue Assurance Team can add value to the business in the management of churn, but this currently represents the leading edge of frontiers that Revenue Assurance is addressing.
GRAPA
91
At this time, the majority of the excursions into these areas focus on network elements (switches and/or BTSs), but there is no reason to assume that it needs to be limited to these areas. This discipline is applicable any place that an asset is critical to the generation of revenue.
GRAPA
92
he following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards Document and ratified by the membership January 2009.
II. Objectives for Revenue Assurance Activity a. Leakage Management the process of monitoring for, detecting and remedying revenue leakage i. Loss due to system error revenue losses caused by errors in programming or systems design ii. Loss due to operational (human) error revenue losses caused by errors in the way processes are executed b. Fraud Management Intentional acquisition of money, services, assets or advantage through illegal means i. Fraud Responses three domains of fraud management activity 1. Remediation fixing the exposure / risk 2. Detection discovering where it is occurring 3. Deterrence preventing it from happening ii. Sources of Fraud Who performs fraud 1. External a. Criminal b. Hobbyist/Amateur c. Opportunist d. Terrorist 2. Internal a. Criminal b. Opportunist iii. Objective of Fraud Why people do fraud 1. Cash / Money 2. Services 3. Misdirection / Misinformation iv. Domain of Fraud - where is fraud management practiced , in what operational areas? 1. Network 2. I/T Systems 3. Processes / Operations 4. Customer Based c. Margin and Rate Plan Assurance Assurance of pricing plans and arrangements against revenue loss (negative margins) i. Interconnect Margin Assurance Assurance of the Interconnect Line of Business 1. Retail Margin Assurance 2. Wholesale Margin Assurance 3. Trunkgroup Expense Rationalization Analysis ii. Rate Plan Assurance Assurance of Traditional Rate Plans 1. Cannibalization Analysis 2. Direct Rationalization Assurance 3. Margin Evaluation
GRAPA
93
iii. Bundling Assurance Assurance of Bundles 1. Direct Rationalization Assurance 2. Margin Evaluation iv. Subsidy Rationalization Assurance Assurance of subsidy programs d. New Product Development - Assurance of new product development i. New Product Pricing Assurance - Assuring product developer pricing assumptions 1. Margin Evaluation 2. Direct Rationalization Assurance 3. Forecast / Performance Track ii. Revenue Management Chain Alignment Assuring the alignment of new products into revenue management architecture 1. CDR / Transaction Capture 2. Mediation Alignment 3. Billing Alignment (Postpaid) 4. Billing Alignment (Prepaid) 5. Service Level Compliance and Alignment 6. Point of Sale / Channel Alignment 7. Provisioning/Activation Alignment 8. Credit / Fraud Risk Alignment iii. Supplier/Partner Compliance and Alignment Assuring partnership arrangements 1. Settlement Architecture 2. Settlement Tracking 3. Settlement Alignment and Compliance 4. Supplier/Partner Margin Analysis e. Market Assurance (Churn, Brand Erosion and Technology Obsolescence Assurance) i. Market Sizing Techniques for determining the presence and assessing the risk of revenue loss 1. Market and Revenue Size Analysis 2. Market Erosion Impact Measurement ii. Market Erosion Root Cause Analysis 1. Churn Reason Codes 2. Churn Reason Analysis 3. Product Feature/Function/Fit Analysis iii. Churn Prediction and Forecasting iv. Market Share Analysis v. Churn Remedy Alternative Development vi. Churn Remedy Effectiveness Analysis f. Asset Utilization Assurance i. BTS Outage Assurance 1. Remediation of BTS Outage 2. Detection and Measurement of BTS Outage 3. Rationalized Deterrence and Prevention of BTS Outage ii. Network Element (NE) Outage Assurance 1. Remediation of NE Outage 2. Detection and Measurement of NE Outage 3. Rationalized Deterrence and Prevention of NE Outage
GRAPA
94
Chapter 10
With the definition of the disciplines and objectives of Revenue Assurance we have almost completed our exploration of exactly what Revenue Assurance is. In this chapter, we will examine the remaining component, which is the Domains and Scope Management. As we have seen, Revenue Assurance practitioners need to take a multi-disciplinary approach to the various revenue risk situations they are asked to address. They may have to cross many different organizational and operational boundaries to determine the nature of the situation and the best way to address the problem. With so many different areas, disciplines and issues involved, it can become difficult to know what is in scope for Revenue Assurance and what is out of scope. There are several risks associated with this situation. 1. 2. There is a risk that management (either implicitly and or explicitly) will assign vague and broadly-defined revenue risk responsibilities to the Revenue Assurance group without considering the possible consequences. It becomes exceedingly difficult to draw the operational and responsibility boundaries between the Revenue Assurance group and the operational groups they serve, as well as the delineation of responsibility between Revenue Assurance and the other risk management groups, such as Internal Audit. The lack of clear boundaries makes planning, capacity forecasting and management extremely difficult for the Revenue Assurance Team.
3.
Most Revenue Assurance groups find it difficult to define clear lines of responsibility. The GRAPA Standards establish a set of principles around the actual declaration and acceptance of responsibility for an area, along with standard methods for establishing the boundaries.
GRAPA
95
Assigning responsibility to an area by function and objective can provide a definite assist, it is not enough. Revenue Assurance issues are so broad, and the Telecommunications operational model is so interdependent and complex that you could almost take any issue to justify assurance of the entire organization.
GRAPA
96
veRtical doMains
The GRAPA Standards recognize the major categories of Vertical Domains listed below. The inventory of Vertical Domains includes systems, BSS or OSS components, operational areas, or departments. Under the GRAPA Standards, each of these domains can be broken down into sub-domains based upon various criteria, as described in the following sections.
Network Domain
The network domain includes all elements in the network environment that are directly associated with revenue generation and or capture. For example, a circuit switch that generates CDRs will be included; a transit switch usually will not. The Network Domain can be further divided into sub-domains by: Geography Brand/Model/Age of Network Element Product/Service Payload Topology Line of Business
Breakdown of the network domain by these sub-domains makes the definition and organization of Revenue Assurance activities easier and more consistent in how they can be applied.
GRAPA
97
Many Telcos have one or at most two applications of the same type in their BSS environment. For some, however, the architecture can become much more complex. When that happens, the number of systems may expand drastically and the sub-domains are then typically defined via: Brand/Model/Age of software Alignment of systems with network sub-domains Geography Line of Business
Operational Areas
Systems are not the only kinds of Vertical Domains to be considered. We can also include operational groups (departments or sub-departments), based on their revenue management role. An area is a candidate for Vertical Domain status if it meets either of the following criteria: Its primary function is a critical aspect of revenue management It manages more than one product or service Some of the more commonly included operational Vertical Domains include: Collections Management Credit Management Point of Sales Operations Sales Channel Management ATM and Banking Channels
These disciplines and controls, and the dozens of others like them can be applied to almost any vertical domain. This helps to standardize the assurance of the areas, and the creation of standard controls that are consistently defined across the organization.
hoRizontal doMains
The other way to divide up the Revenue Assurance responsibility is by the Horizontal Domains. A Horizontal Domain consists of all transactions involved in the capture and processing of revenue information for a particular subset of revenue transactions in the organization. The smallest possible Horizontal Domain would be one phone call, or one data transport. In other words, a single billable transaction is the most granular example of a horizontal domain.
