Enterprise Risk Management

March 2012 | www.tmforum.org

INSIGHTS RESEARCH

Free to members$1,750 where sold

Enterprise risk management:Protecting profits, keeping customers

Sponsored by:

Report prepared for Giorgio Grasso of Capgemini Service (TME-GSA). No unauthorised sharing.

ENABLING SIMPLICITYBeing a service provider in today’s market isn’t easy. Delivering the right level of service, at the right price - and making a profit – is a tall order. To succeed, your business needs to run with maximum agility, simplicity and efficiency.

As the global industry association focused on simplifying the complexity of running a service

provider’s business, TM Forum is collaboratively delivering the standards that are taking the cost and risk out of, and putting the flexibility into, running your business. Visit www.tmforum.org today to join the world’s leading service providers who are using our Frameworx standard to enable simplicity.

M2M Report.indd 2 01/03/2012 14:39


3www.tmforum.org INSIGHTS RESEARCH

© 2012. The entire contents of this publication are protected by copyright. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means: electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publisher, TeleManagement Forum. TM Forum would like to thank the sponsors and advertisers who have enabled the publication of this fully independently researched report. The views and opinions expressed by individual authors and contributors in this publication are provided in the writers’ personal capacities and are their sole responsibility. Their publication does not imply that they represent the views or opinions of TeleManagement Forum and must neither be regarded as constituting advice on any matter whatsoever, nor be interpreted as such. The reproduction of advertisements and sponsored features in this publication does not in any way imply endorsement byTeleManagement Forum of products or services referred to therein.

Report authors:Rob Rich, Managing Director, TM Forum Insights [email protected]

Tony Poulos, Market Strategist, TM [email protected]

Publications Managing Editor:Annie [email protected]

Editor:Claire [email protected]

Creative Director:David [email protected]

Commercial Sales Consultant:Mark [email protected]

Publisher:Katy [email protected]

Client Services:Caroline [email protected]

Corporate Marketing Director:Lacey Caldwell Senko [email protected]

Report Design:The Page Design Consultancy Ltd

Head of Research and Publications:Rebecca [email protected]

Advisors:Keith Willetts, Non-executive Chairman, TM Forum

Martin Creaner, Chief Executive Offi cer, TM Forum

Nik Willetts, Senior Vice President ofCommunications, TM Forum

Published by:TM Forum240 Headquarters PlazaEast Tower, 10th FloorMorristown, NJ 07960-6628USAwww.tmforum.orgPhone: +1 973-944-5100Fax: +1 973-944-5110

ISBN: 978-0-9852058-4-3

Page 4 Executive summary

Page 6 Section 1Understanding enterprise risk management

Page 9Section 2Credit and collections management

Page 14Section 3Fraud management

Page 22Section 4Strategies for customer retention

Page 28Section 5Revenue assurance

6Section 6How do service providers view risk management, and how should they proceed?

Page 42Sponsored features

ENTERPRISE RISK MANAGEMENTPROTECTING PROFITS, KEEPING CUSTOMERS



4 www.tmforum.orgINSIGHTS RESEARCH

Risk is an inherent, pervasive aspect of our daily existence, affecting us in both our professional and personal lives. In order to mitigate or profit from risk, whether consciously or unconsciously, individuals and organizations routinely practice various forms of risk management.

TM Forum’s Risk Management for Communications Service Providers Guidebook (GB952) defines risk as: “An uncertain event or set of events that, should they occur, will have an effect on the achievement of objectives.”

Effective risk management involves the identification, assessment and prioritization of risks (whether they be positive or negative), in conjunction with some sort of response (planned or unplanned) which generally involves the application of corporate resources for risk monitoring, discovery and minimization/optimization of risk-related events. Clearly, proficiency with risk management can make a huge difference in maintaining the health of an individual or organization.

To provide a better sense of the types of risk inherent in the operation of a service provider, we provide in Section 1 a sample ‘risk universe’. This shows 28 categories of risk, ranging across domains such as markets, financial aspects, human resources, environment, privacy and security, supply chain, legal, regulatory, network operations and many others – reinforcing the need for proficient and proactive risk management programs.

While the full range of the risk universe is well beyond the scope of this report, Sections 2 through 5 focus on four key operational areas of risk management for any service provider, namely:

credit and collections management; fraud management; churn management; revenue assurance.

Executive summary

We believe that each of these disciplines is important both to service provider profitability and to preservation of customer relationships.

The profitability aspect for each of these is easy to see. Proper credit management can avoid expending resources on customers who cannot or will not pay. Collections management can be prohibitively expensive, especially if litigation is involved. Fraud management can help to avoid expending resources on users who have no intention of paying, but also can result in the elimination of some fraudsters through legal action, protecting future profits.

Churn management can lower customer management costs and limit acquisition costs, as well as ensuring a continuing revenue stream from retained customers. Revenue assurance can identify and capture revenues that have already been earned, increasing both the top and bottom line.

Less obvious is the impact on customer experience (CE). While not as influential to CE perhaps as high-performance services or personalization, getting the bills right, fighting fraud and catching dissatisfaction early through churn analysis can provide customers with feelings of greater predictability and security, increasing confidence and trust, and providing great simplicity. Simplicity and trust are important customer requirements, and great brand builders. In addition, better credit management can give service providers more confidence to provide better offers to customers, also potentially increasing satisfaction and loyalty.

Each of these sections looks at the current situation and likely future developments, and makes recommendations for approaching these challenges more effectively.

A great deal of effort has been expended over the last decade or so in providing guidance pertaining to risk management. A number of risk management standards have emerged, fostered by efforts from the Project



Management Institute, the National Institute of Science and Technology, the International Organization for Standardization, TM Forum and a variety of other bodies. Still, there is much work left to do for many service providers to develop broad proficiency in risk management.

When we asked service providers to do a quick self-assessment on their risk management proficiency versus other industry players, only 21 percent of respondents ranked themselves as leaders or above average, whereas 37 percent rated themselves as below average.

In addition, when asked about their top three drivers for risk investment, 72 percent cited findings from audits, clearly a reactive stance. There is some good news as well though; 56 percent said that a chunk of their risk management investment was driven by strategic planning at the corporate level, and 61 percent said they had improved their risk management profile through implementation of best practices at the departmental level, so there are clear pockets of proactivity here.

Respondents also identified their top risks over the next three years, with customer retention and growth leading the way, privacy and security second, and achievement of financial targets third.

While the service providers we spoke with have deployed widely varying approaches over the years, it is increasingly clear that service providers need to take the initiative to focus strategically and holistically on risk management, or they will be driven to recurring

tactical and reactive responses by external and internal forces, and their profitability and customer relationships will most certainly feel the effects.

Service providers should plan to conduct an annual risk assessment, identifying what defines key risks and perceived impact, prioritizing the aspects of each of the risks, and determining priorities. In conducting the assessment, service providers should broaden the scope beyond traditional financial and regulatory risks, considering the full value chain and the environment it operates in.

They may find it useful to conduct some scenario planning to evaluate the full impact of the more significant risks, and provide these as input to the strategic planning process. From there, they will need to evaluate their ability to manage or respond to risk-related events, and how well those response processes are integrated into their operating processes.