GRAPA
98
Horizontal Domains are typically organized in a way that makes sense for management in an operational and economic context. The most common are segregation by product/business or by customer/market. Ultimately, any horizontal definition of domain is a way to identify a specific stream of revenue, and to provide assurance for that entire stream as it flows through the different vertical systems and operations that help in the management of its revenue. Some examples are included in the following sections.
The novice Revenue Assurance practitioners soon realize that each product line has a unique set of conditions, constraints and operational components. These force the professionals to develop mechanisms that isolate each product line and assure it independent of the others.
GRAPA
99
In larger Telcos, this delineation might actual break down to the point of assuring customer segments differently. Certainly, when we begin looking at issues like churn, then market segment-based domain definition will make a lot of sense.
Wireline o Postpaid Voice VAS aDSL Dialup IPTV Streaming Wireless o Postpaid Voice VAS Data SMS MMS IPTV Streaming GPRS
GRAPA
100
Prepaid
Revenue MaPPing
One of the most useful and most often utilized of the GRAPA standard practices is a technique known as Revenue Mapping. Revenue Mapping is the process of determining exactly which systems and operations (vertical components) are involved in the management of revenue for a specific revenue stream (horizontal component), and then creating a physical map that allows Revenue Assurance professionals to develop a much better understanding of the following points: Exactly where and how revenue flows through the organization Where the biggest risks to revenue are, on a horizontal and vertical basis
GRAPA
101
Confusion about where revenues flow creates a great deal of the complexity and error proneness of Telecommunication revenue streams. Many people simply assume that all Telco revenues flow the same way, when in fact each revenue stream can be unique. One of the main objectives of Revenue Mapping is to clarify the reality of the companys Revenue Management topology.
However, when it comes to Telecoms, nothing can be assumed. Some Telcos have more than one mediation system, distributed by geography or function. Some have different billing systems for various geographical regions.
GRAPA
102
Exploring, discovering and mapping out these components is the real work of Revenue Mapping.
After successfully mapping the postpaid voice business, the analyst might decide to map postpaid Interconnect (outbound) next. The outbound Interconnect business is much more complicated than local. This is because all Interconnect transactions include an accounts receivable (customer pays you) and an accounts payable (you pay partner). We will also need to include the Interconnect Billing System. We might also need to map an additional switch, the POI (Point of Interconnect), which carries traffic to interconnect partners.
GRAPA
103
Assuming that we have $250,000 of outbound Interconnect postpaid traffic each month, we could begin by assigning $50,000 per month to each switch. We can then determine the margin associated with Interconnect. If we assume that it is 50%, then for each $2 of Interconnect business billed to customers, $1 will be paid out to a business partner. The next step will be to identify our POI and allocate $125,000 to it as well. This is 50% of the $250,000 as an Accounts Payable item. We can then assign our value of $250,000 to the Postpaid Billing System (our Accounts Receivable) and the $125,000 to the Interconnect Billing System (our Accounts Payable).
Eric1 $50,000 Eric2 $50,000 Hua1 $50,000 Hua2 $50,000 Nor1 $50,000 POI1 $125,000 Switches
Mediation-North $100,000 Postpaid Billing $250,000 Mediation-East $150,000 Interconnect Billing $125,000
When all revenue streams have been mapped, collapse the maps and generate the overall revenue and payment map for the entire organization The final step in the mapping process is to collapse all of the maps that have been generated and into one master map. Collapsing the map allows the analyst to determine which vertical components are responsible for managing what proportion of the companys overall revenues. Many times, systems and areas assumed to be trivial turn out to be critical, high risk areas. In our previous example, we can collapse the Postpaid Local Voice and Outbound Interconnect into the following consolidated revenue map.
GRAPA
104
Eric1 $150,000 Eric2 $150,000 Hua1 $150,000 Hua2 $150,000 Nor1 $150,000 POI1 $125,000 Switches
Mediation-North $300,000 Postpaid Billing $750,000 Mediation-East $450,000 Interconnect Billing $125,000
As indicated in the above diagram, our Postpaid Billing System is the most valuable vertical component with a net value of $750,000 per month. The second most critical is the Mediation-East System valued at $450,000.
Retail Billing 2M Wholesale Billing Mediation Mediation 76.75M 35M Calling Card Billing 3M Interconnect Billing 36.75 A more complex revenue map Collections 40M Dunning 1M Settlement 36.75
As the number of revenue streams increases, the nature and distribution of revenue across the organization becomes clearer.
GRAPA
105
hoRizontal foRensics
The concepts of Horizontal Assurance and Revenue Mapping are exciting and powerful tools to contain revenue risks at a reasonable cost. Most Revenue Assurance practitioners believed that it is a purely vertically oriented operation. By focusing only on the vertical aspects of assurance, however, there are many benefits and opportunities to leverage tools, techniques and approaches that are not readily apparent.
Risk Maps
After creating of the Revenue Maps, there is much that the Forensic Analyst can do with them. The first might be to perform an assessment of the risks to revenues one vertical component at a time. By reviewing the risk to the organization along a single revenue stream, and factoring in the economic risk that each vertical component represents, the analyst can generate a revenue risk map that gives management a clear understanding of just where the risks to revenue are. In addition, the map will indicate how much actual revenue at risk each vertical component represents. Inability to gauge the risk to revenues across the organization has been one of the major handicaps. With risk maps, everyone can now see where the risk exists and, more importantly, how great the risk is. To perform risk mapping, we begin with a consolidated revenue map (shown below), illustrating all systems and their relationships.
GRAPA
106
Roaming Reconciliation
Roaming Collections
Roaming Negotiation
Inter-carrier Collections
Inter-carrier Negotiation
Collections
Dunning
Pre-paid Reconciliation
Voucher Management
Channel Dunning
We then enhance this map by assigning the level of risk to revenue that has been defined. This is done by utilizing Forensic Risk Assessment techniques.
Roaming Reconciliation
Roaming Negotiation
Inter-carrier Collections
Inter-carrier Negotiation
Collections
Dunning
Pre-paid Reconciliation
Voucher Management
Channel Dunning
Development of risk maps represents a big step forward for Revenue Assurance as a profession. The Revenue Map/Risk Mapping discipline is a starting point for creating a true enterprise Revenue Risk Strategy. It also provides a powerful and
GRAPA
107
easy-to-understand tool for documenting and disseminating information about the scope of Revenue Assurance and the levels of coverage provided to each area. Risk Mapping, though useful, still leaves the Revenue Assurance group with a methodology that relies heavily on subjective interpretation rather than objective and quantifiable risk. It is for this reason that the Noise Analysis Methodology was created. Noise Analysis is a technique used to convert the relative and subjective judgments of a risk map into a more objective and quantifiable method for estimating the risk of revenue loss embedded in each vertical component of a Revenue Map.