Finally, service provider senior management must determine their priorities and embed them into their action plans. This may seem straightforward to seasoned managers, but the road to enterprise risk management is fraught with challenges, many of which are delineated in Section 6 of this report.

As our industry transforms, with broader service portfolios, new technologies, extended value chains and increased competition, proficiency in enterprise risk management will become even more critical to service provider profitability. After all, at its most basic level, risk management is about creating value in harmony with the enterprise mission, goals and strategy.

Service providers must determine their priorities and embed them into their action plans

“As our industry transforms, with broader service portfolios, new technologies, extended value chains and increased competition, proficiency in enterprise risk management will become even more critical to service provider profitability.”




Understanding enterprise risk managementSection 1

In a sense, risk management is as broad and deep as life itself, and something we practice virtually every day, knowingly or not. There is inherent risk in most things we do, and many of the products we use and processes we adhere to are designed to mitigate or reduce those risks. Risk applies to the action of every living being, including enterprises, and proper management can make a huge difference in quality of ‘life’ or in avoidance of death for an organism.

So how do we define risk management? TM Forum’s GB952, Risk Management for Communications Service Providers Guidebook1, defines risk as, “An uncertain event or set of events that, should they occur, will have an effect on the achievement of objectives.”

Risks can come from virtually anywhere, often driven by financial or economic change, political change, criminal activities, program or project failures, accidents, natural causes, initiatives from competitors (direct or indirect) or even from poor planning and execution.

Accordingly, effective risk management involves the identification, assessment and prioritization of risks (whether they be positive or negative), in conjunction with some sort of response (planned or unplanned) which generally involve the application of corporate resources for risk monitoring, discovery and minimization/optimization of risk-related events.

A number of risk management standards have emerged, fostered by efforts from the Project Management Institute, the National Institute of Science and Technology, the International Organization for Standardization and a variety of other bodies. TM Forum has also formed a Risk Management collaboration group and produced documents such as the afore-mentioned GB952. GB952 recognizes and provides perspective on a number of the

standards developed by other organizations in the specific context of the service provider, and therefore we will refer frequently to it in this report. Risk management goals, definitions and processes vary broadly according to context, nature and perceived impact, and may involve a variety of organizations within the enterprise, as well as a number of external entities, such as partners, government agencies (such as regulators, law enforcement agencies, public health and safety agencies) and financial institutions, among others.

Understanding the risk universe As noted above, risk must first be identified before one can plan to manage it. The ‘risk universe’ shown in Figure 1-1 is an example, drawn from GB952. While we will not attempt detailed definitions of each of these categories, it is easy to see the potential breadth that enterprise risk managers must deal with. This particular example enumerates 28 categories.

As noted above, each of these areas will have their own risk management goals, definitions and processes according to context, nature, organizational involvement and perceived impact, as well as varying levels of investment by each service provider. Importantly, each of these areas must be at least assessed and the impact understood, estimated, characterized and hopefully quantified if the service provider is to demonstrate a prudent approach to risk management.

The scope of risk management is far too broad for a single market report to deal with in any depth. Indeed, many of the components of the risk universe could easily require a full report on their own. Accordingly, we have chosen four important elements of risk management on which to focus. They are: 1www.tmforum.org/RiskMgmtV1.1


www.tmforum.org/RiskMgmtV1.1


This report focuses on four essential elements of risk management

Credit and collections management. Credit management is an important and widely practiced set of activities aimed at increasing sales revenue through extension of credit to customers who are thought to be a good credit risk, and minimizing risk of loss of revenue resultant from bad debts by restricting or denying credit to customers who are not a good credit risk. We also delve into collections, but to a lesser extent, as we believe that an effective credit management function is essential in obviating collection risk and expense.

Fraud management. Fraud management seeks to minimize the impact of intentioned actions by an individual, group or enterprise to receive through deception products, services and/or revenues from the target service provider(s) without remitting expected value for those products or services.

Churn management. Churn management (sometimes called customer retention management) seeks to prevent or minimize the impact of the loss of customers to direct and indirect competitors.

Revenue assurance. Revenue assurance seeks to minimize the impact of revenue leakage, by reducing or avoiding it. Fundamentally, it is about accurately billing for customers’ use of products and services and securing all revenue due.

We have chosen these four areas partially because the threats they address are relatively well understood and seen to be significant, and because, generally speaking, process-oriented and software solutions exist that can be deployed by service providers. But we have also chosen them because of the impact that they have on profitability, and the secondary

Figure 1-1: Risk universe for service providers

Liquidity & Credit Market Capital Structure Accounting &Reporting

Tax Legal Code of Ethics Regulatory

Revenue Integrity Cost Integrity Fraud Supply Chain

Physical Assets NetworkOperations HazardsInformation

Technology

People Sales, Marketing & Customer Service

Communications & Investor Relations

Market Dynamics & Commercial

Mergers, Acquisitions & Divesture Major Initiatives Programmes Planning &

Resource Allocation

Governance Geopolitical Privacy & Information SecurityEnvironment

Source: TM Forum’s GB952, Risk Management for Communications

Service Providers Guidebook




and often forgotten impact they have on customer experience.

The profitability aspect for each of these is easy to see. Proper credit management can avoid expending resources on customers who cannot or will not pay. Collections management can be prohibitively expensive, especially if litigation is involved. Fraud management can also avoid expending resources on users who have no intention of paying, but also can result in the elimination of some fraudsters through legal action, protecting future profits. Churn management can lower customer management costs and limit acquisition costs, as well as insuring a continuing revenue stream from retained customers. Revenue assurance can identify and capture revenues that have already been earned, increasing both the top and bottom line.

In addition to the profitability angle, effective programs in these areas can improve the customer experience. While not as influential to customer experience perhaps as high-performance services or personalization,

getting the bills right, fighting fraud and catching dissatisfaction through churn analysis can provide customers with feelings of greater predictability and security, increasing confidence and trust, and providing great simplicity. Readers of our customer experience reports2 know that simplicity and trust are important customer requirements.In addition, better credit management can give service providers more confidence to provide better offers to customers, also potentially increasing satisfaction and loyalty.

Despite these benefits, not all service providers are adept or willing practitioners of risk management. Many people we spoke with feel that risk management is still being seen as an expense as opposed to an investment or an important operational cost. Others say that while it is increasing in importance due to regulatory pressure, it’s unlikely their company will address it at what they believe to be the appropriate level. These statements are not without merit, and we will address ways of approaching investment in risk management in Section 6.

“Many people we spoke with feel that risk management is still being seen as an expense as opposed to an investment or an important operational cost.” 2www.tmforum.org/insightsCEM


www.tmforum.org/insightsCEM


Prevention better than cure when it comes to credit management

Credit and collections managementSection 2

Credit management is an important and widely practiced set of activities. It is aimed at increasing sales revenue through extension of credit to customers who are thought to be a good credit risk and minimizing risk of loss of revenue resultant from bad debts by restricting or denying credit to customers who are not a good credit risk.

The credit management function within many companies also frequently includes the collections function, which seeks to recover past due accounts receivable from delinquent customers. Generally speaking, the effectiveness of credit management lies in the activities used for judging the credit worthiness of a prospect, rather than in procedures used in collecting the owed amounts, as the collections process can be long-lived and expensive.

The old maxim “an ounce of prevention is a worth a pound of cure,” surely applies here. TM Forum developed and constantly refines its Revenue Assurance Maturity Model with this in mind, see page 13 for more details.

Deployment of proper and up-to-date credit and collection management processes have always been important for prudent service providers, but perhaps now it is more important than ever to deploy these practices. This is true for a number of reasons, such as:

Economic factors have wreaked havoc on many small business and consumers, and many may have experienced changes in their credit status.

Fraudsters are becoming more sophisticated in their attempts to obtain credit, and the Internet provides an efficient mechanism for distribution and discovery of fraudulent methods of obtaining credit. Indeed, stolen and forged identities are a growing problem across the globe.

The cost of chasing delinquent accounts is increasingly expensive.

High-value customers who pay their bills in a timely fashion are increasingly difficult to acquire and retain, giving rising levels of competition and saturation of markets.

Service providers must take a proactive approach to updating their credit practices, integrating them with their marketing philosophies and tying activities more tightly to the enterprise view of customer lifecycle.

Tying credit risk management to marketing philosophy Before establishing credit management practices and metrics, it is important to understand the philosophy of the organization, and its appetite for risk. Companies may range from being risk averse, to accepting minimal risk, simply be a bit cautious, or be ‘hungry’ or aggressive in their pursuit of business rewards, accepting (or in some cases, ignoring) the inherent risk in their strategies.

In many cases, aggressive acquisition strategies have led to risk management best-practices being de-prioritized, resulting in accelerated customer acquisition, but also in substantial increases in bad debt and fraud levels and the acquisition of more than expected lower-ARPU customers putting pressure on margins.

Aggressive acquisition often exposes issues in various places, like marketing operations, sales channel management, credit-risk and fraud management. Management practices and metrics must be addressed to reduce resultant exposure to bad debt to acceptable levels. While some may want to blame bad debt and delinquency primarily on the state of economic affairs, the credit management processes and thresholds set in those processes are often equally responsible.




At a minimum, it is important for companies to attempt to quantify the risks inherent in their business approach and attempt to address them appropriately before implementing the approach. It is also important for the credit management function to participate in this assessment as both a provider of information and a developer of processes and metrics based on the resultant risk appetite. Conformance to corporate strategy here is critical to the organizations’ ability to execute.

Managing credit exposure: Tying credit management to the customer lifecycle Many service providers have been relatively one-dimensional in their risk management practices, with assessment typically occurring only at the time a new customer is acquired. In this case, once the customer is activated, they may have a sort of ‘free reign’ until problems present themselves. Of course, exposure is higher during times of economic hardship, as some portion of the customer base will likely suffer hardships that impact their ability to pay, and this could occur any time during the life of their relationship.

Accordingly, service providers are now realizing that checks should be done more frequently, at events like contract renewal, service upgrades and new device activations. A more proactive approach might be as part of campaign management – check credit status prior to making an offer; it’s also possible that a customer or prospect’s credit has improved, and they might be eligible for new offers. In addition, several of the service providers we spoke with are monitoring their customers’ usage to avoid an excessive buildup of their receivables balance over their current usage period. While this is generally done on a periodic (perhaps daily) basis, some are looking at real-time balance monitoring.

Getting a better view: Segment your base by creditworthinessAdditionally, service providers should consider segmenting their customers more finely in

terms of risk. For many service providers, a customer is viewed as simply creditworthy or not at the time of initial acquisition. This is fine at the point of initial assessment, as it is in context of the goods and services they are purchasing, but what if they are looking to upgrade, or the service provider is considering them for an outbound offer? This segmentation can be tailored to the service provider’s objectives, but even rating an account a high, medium or low risk is preferable to today’s approach of pass/fail at a given point in time. Credit status could also be a factor used in determining Customer Lifetime Value (CLV), an important concept in shaping customer experience.

An advanced technique might include implementation of behavior scoring, quantifying the risk associated with each individual customer based upon a number of factors, such as payment history, percentage of available credit taken, original credit score and customer demographics. In fact, behavior scoring has been used in other industries to effectively predict credit risk in a number of cases.

Adding a carrot to the stick: Rewards for good behaviorFinally, periodic credit assessment can be used to influence behavior and customer satisfaction. In addition to qualifying for new offers, customers with lower risk profiles might be periodically offered perks, like temporary grants of additional voice minutes, data capacity or usage, or perhaps an offer to try a value added service (VAS) for free or at a low cost.

This not only rewards their good behavior, it potentially increases loyalty, and may result in additional revenue if the customer enjoys a new VAS offered, and decides to buy more of it. Very few service providers offer perks based on good credit history, but this it is not uncommon in other service-based industries – after all, these are customers that service providers generally want to keep.



Extracting payment is challenging and can often be an expensive exercise

Collections: Managing receivables for maximum returnsNo matter how carefully planned the assessment and exposure management processes, service providers are inevitably bound to suffer receivables challenges. Collections are a real challenge for service providers, as chasing delinquents is a resource-intensive exercise with limited results. Extracting payment from unwilling or economically challenged debtors is an expensive exercise, and it is often impossible to recover the full amount of the exposure, making the service provider settle for a fraction of the sought amount.

In addition significant fees are also due to collection agencies for their efforts. In more extreme cases, where litigation is involved, costs may be much higher. Of course, all of these remedial approaches assume that the debtor is well-known and can be reached. In many cases, debtors may simply ‘disappear’, resulting in a total write-off even after an extensive and expensive search. This in a nutshell is why we maintain that an ounce of prevention is worth a pound of cure.

These come in a variety of flavors and it is important for service providers to recognize the differences between these categories of payment risk if they are to avoid increased costs, dissatisfied customers and reduced process effectiveness.

Essentially there are four types of risk: The first is those customers who have good intentions, but cannot afford to pay. This is perhaps the purest form of bad debt, and can be dealt with in a variety of ways, potentially preserving the long-term relationship if the customer can be put on a payment plan and correct their behavior. Service providers must have the data to assess the ongoing value of the relationship, based on CLV, and if they continue the relationship, must dynamically manage the ongoing situation to ensure that things are not spinning out of control. They

must also have tools to address this in a very efficient manner if they are to garner any profit from the customer.

The second case is customers who have the ability to pay but refuse to pay, or simply have not paid for some reason. This may be due to some sort of dissatisfaction, and they may be seeking attention to their issue in withholding payment, or it could be as simple as a bill that was lost or not delivered to the correct address. This may be a customer with unreasonable demands or one that has

What can Business Benchmarking do for you?More than 170 service providers from over 65 countries use perfor-mance data from TM Forum’s Business Benchmarking Program to improve efficiency and effectiveness. It is free to TM Forum members who are service providers. Participants receive free, secure, individual-ized reports showing their performance against each metric and have access to broader results and statistics in the benchmarking database. Aggregated results are available for a fee to non-participating service providers.