Roaming Reconciliation
Leakage + Unrecoverable + Too Expensive to Recover
Realized Revenue
Unrecoverable
Unrecoverable
Roaming Collections
Leakage + Unrecoverable + Too Expensive to Recover Unrecoverable Network Activity
Realized Revenue
Roaming Negotiation
Leakage + Unrecoverable + Too Expensive to Recover
Realized Revenue
Settlement
Leakage + Unrecoverable + Too Expensive to Recover
Realized Revenue
Realized Revenue
Leakage + Unrecoverable + Too Expensive to Recover Unrecoverable Network Activity
Realized Revenue
Inter-carrier Collections
Leakage + Unrecoverable + Too Expensive to Recover Unrecoverable Network Unrecoverable Activity
Realized Revenue
Inter-carrier Negotiation
Leakage + Unrecoverable + Too Expensive to Recover Unrecoverable Network Unrecoverable Activity
Realized Revenue
Network
Mediation
Leakage + Unrecoverable + Too Expensive to Recover Unrecoverable Network Activity
Unrecoverable
Unrecoverable
Realized Revenue
Leakage + Unrecoverable + Too Expensive to Recover Unrecoverable Network Unrecoverable Activity
Billing
Collections
Leakage + Unrecoverable + Too Expensive to Recover Unrecoverable Network Unrecoverable Activity
Realized Revenue
Realized Revenue
Dunning
Pre-paid Reconciliation
Leakage + Unrecoverable + Too Expensive to Recover Unrecoverable Network Unrecoverable Activity
Realized Revenue
Voucher Management
Leakage + Unrecoverable + Too Expensive to Recover Unrecoverable Network Unrecoverable Activity
Realized Revenue
Realized Revenue
Channel Dunning
The specific details behind the concept of Noise Analysis are really a practice rather than a standards issue, but it is important to mention that this methodology exists. We also should note how it provides for a more quantitative approach to the overall problem of enterprise Revenue Risk Planning and Management.
hoRizontal contRols
Just as there are a number of controls that lend themselves well to assuring Vertical Domains, there are also controls that make assurance of Horizontal Domains easier. Among the horizontal controls most often utilized are: 1. 2. 3. Test Calls and Test Plans For end to end assurance of any domain Change Management Procedures Ensuring that all Vertical Domains involved in a particular revenue stream are included in the changes being managed Synchronization Synchronization of data across Vertical Domains for a particular Horizontal Domain
In addition to these few obvious examples, many of the control mechanisms employed are effective for both Horizontal and Vertical Domains.
GRAPA
108
GRAPA
109
GRAPA
110
he following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards Document and ratified by the membership January 2009. III. Domain and Scope Management a. Vertical Domain (In alignment with GRAPA Body of Knowledge) i. Network Domain 1. Wireline 2. Wireless 3. Data/Cable 4. Satellite 5. WiMAX 6. LMDS/MMDS 7. Microwave 8. Content ii. Mediation Domain iii. Postpaid Billing Domain iv. Prepaid Billing Domain v. Interconnect Domain vi. Roaming Domain vii. Content Management Domain viii. Customer Service Domain b. Horizontal Domain i. Postpaid Line of Business Operations ii. Prepaid Line of Business iii. Interconnect Line of Business iv. Roaming Line of Business v. Value Added Services Line of Business vi. Cable-Based Services Line of Business vii. Streaming Services Line of Business viii. Data Services Line of Business ix. Content-Based Services Line of Business x. Satellite Services Line of Business c. Payment Channel Domain i. Point of Sale Payment Channel ii. Sales Channel Payment Channel iii. Prepaid Retail Payment Channel iv. Distribution Payment Channel v. Credit and Collections Payment Channel vi. Credit Card and ATM Payment Channel d. Provisioning and Activation Process e. New Product Development Process f. Fraud Management
GRAPA
111
GRAPA
112
C h a p t e r 11 - O r g a n i z a t i o n a l P r i n c i p l e s
Chapter 11
oRganizational PRinciPles
The final section of the GRAPA Standards is concerned with the principles of Revenue Assurance. The other sections are focused on the designation of what Revenue Assurance actually is. This includes the tasks and structures associated with the mechanics of performing the Revenue Assurance job. The principles, on the other hand, provide the practitioner with a structure regarding assignment of responsibilities for various jobs, and integrating those jobs into the context of the larger Telco organization. We have divided the principles into two sections for this discussion. The first section, Organizational Principles, focuses on how to fit Revenue Assurance into the organization. Here, we consider how the Revenue Assurance professional should interact with various departments and personnel. Organizational principles are also concerned with KPIs and measuring the effectiveness of Revenue Assurance. In the second section, Operational Principles, we address the ethics and standards of performance issues. (What are the principles that should guide the Revenue Assurance professionals activities? And what are the benchmarks to their participation in the corporate world?)
GRAPA
113
And it must maintain enough of the integrity of the Revenue Assurance job itself to gain the leverage delivered by economies of scale, standardization, and a shared body of knowledge.
So while some Telcos may employ external consultants to run their Revenue Assurance activities, others may call this risk management and include it under that organizational structure, while still others may designate the Revenue Assurance Department as the organization responsible. In all cases, it is still the process of Revenue Assurance and the actual work that needs to be done and the approach that should be taken does not change.
C h a p t e r 11 - O r g a n i z a t i o n a l P r i n c i p l e s
We do not insist that you act a specific way. Instead, we forewarn you of the reality of the situation, namely that you will run into these conflicts on a regular basis. It is intrinsic in the nature of the Revenue Assurance job. Therefore, our standards are designed to label, structure and provide guidelines for how to best navigate these situations. When it comes to organizational alignment and assignment, there is no right way. There is only the best fit for your organization, environment and situation.
GRAPA
115
Which organization has the personnel, skills and tools that best qualify them to do the job? Which organization is best positioned to manage the nature of the jobs to be completed and the workload involved?
This, of course, represents an idealized approach to the problem. In reality, the time, trouble and energy it would take to do all of this best-fit-mapping, and the administration of the resultant chaos, would make it cost prohibitive and impractical.
Adopting this model for the responsibilities of the Revenue Assurance Department, as opposed to viewing Revenue Assurance as an unrelated collection of discrete assurance tasks, offers value to the Telco, management, operational managers, and other support teams. This value is provided with very little reason for conflict. A Revenue Assurance group that is organized and positioned this way provides the organization with a flexible, cost effective unit, whose main role is the optimization of coverage for revenue risk. This is in response to the ever changing demands of the business and the various operational areas.
GRAPA
116
C h a p t e r 11 - O r g a n i z a t i o n a l P r i n c i p l e s
GRAPA
117
4. 5.