Service providers pool critical industry data through a secure, independently audited web-portal.

The Program was developed, and is constantly refined, by service providers, for service providers. It uses quantitative metrics ranging from tactical to business performance data.

TM Forum’s Business Benchmarking Program is based on the comprehensive set of business metrics defined in our Frameworx suite of standards. It allows you to compare your business and operational performance against the rest of the industry.

In addition, TM Forum benchmarking studies, proposed by service providers, help you measure the impact of changes in your business, providing a balanced scorecard across finance, customer service and operations. Benchmarking before and after projects allows you to assess how much you have improved, and where you stand against your targets. These regular studies provide updates on industry shifts and trends.

For details of upcoming studies or to participate, please contact Chyrssa Dislis, Senior Manager, Business Benchmarking, [email protected]




a legitimate issue to be addressed. Service providers need processes to quickly assess the issue and the customer’s risk going forward, and should be cognizant of the CLV in addressing the customer. To do this they need an efficient, rapid way to move the customer out of collections and into the customer support organization. If the customer remains and the problem is solved, service providers should consider close monitoring of these customers, as further problems may be discovered and solved before the issue again escalates to collections.

Habitual late payers can be a problem for the service provider, but these issues should be able to be proactively addressed prior to the collections process through a variety of techniques, including proactive monitoring and reminders, late payment charges, temporary interruption of service, credit term adjustment and other techniques. Again, it is important to understand the nature of the customer and if there other mitigating factors contributing to the behavior.

The final category here are those subscribers whose intent is to deceive and defraud and have no intention of paying. Clearly the best solution here is to implement effective credit assessment up front to minimize subscription fraud.

In addition, the avoidance of bad debtors seeking to re-enter into relationships either through exploitation of deficient assessment practices, or use of fraudulent identities. Service providers need behavioral profiling tools to help them detect fraudulent

or inappropriate re-entry and address these issues.

In the final analysis, the means must fit the case and the end in the collections process. Service providers must remember that different customers introduce risks for different reasons and must be dealt with accordingly.

Another factor that should be clear (if not obvious) to service providers is the use of a variety of customer contact channels for collections. This can improve the amount of revenue collected and realize significant cost efficiencies, and many service providers already have these capabilities available in their contact centers.

Common tools such as SMS or email can be used here, in addition to traditional voice channels. Service providers also have the ability to implement hot lining, which automatically routes outbound calls from a mobile phone into the collections contact center. This can be a very effective tool.

In summary, service providers have the opportunity to reduce their credit exposure, reduce customer attrition rates, increase customer satisfaction and ultimately improve their profitability through proper credit and collections management. But for many, this will require significant upgrades in the business practices, processes, metric development (see box on page 11) and systems they deploy today, as well as a change in view of credit risk management from a relatively static, infrequently addressed issue to one closely tied to the customer lifecycle, and to customer experience.

“Service providers have the opportunity to reduce their credit exposure, reduce customer attrition rates, increase customer satisfaction and ultimately improve their profitability through proper credit and collections management.”



TM Forum’s Revenue Assurance Maturity Model brings great benefits to members

Figure 2-3: Revenue Assurance Maturity Model

OrganizationHow a business organizes its revenue assurance (RA) responsibilities highlights the alignment between the goals of the business as a whole and the goals of the RA organization. Organizational fit is also a reflection of the business culture and the extent to which the business culture is suited to genuinely adopting RA objectives.

PeopleThe maturity of RA can in part be gauged from the number and skill of human resources dedicated to RA or providing secondary support.

InfluenceThe ability to proactively instigate, manage and deliver change is a sign of mature RA. Influential RA delivers financial rewards to the business and a mechanism to continuously improve the efficacy of RA against its full potential.

ToolsThe use of tools is one of the most tangible guides to RA maturity. However, maturity relates to the cleverness of design and implementation, the synergistic use of tools to meet multiple business objectives, and the blend of activities supported by automation as well as the raw processing power, number and cost of tools.

ProcessRA involves the improvement of processes, but is itself a high-level process containing many detailed processes that should be improved over time.

Increasing maturity

Low Medium High

Who Frequently new ventures or older

services where ROI is not clear

Majority of CSPs who have had an active RA

program for several years

Typically CSPs with a strong commitment

to RA

Good performance

Establishing a functioning RA

department

Identifying and recovering leakage

Establishing repeatable processes to track

leakage

Where possible prevent leakage

Establishing repeatable processes to prevent

leakage

Figure 2-2: The progression of revenue assurance maturity

1. Ad-hoc, chaotic. Dependent on individual heroics.2. Basic project/process management. Repeatable tasks3. Standardized approach developed. Designing-in control commences.4. Leakage quantitatively understood and controlled.5. Continuous improvement via feedback. Decentralized ownership, holistic control.

Figure 2-1: The phases of revenue assurance maturity

1. Initial

2. Repeatable

3. Defined

4. Managed

5. Optimizing

TM Forum’s Revenue Assurance Maturity ModelTM Forum’s Revenue Assurance Maturity Model is part of TM Forum’s Revenue Assurance Solution Suite (GB941). Well established and widely used throughout the industry, it has been refined and honed by our members over a long period and has brought great business benefits to many of our members.

You can read about real-life successes in the TM Forum Case Study Handbook – in the 2011 version, QTel Group (page 10) gained business benefits, in millions of dollars. The 2012 version includes case studies from Telefonica O2 Slovakia (page 8), Greece’s Cosmote (page 20), Verizon Retail (page 27), True Corporation (page 22) and UNE EPM Telecomunicaciones (page 32). For further details, visit www.tmforum.org/CaseStudyHandbook

We are working on ways of measuring revenue assurance, to demonstrate the direct link between progress through the Maturity Model and the decrease in revenue leakage (see box on page 35).




Fraud managementSection 3

IntroductionFraud, it seems, has been around almost as long as the communications industry and has evolved along with the industry, growing to more than $40 billion in damages per annum, by some estimates. Fraud activity has been resilient, adapting to myriad new technological introductions and growing significantly, although growth has been attenuated somewhat by the broad adoption of fraud management processes and tools by vigilant service providers.

Some of the earliest fraud, starting in the 1960s on the Public Switched Telephone Network (PSTN), involved ‘phreaking’, or using a variety of boxes (red, back, blue) to signal tones that could take control of the network and avoid billing for calls. Among the more famous pranksters were Steve Wozniak and Steve Jobs, founders of Apple Computer, according to Wozniak’s book iWoz: Computer Geek to Cult Icon: How I Invented the Personal Computer, Co-Founded Apple, and Had Fun Doing It.

On one occasion Wozniak claims to have dialed Vatican City, identified himself as Henry Kissinger and asked to speak to the Pope. In addition, wiretapping and account fraud created further problems. First-generation analog mobile networks also suffered account fraud as well as cloning of phones and tumbling, a scheme that exploited first-generation roaming system weaknesses.