For all the reasons mentioned, and based upon the principles that we have discussed, the position of the current Revenue Assurance standards is that Revenue Assurance is a shared responsibility. We assume that each organization will need to make its own, customized allocation of Forensic, Correction, Control, and Compliance assignments across the landscape of Horizontal and Vertical Domains. The decision to choose this model is not an easy one. The flaws and problems that it represents are obvious. However, if the standards are going to be practical, i.e. if they are going to help Revenue Assurance professionals do their jobs, then we must provide them with guidelines and insights about how best to manage it. Unfortunately, any attempt to dictate a structure that can be imposed on this wide range of organizations and environments is doomed to fail, at least in the short term. As Revenue Assurance matures, there may be an opportunity for a movement in this direction, but we must deal with the current reality. The Shared Responsibility Model means that each Telco will be forced into crafting a unique, tailored implementation by blending and optimizing the many factors. Ultimately, we believe that the model that prevails will be Revenue Assurance as the Administrator of Strategy and Practice and allocation of different organizations to different tasks based on the situation and the demand.
oRganizational PRinciPle #1: the RelationshiP of Revenue assuRance to the oPeRational teaM
The first organizational principle of the GRAPA Standards is that Revenue Assurance exists to support and aid operational managers in the accomplishment of Revenue Management integrity in their areas. Revenue Assurance does not override or supersede the decisions of the Operational Management team.
GRAPA
118
C h a p t e r 11 - O r g a n i z a t i o n a l P r i n c i p l e s
oRganizational PRinciPle #2: the RelationshiP of Revenue assuRance to otheR suPPoRt oRganizations
In any Telco, there will be occasional situations where overlap of functionality arises. Two or more organizations may feel that it is their charter to handle a specific task. When such a conflict occurs, there must be a policy or guideline in place to address and help rectify the conflict. In such cases, the GRAPA Standards state that the decision regarding which group should be assigned responsibility must be based on which group: 1. 2. Is most qualified Can provide the best return on investment
This is covered by the operational principle that states that the overriding objective of Revenue Assurance is to accomplish the best coverage for the lowest cost.
GRAPA
119
These four statements embed the critical aspects of what we consider the overall mission of the Revenue Assurance team. Let us consider each in more detail.
In other words, without the benefit of one group that unifies and standardizes the approach and the reporting and guarantees the quality and impartiality of the effort, management receives a level of assurance that is not at all cost-effective. In order for management to be confident that the full range of revenue risks are understood and handled appropriately, there must be one agency responsible for establishment and reporting of that exposure. This is not to say that the Revenue Assurance group has to perform the Forensic Analysis in all cases, only that it needs to provide an assessment of that risk. It is perfectly acceptable for Internal Audit, Fraud Control, or an operational area to do their own Revenue Risk Assessment, as long as the Revenue Assurance group reviews the findings and applies a standard template to the analysis and reporting. We are not implying that the findings and conclusions drawn by other groups are to be considered in error or suspect in any way. However, these different analyses and conclusions must be standardized if management is to have a clear understanding of the exposure. The Revenue Assurance Group is best qualified to provide this service.
GRAPA
120
C h a p t e r 11 - O r g a n i z a t i o n a l P r i n c i p l e s
GRAPA
121
Any of these conditions require that top management be called upon to make the final determination. For example, a decision to implement a $1 Million Revenue Assurance Controls and Analysis System requires that top management be directly involved.
GRAPA
122
C h a p t e r 11 - O r g a n i z a t i o n a l P r i n c i p l e s
Many people become fixated on the subject of establishing criteria for the correct level of assurance. The bottom line question is, What is the proper level of coverage to set for an identified risk to revenue, and who should set that level? In other words, when presented with a revenue risk situation, there are a large number of potential solutions. You can to a first class job, correct all of the root causes, and ensure that there will never again be any revenue losses of this kind. We refer to this as the zero tolerance for risk scenario. 2. You can implement a control that allows for the risk of something to go wrong, but provides you with a gauge and an alarm that will notify you when it happens. 3. You can decide that the risk is low and do nothing. How do you decide which is the appropriate response? Under the principle of appetite for risk, management makes the decision in the following manner: 1. The actual amount of risk (the 12-month forecast of losses that could occur if nothing is done) and the degree of risk (the likelihood that this will occur) provide an understanding of the revenue at risk. 2. The Forensic team provides management with a number of options, including: a. The cost to implement the option b. The impact that the option will have on the degree of risk c. The impact that the option will have on the amount of risk 3. Management considers the degree of risk, amount of risk, and cost of the remedy and decides which one is preferred. This may seem arbitrary at first glance, but the approach is actually quite logical. Lets consider a situation. It is discovered that a switch is delivering fifty percent of its CDRs in error. What should you do? Replace the switch? Repair the switch? Create a control around the loss of CDRs? The answer is it depends? The questions that need to be asked before a decision can be made include: 1. 2. 3. 4. How much revenue is actually at stake in this situation? How much will it cost to repair or replace the switch? What is the network maintenance plan for this switch? Is it scheduled for replacement? If so, when? 1.
Based on the answers, someone will have to make a rational decision. This decision will need to account for all factors and consider how much risk management is willing to accept. The concept of appetite for risk, like that of the measurement of revenue at risk is a foundational concept that drives the GRAPA Standards framework for decision-making.
GRAPA
123
There are several reasons why GRAPA is taking this position: 1. The decision to take responsibility for different revenue risk cases or to perform an in-depth Forensic Analysis of a specific domain can easily create territorial disputes. Disputes can occur between the Revenue Assurance group and the operational group being assured, or between Revenue Assurance and various complementary groups (Internal Audit, Sarbanes-Oxley etc.). In either case, a directive from management, and from the operational team involved, is the best policy to minimize conflict and confusion. The decision to take responsibility for an area is exactly that -- a responsibility. When the Revenue Assurance group declares a domain to be in scope, it is saying that the domain has been analyzed, the risk identified and quantified, and the appropriate controls initiated. If the Revenue Assurance team allows management or operational groups to declare that a domain is the responsibility of the Revenue Assurance group before they have performed their due diligence, then the Revenue Assurance group will rightfully be held responsible for leakages and losses. Related to point two above is the fact that every addition to the scope of the Revenue Assurance department should result in an increase in budget and headcount for the department. As the scope grows, so should the size of the team. If Revenue Assurance managers fail to associate scope with budget/head count, then management will simply pile more scope on them, resulting in erosion of the overall level of risk containment. There will be no way for anyone to determine how great that risk might be.
2.
3.
The explicit declaration of scope, and the fastidious analysis and remedy of risks in those domains is the entire point of Revenue Assurance, and it is critical that the Revenue Assurance Manager, Operational Managers, related areas and the top management team are aware of how large the scope of Revenue Assurance is, and the related significance.