The second generation of wireless technology introduced the first wave of digital technology and expanded global adoption significantly through cheaper standards-based handsets and better roaming. It also solved some of the analog security problems. But this expansion also brought with it a whole new round of fraud, including premium-rate services fraud, roaming fraud, SIM-boxing, call-selling fraud, and many other schemes. Fraud also is

not limited to users, but can be perpetrated by dealers or other partners. In addition, advances to digital private automatic branch exchange (PABX) systems brought new opportunities for fraudsters.

As services and technologies exploded in the 1990s and beyond, the industry introduced new technologies such as 3G/UMTS, WiMax, Wi-Fi, xDSL, DTTH, IPTV, end-to-end IP networks, all manner of digital content and many sophisticated applications. Perhaps most relevant to fraudsters, it has also brought true global expansion of digital technology, and communications networks and mass market digital devices. While most of the new technology so far has not spawned many more creative fraud schemes, the sheer scale of expansion has created opportunities for fraudsters, especially in targeting less vigilant or fraud-aware service providers.

Moreover, as we will explore later, the expansion of technologies and scope of implementation will almost inevitably lead to more fraud opportunities.

Definition and sizingOf course, many episodes and types of fraudulent behavior can take place throughout the extended service provider enterprise; virtually any business or administrative process is subject to fraud, and creative minds over the years have spawned myriad ways to perpetrate fraud. Moreover, it can extend throughout the value chain. Figure 3-1, drawn from the TM Forum’s Fraud Classification Guide v1.1, document GB954, shows the broad scope of fraudulent behavior, identifying more than 70 types of fraud.

For the purpose of this report, we will limit our definition of fraud to the following, which is consistent with the TM Forum’s collaboration



Many types of fraudulent behavior can take place throughout the extended service provider enterprise

group definition: “Communications fraud: The intentioned action(s) by an individual, group (e.g. syndicate), or enterprise (e.g. partner) to receive, through deception, products, services

Fraud types

Focus: (I) internal (W)

wholesale (E

) enterprise, (C

) consumer, other

Fixed line telephony

Mobile telephony

Data services (M

obile)

Data services (broadband

DS

L and cable)

Data services

(enterprise PTP

)

Data services

(hi-cap and backhaul)

Video (cable, satellite, IP

)

Subscriber fraud C, I x x x x x x

Misappropriation of assets – Theft C, I x x x x x x x

Misappropriation of assets – Embezzlement I x x x x x x x

Misappropriation of assets – Lapping I x x x x x x x

Misappropriation of assets – False invoicing I, Supplier x x x x x x x

Misappropriation of assets – Long firm fraud Customer x x x x x x x

Inventory fraud I x x x x x x x

CNAM fraud W x x

Wangiri call back fraud C x

Financial misreporting – Revenue falsification I x x x x x x x

Financial misreporting – Expense capitalization I x x x x x x x

Financial misreporting – Understating liabilities I x x x x x x x

Financial misreporting –Misallocation of cash I x x x x x x x

Bribery – Cash I x x x x x x x

Bribery – Labor I x x x x x x x

Bribery – Holiday I x x x x x x x

Bribery - Sponsorship I x x x x x x x

Bribery – Consultancy fees I x x x x x x x

Bribery – Credit cards I x x x x x x x

Extortion and blackmail I, Other x x x x x x x

Kidnap – Stranger Other* x x x x x x x

and/or revenues from the target service provider(s) without remitting expected value for those products or services.”

Figure 3-1: Communications fraud category matrix Source: TM Forum Fraud Classification Guide v1.1




Fraud types


wholesale (E

) enterprise, (C

) consumer, other


Mobile telephony

Data services (m

obile)


DS

L and cable)

Data services

(enterprise PTP

)

Data services



)

Kidnap – Political Other* x x x x x x x

Kidnap – Tiger (abduction forms part of a robbery, murder, or any other crime) Other* x x x x x x x

Money laundering Other* x x x x x x x

Insider dealing I,W x x x x x x x

Procurement fraud I x x x x x x x

Payroll fraud – Ghost employees I x x x x x x x

Payroll fraud – Payroll adjustments I x x x x x x x

Expense fraud – False claims I x x x x x x x

Expense fraud - Undisclosed credits I x x x x x x x

Expense fraud – Inflated claims I x x x x x x x

Treasury fraud I

Bypass – Trombone W x x x x x x x

Bypass – SIM-boxes W x x x

Bypass – Fixed cell terminals W x x

Bypass – Premicells W x

Bypass - GSM/UMTS gateways W x x

Bypass – Landing fraud W x x

Bypass – VoIP bypass W x x

Bypass – Interconnect fraud W x x

Bypass – Toll bypass W x x x

Bypass – Third country fraud W x x

Bypass – Grey routing W x x

Bypass – Int’l simple resale W x x

Missing trader fraud Other* x x x x x x x

Carousel fraud Other* x x x x x x x

Roaming fraud C, I x x

Cloning fraud C x x

Spamming – Malware C x x x x

Spamming – Spoofing C x x x x

Spamming – IP/phishing C x x x x

Int’l revenue share (IRSF) W x x x

PBX hacking fraud W,E,Other x x

IP – Subscription or identity C x x x x



Many types of fraudulent behavior can take place throughout the extended service provider enterprise

Fraud types


wholesale (E

) enterprise, (C

) consumer, other


Mobile telephony

Data services (m

obile)


DS

L and cable)

Data services

(enterprise PTP

)

Data services



)

IP – AIT/click fraud W x x x x

IP – DoS (denial of service) E x x x x

IP – Content sharing E,C x x x x

IP – Identity trading C x x x x x

IP – Spyware E,C x x x x

IP – Pharming E,C x x x x

IP – Online brand threats E x x x x

IXC – Arbitrage W x x x

IXC – Call looping W x x x

IXC – QoS exploitation W x x x

IXC – Technical config fraud I,W x x x

SMS – Spoofing C x

SMS – Faking C, I x

SMS - Malware C x x

SMS – Global title scanning C x

SMS – Flooding C x

SMS - Spamming C x

SMS – Open SMSC C, I x

Pre-paid – PIN theft I x x x x

Pre-paid – PIN guessing C x x x x

Pre-paid – Stolen voucher I, C x x x x

Pre-paid – Altering free call lists I x x x x

Pre-paid – Manual recharges I x x x x

Pre-paid – Voucher modification I, W x x x x

Pre-paid – Duplicate voucher printing I, W x x x x

Pre-paid – Fraudulent voucher reading C x x x x

Pre-paid – Illegal credit card use for recharges C x x x x

Pre-paid – IVR abuse/hacking C x x x x

Pre-paid – IN flag modifications I x x x x

Pre-paid – Handset manipulation C x x x x

Pre-paid – Handset installment C x x x x

Pre-paid – Roaming C, E x x x x

*Other: Related to external type of fraud, most commonly business fraud threats, can affect all kind of organizations




It is important to note that fraud negatively impacts not only the service provider, but all members of the value chain, including customers and partners. Fraud losses increase communications carriers’ operating costs, not only in the damage they cause, but in the cost of discovering and preventing them, and in working with law enforcement agencies to attempt to resolve them. Despite increased knowledge and effort by service providers to minimize fraud occurrences and related losses, perpetrators continue to ply their trade, abusing communications networks and services.