GRAPA
124
he following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards Document and ratified by the membership January 2009. IV. Ethics and Principles : Organizational a. IV. A. Delegation of Responsibility for RA i. It is not the job of the RA Professional to insist that they do all of the RA job. The overriding goal of the RA professional is to make sure that the RA job is performed with integrity with a goal of maximum effectiveness for minimum cost. ii. The directive to accomplish maximum effectiveness for minimum cost means that the RA manager will work with other departments (operational teams, operational managers, internal audit, I/T and other groups) and encourage the development of solutions, and the allocation of responsibilities in a manner that makes the most sense for the entire organization. b. Responsibility and Relationship to Management i. It is the responsibility of the RA practitioner to assess and report actual revenue loss, potential revenue loss and to assess the potential risk of loss due to leakage or fraud to management. ii. It is managements responsibility to review and decide upon the degree and nature of the mitigation of that risk (if any). iii . RA professionals do not choose levels of risk or determine policies regarding how operations should be performed or who should perform what task. That is the responsibility of management. c. Responsibility and Relationship to Operational Managers and Peers i. It is the responsibility of the RA practitioner to work with and assist operational managers with the accuracy , efficiency and effectiveness of their operational areas. The addressing of leakage, risk of loss or other risk or fraud exposures are the clear and full responsibility of the operational team in assigned to that area. ii. Revenue assurance is present to assist those operational teams but not to assume their responsibility. iii. (unless at the explicit direction of top management the RA team takes on certain aspects of this operational responsibility). d. Responsibility and Relationship to Related (Support) Departments i. It is the responsibility of the RA practitioner to work with and assist the people responsible for Internal Audit, Business Process Reengineering or any other staff discipline which might overlap with the scope or RA. The objective of RA is to attain maximum impact for minimum cost and if the related department can do the job (Forensics, Controls Management, Compliance and Corrections) better, faster or more efficiently, then it is the responsibility of the RA practitioner to do everything possible to help that group to accomplish those objectives. e. GRAPA Inter-organizational Principles (Review) i. Under the GRAPA standards, it is the responsibility of the Revenue Assurance practitioner to assess and report on the risk of revenue loss, or the extent of revenue loss suffered within a particular operational area as directed by management , and in cooperation with the operational manager responsible for the area under review.
GRAPA
125
C h a p t e r 11 - O r g a n i z a t i o n a l P r i n c i p l e s
Based upon these guidelines, the following conclusions ensue: 1. It is the job of RA to assess risk and loss only in areas where management has directed it to. It is not the job of RA to look for risk without this direction. 2. It is the job of RA to report the risk of loss, but it is NOT the job of RA to recommend or enforce a particular level of loss. The appetite for risk, and the level of acceptable risk is a parameter set explicitly by the management team. 3. If so directed, the RA team can be commissioned with responsibility to investigate, develop and promote recommendations for the reduction of a risk exposure from its current level, to a level set by management. 4. The RA team will only be involved in the assessment of risk and loss in areas where the manager responsible for the operational area in question has agreed to cooperate. We believe that it is impossible to accurate assess risk , report risk and remedy risk without the full commitment of the operational management team. 5. The RA team can be invited by the operational manager, or by top management to proactively and aggressively assist the operational manager in the assessment of his risk exposure and in the development of a coverage plan. 6. Coverage plans and the institution of new controls must be approved by operational managers and top management before they are to be executed. 7. Primary responsibility for the execution of a coverage plan and implementation of new controls will be the responsibility of the operational manager. 8. The RA team may assist or execute a coverage plan at the request of top management and/or the operational manager. 9. Compliance reporting will be developed as part of the coverage plan, and all ultimate compliance and risk/loss reporting will be managed by the RA team, separate from the operational area.
GRAPA
126
Chapter 12
Consensus
It is the primary objective of the Revenue Assurance team to promote cooperation between the operational teams involved in each aspect of Revenue Management, Accounting and Delivery. Revenue Assurance should primarily be a vehicle for collaboration. The goal of Revenue Assurance is to create a solution that involves the consensus of all parties involved. Revenue Assurance is not an internal audit or policing function; it is a problem-solving function and most problem-solving requires the cooperation of all parties involved in the problem. This concept of consensus aligns perfectly with many of the other issues and principles we have discussed. The Revenue Assurance professional must always be aware and concerned about the effect of actions on other groups.
GRAPA
127
Integrity
All Revenue Assurance activities should have a primary focus on the integrity of the activities performed. This integrity applies to relations with managers, to how the job is conducted, and to the findings and reports. One might say that integrity is an obvious principle and does not require listing. However, the practice of Revenue Assurance has unfortunately been plagued by a lack of integrity in execution. The lack of integrity is evident in such cases as: 1. 1. 1. Revenue Assurance groups that are sloppy in executing, granting approval, and accepting scope and responsibility for domains and systems that they known to be invalid. Revenue Assurance groups that report figures and provide information about which they are unclear. Revenue Assurance groups that accept responsibility for areas they do not understand and are not qualified to assure.
If Revenue Assurance intends to gain recognition as a reputable and meaningful profession, establishment of integrity will be the key.
Rationalization
All Revenue Assurance activities should be based on the principle of Rationalization of Investment. Any investment of company time, money, and effort in pursuit of Revenue Assurance objectives must be balanced against the anticipated benefits in risk reduction, revenue retention, or revenue maximization. The Revenue Assurance practitioner is responsible for understanding, documenting and assuring the rationalization of all investments and decisions. Every Revenue Assurance decision requires a balance between the degree of risk mitigated and the associated cost. The Revenue Assurance team must be aware of this tradeoff and develop the rationale and criteria for making those decisions clear. Our concepts of revenue at risk and managements appetite for risk are intrinsic to consistently enact this principle. Rationalization is critical, but it must be remembered that, when rationalization is promoted without an underlying discipline, rigor and confidence, it is worse than doing nothing at all.
ethical PRinciPles
Ethical principles provide professionals with an understanding of the expectations associated with their task performance. As with other principles, the decisions and structures created to enforce them is related to practices rather than standards. The GRAPA organization clearly expects members to adhere to these principles as well as the others.
GRAPA
128
Corporate Responsibility
It is the responsibility of the Revenue Assurance practitioner to stay alert and aware of all risks to the revenues and assets of the firm. The Revenue Assurance practitioner will always, without fail, report any serious risk of loss to the appropriate agencies or authorities . even if it is not within the scope of the Revenue Assurance practitioners responsibilities. Corporate responsibility is an important part of the Telecommunication employees role, but the Revenue Assurance professional has a special status. As a person responsible for assurance of revenues, the professional is in a position of trust. The Revenue Assurance practitioner may be responsible for detecting and addressing fraud (both external and internal), be responsible for millions of dollars in revenues, and involved in cash and financial management and assurance. For these reasons the Revenue Assurance professional is expected to maintain the highest level of honesty and trustworthiness. Another critical aspect of corporate responsibility is the professionals responsibility to the companys customers, partners, and governmental and regulatory agencies. Corporate responsibility reaches out to these agents as well. If the Revenue Assurance professional discovers any impropriety, even if that impropriety financially benefits the firm in the short run, it is the professionals responsibility to bring the case to management. Allowing known illegal or questionable business practices to continue exposes the firm to increased risk over time. As in all situations, it is the responsibility of management to assess the level of risk and to make the decision to act. However, failure to note and report such cases is a violation of the Revenue Assurance professionals ethical responsibility.
PRinciPles of PRactice
Finally, we have our principles regarding how Revenue Assurance is to be practiced, in general reinforcing and re-instating existing principles.
GRAPA
129
Competency Requirement
Revenue Assurance functions should be staffed with those who collectively have the knowledge and skills necessary to conduct Revenue Assurance activities. Outside consultants with requisite knowledge may need to be hired to complement the internal staff. GRAPA recommends that staff receive a minimum number of hours of continuing education each year and maintain a record of that training. The Revenue Assurance practitioner is responsible for conducting activities with competence. The competency requirement is essentially a restatement and focusing of the integrity requirement. The Revenue Assurance group must accept responsibility for attaining the appropriate level of competency within their organization. This is a serious problem for many departments, and one of the reasons that the GRAPA training and certification programs have been launched.
Transparency Requirement
All Revenue Assurance activities are to be conducted in a straightforward and transparent manner. All processes and activities are to be documented and published for review of the appropriate persons involved. Forensic Analysis techniques, assessment reports, quantification findings, and correction and control recommendations should be clearly documented and published in a manner that makes the process, intention and results clear to all parties involved. The practice and maintenance of a posture of transparency assures operational managers and teams that the work of Revenue Assurance is straightforward and geared towards helping them in accomplishing their objectives. It also reassures them that Revenue Assurance is not acting as an auditor or trying to make them appear incompetent or criminal. Transparency combined with a dedication to integrity of operations is the key to a successful Revenue Assurance team.
GRAPA
130
he following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards Document and ratified by the membership Jan. 2009.
V. Ethics and Principles - Operationall a. Consensus i. It is primary objective of the revenue assurance team to promote cooperation between the operational teams involved in each of the different aspects of revenue management, accounting and delivery. Revenue assurance should be a vehicle for collaboration first and foremost. The goal of RA is to create a solution that involves the consensus of all parties involved. RA is not an internal audit or policing function, it is a problem solving function and most problem solving requires the willful cooperation of all parties involved in the problem. b. Integrity i. All revenue assurance activities are to be performed with a primary focus on the integrity of the activities performed. Integrity includes the integrity of relations with other managers, the integrity with which the job is conducted and the integrity of the findings and reporting utilized. c. Rationalization i. All revenue assurance activities should be based on the principle of rationalization of investment. Any investment of the companies resources (time, money, effort) in pursuit of revenue assurance objectives must be balanced against the anticipated benefit in risk reduction, revenue retention or revenue maximization anticipated. The RA practitioner is responsible for understanding, documenting and assuring the rationalization of all investments and decisions. ii. Every revenue assurance decision requires that a balance be struck between the degree of risk mitigated and the cost of accomplishing that degree. The revenue assurance team will at all times be aware of this tradeoff and make the rationale and criteria for making those decisions clear. d. Corporate Responsibility i. It is the responsibility of the revenue assurance practitioner to stay alert for and aware of any and all risks to the revenues of the firm and well as to any assets of the firm that are involved. The RA practitioner will always and without fail report any serious risk of loss to the appropriate agencies or authorities whether it is directly within the scope of the RA persons responsibilities or not. e. Competency Requirement i. Revenue assurance functions should be staffed with those who collectively have knowledge and skills necessary to conduct RA activities. Outside consultants with requisite knowledge may need to be hired to complement internal staff. GRAPA recommends staff receive a minimum number of hours of continuing education each year and maintain a record of training. The RA practitioner is responsible for conducting activities with competence. f. Transparency Requirement i. All RA activities are to be conducted in a straightforward and transparent manner. All processes and activities are to be documented and published for review of the appropriate persons involved. Forensic analysis techniques, assessment reports, quantification findings, correction and control recommendations should be clearly documented and published in a manner that makes the process, intention and results clear to all parties involved.
GRAPA
131
g. Maximum Effect for Minimum Cost i. It is the responsibility of the RA professional to always attempt to attain the maximum impact (in terms of the reduction of revenue loss, risk of loss or other objective) for the minimum investment. The best cost solution is always preferred.
GRAPA
132
Early in this book, we considered some of the alternative definitions of Revenue Assurance. We saw that it is easy to come up with a high-level, well intentioned definition, but that it is too broad to communicate any real meaning, or so narrow that the definition can only be applied to an individual company or situation. Conversely, creating a definition that communicates widely applicable and substantive information is quite challenging. Broad, ideal-sounding definitions often turn out to be non-definitions. Such definitions claim to work, but it only appears this way because people fill in the blanks with their own interpretations. Such broad definitions are worse than no definition at all because they foster miscommunication, confusion and ineffectiveness. Making sure that the processes associated with Revenue Management occur without error is a definition that is so broad that almost anything can be included in its scope. An overly narrow definition fails in the same way as it again leaves it to the individuals imagination to project what may be the other facets of the discipline. A more specific definition such as The process of assuring that all CDRs are managed by the billing system in an accurate and timely manner excludes so many areas of Revenue Assurance that it can actually be viewed as an untrue statement. It is my hope that through the last 100 or so pages we have proven that neither type of definition is sufficient or necessary.
GRAPA
133
5. Assurance of new products 6. Assurance of efficient network assets utilization 7. Assurance against the risk of loss due to churn and market erosion Q.3: What is included in the scope of a Revenue Assurance department? A.3: All domains assigned to the group by management as defined by discrete horizontal and vertical domains. Q.4: What is the role of Revenue Assurance in the organization? A.4: To support the efforts of operational managers to minimize the risk of revenue loss and maximize the level of revenue recognized for all transactions. While I will agree that this definition is far from eloquent, it certainly provides a clear understanding of the processes, scope, mission, and constraints associated with the practice of professional Revenue Assurance as of January 2009.
next stePs
With the ratification and acceptance of these standards by the GRAPA Membership, the organization is now ready to proceed with the next step in the process of professionalization.
GRAPA
134
A p p e n d i x A - T h e G R A PA C e r t i f i c a t i o n P r o g r a m ( 2 0 0 9 )
With the formal ratification of the GRAPA standards, the GRAPA organization has undertaken to immediately provide the Revenue Assurance community with a credible, extensive certification program. This program will allow Revenue Assurance professionals to attain recognition for their knowledge and skill, gain access to a shared pool of expertise for the expansion of their knowledge base, and begin the process of separating the professionals from the amateurs and tourists. The creation and administration of certification is now the primary focus of the GRAPA organization. As of February 2009, a limited pilot program, which offers certification programs for Revenue Assurance Managers, Fraud Specialists, Internal Auditors, Forensics Specialists, Generalists, and Apprentices (Novices), is being launched. This initial program will offer certification to members based on their successful completion of: 1. 2. 3. 80 hours of training in their area of specialization Successful completion of a battery of tests, which assure that their level of knowledge and mastery of the body of knowledge is sufficient Demonstration of a suitable level of real-world experience, varying with the certification they pursue
GRAPA
135
benefits of ceRtification
In addition to the many personal and professional benefits, the certified Revenue Assurance professional will gain recognition in several ways: 1. 2. 3. 4. Information about career, accomplishments, and certification status will be posted on the GRAPA website. Upon receipt of certification, the members new status will be communicated to the entire GRAPA community via email announcements. The member will receive a certificate and frame for display in their office. Certified members will qualify to teach, run conferences and town hall meetings, chair committees, and other GRAPA responsibilities and honorarium.