Sizing the problem: How much does fraud cost service providers?It is difficult to accurately quantify fraud, as many service providers do not disclose their actual fraud-related losses. Nor do they necessarily discuss their investments, strategies, figures and plans for corrective measures. Most service providers we spoke with would not hazard a guess, but several put it between $30 and $50 billion per year.

A few commented that it could be much higher because we “don’t know what we don’t know” – in other words, there could possibly be significant perpetration of fraud that has not yet been discovered – but most felt that with leading service providers and law enforcement organizations vigilantly applying advanced tools to detect fraud, it is unlikely there is significant activity (at least globally) that has been undiscovered.

In order to assess the impact of fraud, the Communications Fraud Control Association (CFCA) conducted a Global Fraud Loss Survey of 59 service providers in 2011. The CFCA estimates global fraud loss of $40.1 billion in 2011, which is a 33 percent decrease from 2008. The CFCA believes the reduction in loss is due to “increased effectiveness of anti-fraud programs within the industry and… increased collaboration between anti-fraud professionals within the industry”.

Despite this, 98 percent of respondents thought that global fraud losses had increased or stayed the same and 89 percent believed

that losses within their company had increased or stayed the same.

Unfortunately, the $40 billion estimate in losses does not include the expense of combating fraud (manpower, systems, litigation and so on) and costs may be spread across a number of departments so the costs are significantly higher, but again service providers were reticent to share details of their spending on fraud-related activities.

Future fraud: where do operators see the opportunity for fraud occurring? As might be expected, in addition to being tactically focused on current fraud prevention, fraud professionals are vigilant and forward-looking in terms of the areas where fraud will occur in the future. In the near future, the most popular areas include:

PBX/voicemail fraud – the use of compromised PBX systems to originate international calls;

international revenue share fraud – inflation of traffic terminating in international locations;

bypass fraud – unauthorized routing of traffic to another service provider’s network, also SIM boxing;

subscription fraud – use of communications services with no intent to pay for those services;

credit card fraud – inappropriate/unlawful use of credit cards for payment or authorization;

premium rate service fraud – inflation of traffic terminating to premium service providers.

Though many have put in place tools and processes to combat these types of fraud.

Other more forward-looking individuals and experts have identified a number of potential increasing types of fraud as well, as service providers broaden their product and service portfolios. Some of these include:

Wangiri/premium rate service fraud: Wangiri (literally Japanese for ‘One (ring) and cut’)



Attention from fraudsters will increase in all areas of mobile broadband technology and applications

“The explosion of new technology, operating systems, applications and usage will drive fraudsters toward mobile broadband, as will improvements in fraud management in more mature areas.”

involves a computer using many phone lines to dial random mobile phone numbers. The calls and their related numbers appear as missed calls on the recipients’ mobile phone. Assuming a legitimate call was dropped, or perhaps due to simple curiosity, mobile phone users call the numbers, which are generally expensive premium rate services, or replays of advertising messages.

Content-related fraud: Several situations could occur here, with either the fraudulent selling of stolen or illegal premium content, or the artificial inflation of content download charges from a third party.

Identity theft/: Fraudsters may be able to obtain enough details to assume a false identity, initiating a variety of web transactions using facilities like messaging, social networking, financial transactions and subscription fraud. The damage here is largely limited by the imagination and the amount of information obtainable.

IP bypass: This would involve rerouting traffic (such as VoIP traffic) onto an alternative carrier, robbing the intended termination partner of intended traffic and revenues, and perhaps combining a PRS reroute. This might be combined with some IP spoofing – using false identity data to protect the fraud perpetrator.

Phishing: As interaction with customers through self-service facilities increases, this may offer an opportunity for perpetrators to gain private information such as identity data, financial data, or credit card data, among other things, or it may be used to re-route users to the perpetrator’s website (a technique

sometimes referred to as pharming). Installation of viruses and other malware: In addition to phishing, similar fraudulent enticements through self-service or fraudulent ‘offers’ could result in customers being exposed to various types of malicious software designed to damage devices, steal information, track usage or deliver nuisance advertising.

Mobile commerce fraud: New malware could be developed to compromise handsets, allowing them to be used for fraudulent financial or other transactions.

M2M devices are also subject to fraud. Often located in unprotected places, the devices can be susceptible to SIM card theft. In addition, hacking of host controllers could significantly impact operation, as could inadvertent intervention by field personnel. Any of these sources could lead to significant revenue losses for M2M operators

It should not surprise readers that attention from fraudsters will increase in all areas of mobile broadband technology and applications over the coming years. The explosion of new technology, operating systems, applications and usage will drive fraudsters toward mobile broadband, as will improvements in fraud management in more mature areas.

In addition, the drive to bring new services rapidly to market should be cognizant of the fraud exposure created by these new services. Plans and procedures should quickly be put in place to protect the service provider and its stakeholders from excessive fraud-related loss or expense as the service grows.




How can service providers up their game in fraud management?Service providers have the opportunity to reduce their fraud exposure, lower their fraud management costs, and perhaps gain some additional customer trust. However, for many, this will require significant upgrades in the fraud management strategies, practices, processes and systems they deploy today, as well as an expanded view of fraud beyond the core network services and infrastructure, up into the domains of devices, content and applications. As with credit and collections, with fraud management ‘an ounce of prevention is worth a pound of cure’.

Service providers need to approach fraud management as a science and not an art. They must develop and maintain a set of fraud policies that enable efficient and effective fraud management. This would include methods, processes and procedures to detect, prevent and manage discovered fraud instances within the service provider, and to manage resolution both internally and externally to the service provider. While the approach may vary

among service providers based on a number of factors, the goal must be to attain adequate effectiveness at a reasonable cost. Policy areas to be addressed, as indicated in TM Forum’s Fraud Operations Management Guide (GB947), include tool policy management, analysis and identification policies, fraud classification management, Internal process policies, law enforcement agency interaction policies, external operator interaction policies, and internal ethics policies.

Service providers must develop and maintain strong anti-fraud operations, encompassing methods, processes and procedures for fraud detection, investigation and response. Again, as outlined in GB947, this should include information and data processing (including rule processing, alert generation and alarm generation), fraud analysis (including alarm assessment, alarm investigation, customer contact, fraud determination, controls selection and implementation, and recording/reporting), and fraud action (including billing adjustments, legal action or law enforcement agency engagement, customer termination, staff

The Fraud Management Group is run under the umbrella of TM Forum’s Revenue Management initiative and has a Collaboration Community that our members are most welcome to join to contribute to helping the industry tackle fraud – please see www.tmforum.org/FraudManagement for more information.

If you would like to get involved in the Forum’s work on fraud (or any other aspect of revenue management or enterprise risk management) please contact Steve Cotton, Head of Revenue Management, via [email protected]

The first edition of the TM Forum’s Fraud Classification Guide has identified more than 80 types of fraud to provide consistency across the industry in how we characterize the threats – it is free for our members to download from here www.tmforum.org/GB954FraudClassification.

The TM Forum Fraud Operation Management Guidebook Release 1.0 was published in May 2011 and is available free to members from www.tmforum.org/GB947FraudOperations. It outlines best practices drawn from the communications and other industries.