GRAPA
136
A p p e n d i x A - T h e G R A PA C e r t i f i c a t i o n P r o g r a m ( 2 0 0 9 )
GRAPA
137
benefits of PRofessionalization
Amazingly, there is a great deal of professionalization that occurs in the creation of the Revenue Assurance discipline without a conscious effort on anyones part. Standard approaches, logical conclusions and common sense have pointed many companies in the same general direction without intrusion from outside forces. We are not saying that people in Revenue Assurance today are not professional or competent. We are saying that Revenue Assurance is naturally professionalizing itself. While this natural move towards professionalization is good, we believe that the process can become more effective and efficient for everyone. To do this, we need to overcome many of the operational, geographical and organizational blockages and participate in the conscious process of professionalizing.
GRAPA
138
A p p e n d i x A - T h e G R A PA C e r t i f i c a t i o n P r o g r a m ( 2 0 0 9 )
In an area as technically and operationally complex as Revenue Assurance, it is not typical for a top manager (CEO, CFO) to be intimately familiar with all the details and procedures required to perform the Revenue Assurance job. The manager will want to defer to the expertise of the professional when it comes to issues of strategy, next steps and alternative solutions. This trust in the expertise of the professional is integral to the relationship of professional and client and is the goal of most Revenue Assurance practitioners. The Revenue Assurance professionals are specialists who work hard for several years to master their craft. In the current environment, there is a good chance that this mastery will never be recognized, simply because the managers have no yardstick to fairly assess those capabilities. Professionalization allows practitioners to leverage appropriate value for investment in their craft. At the same time, the definition of a standard body of knowledge allows the Revenue Assurance practitioners to understand how to better manage their careers. What do they still need to learn? How should they channel their energies? Professionalization provides a career roadmap.
Vocabulary
One of the first challenges participants in Revenue Assurance face is that people use different terms to describe the same things; CDR and Interconnect for example. Very basic words and concepts carry a wide range of meanings from one telco to the next. A consistently applied vocabulary speeds up communication, simplifies the problem solving process, and increases our ability to share knowledge quickly.
Consistency
A standard body of knowledge will provide everyone involved with a consistency in the application, measurement and assessment of Revenue Assurance activities. Today, there are thousands of different, conflicting and confusing versions of what Revenue Assurance is, how to set KPIs for Revenue Assurance, and many other aspects of the practice.
GRAPA
139
Measurable Results
Professionalization of the discipline will establish clear criteria for measuring the professional effectiveness. How do you know if your Revenue Assurance team is producing value? How do you know the KPIs to which you are responding are correct?
Transference of Skills
Establishment of a core body of knowledge makes training, assessing and assigning people to different tasks infinitely easier. A standard body of knowledge is the foundation for the utilization of Revenue Assurance practitioners for maximum benefit.
Standards
The foundation for establishing any profession is a set of standards that the members of that profession subscribe to. For doctors, there is the Hippocratic Oath, Do no harm. For auditors, it is a code of ethics around dependability, impartiality and integrity.
GRAPA
140
A p p e n d i x A - T h e G R A PA C e r t i f i c a t i o n P r o g r a m ( 2 0 0 9 )
The integrity of the professional assures a manager or a co-worker that this professional can be trusted to deal with problems and issues in a productive manner and with integrity.
Practices
Standards define a set of principles and values, and provide a taxonomy for the definition of scope, objectives and approaches. Practices, on the other hand, define the actual details of how those standards are applied in the real world. Practices define what you need to know to do the job and include: 1. 2. 3. Subject Matter Knowledge and Domains Techniques (Ways to do things) Tools (Knowledge of software, hardware and other devices that assist in the carrying out of the job.
GRAPA
141
Techniques
Techniques specify how different levels of assurance are attained for domains. Practitioners must understand how the domain works and how the assurance level is accomplished before they can actually understand and apply specific techniques. Techniques include: 1. 2. 3. Conducting a billing audit Synchronizing HLR and the billing system Executing test calls
Tools
The Revenue Assurance practitioner must also be aware of the various tools available to do a job. Tools can include: 1. 2. 3. 4. Test call generators Fraud Management systems Network probes Business Intelligence systems
GRAPA
142
A p p e n d i x A - T h e G R A PA C e r t i f i c a t i o n P r o g r a m ( 2 0 0 9 )
Subscription
Professionalization will take place when the people practicing the profession identify themselves as professionals and publicly declare their subscription to the policies, principles and objectives of the professional body to which they subscribe.
What is Certification?
Professional certification is a designation or classification earned by a person to assure that this individual is qualified to perform a job or task. Certifications are earned from a professional association and, in general, must be renewed periodically. The certification process varies from one industry and trade to the next but usually includes: 1. 2. 3. 4. 5. A formal education requirement (body of knowledge) Proof of internship (actual experience) Proof of mastery of the subject matter (testing) Registration and subscription to the profession Commitment to refresh and continue education.
Certification creates a pool of qualified resources from which the hiring company can choose with a greatly reduced risk of hiring a person who is not competent, while at the same time greatly increasing the chances of getting a person who can serve as an expert in the area under consideration.
GRAPA
143
In addition to this benefit, pursuit of certification by an employee indicates a willingness to learn and a drive to excel that can help the manager better evaluate the relative merit of candidates. For the Revenue Assurance professional, certification offers the opportunity to enhance the persons body of knowledge, mastery of subjects, and recognition of that mastery in a controlled, measurable and quantifiable way. Certification gives the Revenue Assurance professional a competitive advantage in the work place, both through the knowledge it imparts with the status and assumption of competence it communicates.
Why Is It Required?
Why is certification for Revenue Assurance a requirement? We have identified several reasons.
GRAPA
144
A p p e n d i x A - T h e G R A PA C e r t i f i c a t i o n P r o g r a m ( 2 0 0 9 )
Cost to Administer
The cost to administer the program will obviously reflect greatly on the quality of the program. This will include: 1. 2. 3. 4. 5. 6. 7. 8. The cost to define the program and criteria The cost to market and sell the program to the industry (to get enough industry backing to make the funding model work) The cost to create training classes and other body of knowledge references (mechanism for the knowledge transfer to members) The cost to advertise, schedule, sell and administer training events The cost to develop tests The cost to administer, score and report findings of tests The cost to keep track of the individuals professional status (who has met which criteria) The cost to advertise and promote the professionals career after certification has been reached
Credibility
The success of the program will dependent greatly on the credibility that the industry, the telcos, and the individual professionals assign to it. It is not enough to say, This is the certification you should have. There must be substance (credible facts and information) and reference (prove of validity of the claims).
Ease of Attainment
The certification process must be designed so that it accomplishes its primary objective, which is the separation of the expert from the amateur. However, the criteria must not be set so high that only a privileged few can attend. This requirement impacts both the funding model and the depth and breadth of the body of knowledge to be managed.
Industry Acceptance
To provide value, the program must be accepted by a large percentage of the participants in the industry (telcos, vendors and consultants). Without a sound industry acceptance, the value of the program is weakened. This means that the program must be marketed and sold to ensure that value is attained.
GRAPA
145
Proof of Value
Part of the administration of the program must include testimonials or other proof of value. Otherwise is no objective assessment of its merit.
B. Classes (Training)
Based on this curriculum, a body of training materials must be prepared. The training material must be designed to do the best job possible of documenting and explaining each of the subject matter, technique, tool, operational, political and organization intelligence areas specified by the curriculum.
C. Testing
The fact that a person attended a class does not especially mean that this individual has learned the subject matter. A combination of training and testing is the best way to assure that the practitioner has actually mastered the required body of knowledge.
D. Experience Verification
As with most professional certification programs, it is important that certified professionals can prove that they can do the job, and not just talk a good story. Therefore, an experience verification component is critical.
GRAPA
146
A p p e n d i x B - T h e G R A PA B o d y o f K n o w l e d g e D r a f t
The following outline provides the reader with an overview of the various areas, domains and skills that have been defined as the current Body of Knowledge for the Revenue Assurance profession. Now that the GRAPA Standards have been ratified and published, the GRAPA organization will formalize and refine this Body of Knowledge and begin the systematic publication and verification of standard industry practices while continuing to refine the standards themselves. This draft is provided as a reference document for interested readers. The GRAPA Body of Knowledge for Revenue Assurance has been divided into the following major categories of knowledge: 1. Vertical Domain Knowledge The key information necessary to understand how each of the major vertical domains (systems and functions) works. A person with vertical domain knowledge understands the major processes, operations, policies, systems, and decisions involved in running that domain. This person can explain the major functions of the domain and how the area manages revenues. Horizontal Domain Knowledge The key information necessary to understand how each of the major horizontal domains (lines of business, product lines, service categories, rate plans etc.) works. A person with horizontal domain knowledge understands the major processes, operations, policies, systems, and decisions involved in tracing and processing revenue transactions across the entire domain (end-to-end). This person can explain the major functions of the domain and which departments, areas and systems are responsible for managing each part. Payment Channels Domain Knowledge The key information necessary to understand each of the payment channels that support the business operates. A person with payment channel domain knowledge understands how each payment channel works and the major processes, operations, policies, systems, and decisions involved in running that domain. This person can explain how these channels work and the common areas of revenue risk. Activation and Provisioning Domain Knowledge The key information necessary to understand how each of the activation and provisioning processes that support the business operate. A person with activation and provisioning domain knowledge understands how each provisioning process works and the major processes, operations, policies, systems, and decisions involved in running that domain. This person can explain how activation and provisioning works and the common areas of revenue risk. New Product Development Domain Knowledge The key information necessary to understand how the new product development process works. It includes an understanding of the gateway management approach to product development and the role of billing architectures design, exchange analysis, and market assurance as they relate to product development.
GRAPA 147
2.
3.
4.
5.
6.
Fraud Management and Crime Detection Domain Knowledge The key information necessary to understand each of the major categories of fraud risk and fraud management processes. A person with fraud management and crime detection domain knowledge understands the major processes, operations, policies, systems, and decisions involved in running fraud management operations. This person can explain how fraud management works and what the common areas of revenue risk are. Techniques Knowledge The techniques knowledge area consists of information about how to organize Revenue Assurance activities, define strategy, KPIs, and specific techniques related to the planning, development and execution of forensics, corrections, controls management, and compliance. Tools Knowledge Tools knowledge focuses on the use of Revenue Assurance applications and appliances that the Revenue Assurance professional utilizes to assist with activities.
7.
8.
GRAPA
148
A p p e n d i x B - T h e G R A PA B o d y o f K n o w l e d g e D r a f t
5.
Broadband a. DSL b. Cable c. 3G d. WiFi e. WiMax 6. IP a. Internet b. VoIP c. IPTV 7. Wireless Transport a. Microwave b. MMDS/LMDS c. Satellite d. VLF 8. Facilities Security 9. Network-related Fraud Vulnerabilities 10. Network Operations and Controls
GRAPA
149
GRAPA
150
A p p e n d i x B - T h e G R A PA B o d y o f K n o w l e d g e D r a f t
GRAPA
151
GRAPA
152
A p p e n d i x B - T h e G R A PA B o d y o f K n o w l e d g e D r a f t
6. 7. 8. 9. 10. 11.
Profitability and Revenue Integrity Issues for this Line of Business KPIs and Objectives Key Operational Components Staffing, Roles and Responsibilities Revenue Capture, Revenue Assurance and other Revenue-related Aspects of the Line of Business Known and/or Common Risk Areas (Fraud, Leakage, Margin, Utilization, Market) for this Line of Business and Typical Remedies and Forensic Techniques
GRAPA
153
6. 7. 8. 9. 10.
Profitability and Revenue Integrity Issues for this Line of Business KPIs and Objectives Key Operational Components Staffing, Roles and Responsibilities Revenue Capture, Revenue Assurance, and other Revenue-related Aspects of the Line of Business
A p p e n d i x B - T h e G R A PA B o d y o f K n o w l e d g e D r a f t
GRAPA
155
6. 7. 8. 9. 10. 11.
Profitability and Revenue Integrity Issues for the Payment Channel KPIs and Objectives Key Operational Components Staffing, Roles and Responsibilities Payment Capture, Revenue Assurance, and Other Revenue-related Aspects of the Payment Channel Known and/or Common Risk Areas (Fraud, Leakage, Margin, Utilization, Market) for this Payment Channel and Typical Remedies and Forensic Techniques
GRAPA
156
A p p e n d i x B - T h e G R A PA B o d y o f K n o w l e d g e D r a f t
3. 4. 5. 6. 7. 8.
Contractual, Regulatory and Service Level Constraints Associated with this Payment Channel Typical Pricing Models and Rating Issues for this Payment Channel Overall Measures and Controls for the Payment Channel Profitability and Revenue Integrity Issues for the Payment Channel KPIs and Objectives Key Operational Components
GRAPA
157
techniques Knowledge
This category of knowledge is associated with the actual practice of Revenue Assurance including the disciplines, standards, operating principles, and methodologies.
GRAPA
158
A p p e n d i x B - T h e G R A PA B o d y o f K n o w l e d g e D r a f t
GRAPA
159
GRAPA
160
A p p e n d i x B - T h e G R A PA B o d y o f K n o w l e d g e D r a f t
GRAPA
161
tools Knowledge
This category of knowledge includes information about the primary tools utilized in the support of Revenue Assurance activities.
VIII.B. Probes
1. 2. 3. 4. 5. 6. 7. Features, Functions and Operational Characteristics of Probes Top 3 Probes Feature Review Probes Specifications Options Selecting Probes Probes RFP Procedures Staffing for Probes Probes Reporting and Optimization
GRAPA
162
A p p e n d i x B - T h e G R A PA B o d y o f K n o w l e d g e D r a f t
6. 7.
Staffing for Parallel Rating Engines Parallel Rating Engines Reporting and Optimization
GRAPA
163
GRAPA
164