TM Forum’s fraud management activities



Service providers should develop plans to support their fraud operations

dismissal, process change or intentional non-action).

Finally, service providers should develop plans to support their fraud operations in a variety of ways. As discussed in GB947, this could include: performing intelligence gathering (including external source information such as law enforcement agencies, industry bodies and other service providers, customer behavioral analysis, customer contact, and ‘whistleblower’ management); implementing threat reduction and avoidance measures (including propagation of black lists, staff vetting, customer education and risk reviews for current and anticipated environments); and, finally, managing system configurations (including maintaining hot lists for pattern analysis, black lists of known fraudsters and detection rules and library configurations).

In addition to procedures, service providers should have some clear criteria prepared as they seek tools for their fraud management needs. Fraud management tools must be highly scalable and adaptable, as they will need to fit across a broad variety of situations and scenarios. Architecturally, the tools should be

modular, so the service provider can select only those components they need, but also modularity should allow for rapid incorporation of new capabilities as the service providers’ business or threat environment changes. The tools must allow for rapid detection, but must also be flexible enough to allow rapid addition or modification of rules if necessary to suit a particular scenario. They should allow for profiling, including black lists and hot lists. In addition, they should be flexible enough to accommodate the policies and operating processes of the service provider. The tools should support strong security and data privacy management to maintain integrity and support legal and regulatory requirements. They should also support recording, logging and auditing functions and processes. Finally, the tools should support best practices, and allow for efficient, controlled interaction with external organizations such as other service providers and law enforcement agencies.

While all this may seem a tall order, these are just some of the capabilities necessary to fight the ever increasing threat of fraud. Forewarned is forearmed.

“The explosion of new technology, operating systems, applications and usage will drive fraudsters toward mobile broadband, as will improvements in fraud management in more mature areas.”




Strategies for customer retentionSection 4

The simplest definition of customer churn is the propensity of customers to cease doing business with a network. The word ‘churn’ implies that they are moving to the competition because that is usually what happens. Mobile phone customers, in particular, are not likely to give up what has become a critical personal service, they simply move to competitors for any one of a number of reasons.

Customer churn is most often a reflection of dissatisfaction with the provider’s service functionality, price or responsiveness combined with, or induced by, the availability of attractive alternatives from competitors – but these are not the only reasons.

Churn hurts network service providers where they feel it most – at the bottom line. To put some value on just what an impact this can have on revenues, consider that industry estimates indicate that it costs up to six times as much to acquire a new subscriber than to retain an existing one. On average, and this varies market to market, decreasing churn rate by 1 percent will increase an operator’s profit by 6 percent.

While mature markets with high teledensity (phone market penetration) have churn rates ranging from 1 to 2 percent per month, high-growth developing markets such as India and China are experiencing churn rates between 3 to 4 per cent per month. By relating the churn percentages to the potential profits being lost it is easy to see why churn is considered such a high risk and is firmly placed within the TM Forum’s Enterprise Risk Management domain.

Churn is also pervasive. It affects every subscription-based business – whether it is wireline, wireless or content based. Customers churn for many reasons, including expensive rates, poor service and limited coverage. In

addition, heated competition among service providers has led to price wars, aggressive promotions and an increasing number of loyalty campaigns.

As competition forces the price of services to drop, price-sensitive customers tend to jump ship. By putting less emphasis on price and focusing on other factors such as customer service and differentiated offerings, service providers are hoping to reduce churn further. Extraordinary issues such as major network outages and ‘bill shock’, plus poorly articulated campaigns and subscription plans all contribute to customer churn.

In today’s highly competitive communications markets, customers can exercise their hefty purchasing power by picking and choosing from an abundance of service providers eager to satisfy their communications needs. Incentives and low barriers to switching providers, which effectively entice customers to move from one service to another, drastically reduce service providers’ chances of recouping their customer acquisition costs. Mobile number portability now makes it easier than ever for customers to take their business elsewhere when a better deal comes along.

When a service provider loses a customer, it loses not only the direct revenues from visible services sold directly to the customer, but also the stream of indirect revenues based on its position as account keeper or prime account holder. This includes access charges from long-distance companies and termination charges from other co-carriers and wireless carriers. Most of all, it loses contact with the customer as a potential buyer of new value-added service features that have become the most profitable investments in recent years.



Identify those customers most likely to churn and manage their expectations

Since customer retention is critical to sustaining growth and maintaining profit margins, the most important tool in interrupting churn is to identify those customers most at risk and manage their expectations before they leave. Those likely to churn are usually identified from analytics or behavioral trigger rules/reporting and the proactive actions can take many forms.

When applied to a customer base, churn rate refers to the proportion of contractual customers or subscribers who leave a supplier during a given time period. The main causes of churn are customer dissatisfaction, cheaper or better offers from the competition, more successful sales or marketing by the competition, or reasons regarding the customer life cycle. The churn rate can be minimized by creating barriers that discourage customers to change suppliers (such as contractual binding periods, use of proprietary technology or unique business models), or through retention activities, such as loyalty programs.

There is a difference between ‘gross churn’ and ‘net churn’. The former applies to the total number of absolute disconnections while the latter describes the overall loss of subscribers or members. The difference between the two is the number of new subscribers or members that have joined during the same period. Service providers that offer loss-leading ‘introductory specials’ can find that this leads to a higher churn rate and subscriber abuse – some subscribers will sign on to benefit from the introductory offer, let the service lapse, then sign on again to take continuous advantage of special offers.

Churn can also be a good thing – particularly if the customers in question are unprofitable or unmanageable. Being able to determine which customers to fight for, and which are better with a competitor, can achieve great benefits as well, especially when accounting for the cost of customer care.

However, there is no escaping the fact that losing customers shrinks revenues, drives up

new customer acquisition costs, and often spells the difference between bottom-line profitability and loss. It is estimated that ineffective customer retention strategies cost communications and media industries more than $10 billion each year.

Churn managementTraditional risk management provides a disciplined environment for proactive decision making to:

assess continuously what could go wrong (risks);

determine which risks are important to deal with;

formulate strategies for reducing those risks; implement strategies to deal with those risks.

Churn management takes a more granular approach, and consists of understanding and predicting customer behavior based on analysis of customer records, in conjunction with external information to anticipate churn, and to implement policies to minimize the churn of valuable customers.

A logical approach to churn management would include the following steps:

identifying factors influencing customer defection;

identifying individual customers likely to churn;

determining the factors that influence when the customers are likely to churn;

estimating the likelihood of responding to counter-offers;

assessing the effectiveness of available customer retention tools;

estimating the customer’s value, whether they are worth keeping;

selecting the optimal retention channel for a given customer profile and churn risk level.

Churn prediction is the identification of those customers who are likely to churn – or take




their business elsewhere – and proactively taking action to prevent those deemed to be the most valuable from doing so.

Once customers who are likely to churn have been identified, managing the churn rate would include identifying why those customers are churning and then proactively taking steps not only to try and win them back (if they are profitable to the business) but also creating new processes and procedures internally to help offset future churn.

If a service provider takes this goal seriously, the first key step in implementing these tasks is a thorough customer profiling effort, effectively combining data from different sources and doing this in a flexible manner, to be responsive to changing competitor behavior.

All these steps are essentially dependent variables that need to be answered with independent information available to service providers. These will likely include third party demographic information and internal billing information for customers.

A comprehensive customer profiling exercise is one that involves a combination of extensive internal data mining and external data matching and can be used for more extensive customer management than just churn prevention. Any analytical framework for churn management based on customer profiling is the basis for customer management through the entire customer life cycle and ensures retention of the most valuable customers.

By deploying new technologies, churn prediction models and effective retention programs, customer attrition can be better managed to stem the significant revenue loss from defecting customers.

The current global slowdown and its economic challenges can have a flow-on effect, reducing customer buying power and affecting new sales numbers. Even in developing and emerging markets still experiencing extensive growth there has to be a plan in place to manage the inevitable slow-down as markets approach saturation.

In most cases, and particularly in saturated markets, aggressive operators will employ the only certain means of increasing their subscriber base – by seducing their competitors’ customers. Changing markets coupled with tough competition require re-evaluation of the importance of churn prevention and rethinking of business processes.

This may sound easy, but churn management is proving to be anything but. Operators require a sophisticated and well functioning churn management solution that can help them retain the high-value subscribers with a result in increased average revenue per user.

It should also assure the most effective use of allocated resources for churn prevention, which includes well-defined and strong, targeted offers. This can be also be achieved by partnering with third party experts in churn management.

Being preparedSome of the best work on churn management begins by ‘re-conceiving’ the business. The value of any communications company is the sum of all of the profits and losses of all of the customers with whom they do business. Though not a formal or ‘pretty’ answer, it is one that the CFO can work with, and it recognizes that a company has a portfolio of customers and that portfolio can be managed actively.

Of course, there are unexpected situations that may occur that can generate mass churn. Like any other risk faced by a service provider, there has to be same level of preparedness for unexpected issues that may affect the network or business operation that has an ongoing impact on customer satisfaction and, subsequently, churn rates.

Natural disasters are one example but they generally affect all competitors in one region. However, those best prepared and able to continue to provide service through such times may well find they attract masses of new users impressed by their ability to manage during the bad times.



Churn prediction has become a priority for many service providers

Equally damaging can be badly managed network upgrades, such as that experienced by a mobile operator in Australia in 2010 when a mass switch upgrade went terribly wrong and the wireless network almost ground to a halt. Subscribers departed en masse to competitor networks as disruptions continued. Even those under contract claimed that the operator was in breach of its contractual obligations by being unable to provide adequate service.

Mobile network customers are also very ‘mobile’ by nature. Their tolerance to any disruption to their level of connectedness is not to be taken lightly and the ease with which they can move to competitors makes churn management in that market sector especially challenging. Service providers today, seeing the cost benefit of good customer churn management, are investing heavily in churn prevention and retention processes.

Churn prediction, prevention and retentionAs mentioned previously, a key element of churn management is identifying ahead of time which customers may be considering leaving (churn prediction), what needs to be in place to discourage them from leaving (churn prevention) and then how can they be persuaded to stay (churn retention).

As deregulation, new technologies and new competitors open up the communications industry, churn prediction has become a priority for many service providers. A service provider wishing to retain its subscribers needs to be able to predict which of them may be at risk of changing services and then make those subscribers the focus of customer retention efforts.

Most solutions provide service providers with a sliced and diced view of their customer base, thereby empowering them to treat

each customer differently as per needs. The customer attributes typically considered in a churn analysis can be broadly categorized into customer demographics, contractual data, technical quality data, billing and usage data and events-type data, but the most commonly used historic variables include the time a customer spends on air, the number of calls he makes, the number of services he uses and the revenue generated from that customer.

There are limitations to existing churn-prediction systems that have to ‘learn’ about behaviors that may lead to churn, and there is generally limited availability of general customer demographics and metrics in that area. Some systems experimentally evaluate churn-prediction techniques from subscriber contractual information and call pattern changes extracted from call details.

There are also a number of business intelligence programs on the market that ‘mine’ multiple databases containing customer information and analyze the factors that are associated with customer attrition, such as dissatisfaction with service or technical support, billing disputes, misleading offers or a disagreement over company policies.

More sophisticated predictive analytics software uses churn prediction models that predict customer churn by assessing their propensity of risk to churn. Since these models generate a small prioritized list of potential defectors, they are effective at focusing customer retention marketing programs on the subset of the customer base that are most vulnerable to churn.

Predictive churn models address this issue by identifying key behaviors and characteristics that are most associated with lost customers. An algorithm is created to score active customers and assign a level of risk for churn

“More sophisticated predictive analytics software uses churn prediction models that predict customer churn by assessing their propensity of risk to churn.”




onto those who may be exhibiting similar patterns of behavior.

Their aim is to put at the service of marketing departments and agencies – and of all business users – the necessary weapons to:

Detect which customers are about to abandon and to know them in depth, answering to questions such as: Who are they? How do they behave?

Know the real value of the potential loss of those customers, with the aim of establishing priorities and distributing business efforts and resources efficiently, optimizing resources and maximizing the value of the current customers’ portfolio.

Churn model development is important to any business that relies on ongoing customer relationships. Best practices for predictive ‘churn model analysis’ include the use of multivariate statistical methods such as logistic regression, time-series and survival analyses. These methods allow for insight into churn based on a 360° view of customers, including a combination of buying behaviors, customer care, payment history, tenure, geography, frequency and recency of purchase, demographics, life stage and psychographics.

The goal of churn models is to improve customer retention, and the resulting predictive algorithm can be applied to a customer database

to identify active customers who resemble churners and are most at risk. New retention efforts can be developed to win back the customers who may have been ready to defect.

Companies like T-Mobile in the U.S. have overcome challenges of having a disparate IT infrastructure to enable regional marketing campaigns and more advanced churn management by using federated and multi-dimensional ‘big data’ models. Using its data integration architecture, T-Mobile USA is beginning to manage ‘data zones’ that are virtualized from the physical storage and network infrastructure. In the past, service providers calculated net present value (NPV) by estimating a subscriber’s lifetime spend on services and products, but it was usually tied to contract values, subscription value and historic spending patterns. Now, part of the NPV calculation measures the level of influence, described by some as the size of a subscriber’s ‘tribe’ and the potential impact of ‘tribe leaders’ who have high influence in large, well-connected groups of fellow subscribers.

Marketing departments prefer the term Customer Lifetime Value (CLV) where they try to extrapolate what a customer is worth over time. This involves a certain amount of forecasting and estimation of what services a particular customer may buy in the future. When determining whether a churn customer is worth saving, the CLV is often taken into

Customer Experience Maturity ModelDuring 2012, TM Forum plans to develop a Customer Experience Maturity Model using a similar approach to the successful RA Maturity Model (see page 13) – a consistent, widely deployed framework for assessing how mature a service provider’s organization, people, processes, tools and influence are at protecting and recovering revenue. Deploying the Model can save many millions of dollars, straight to the bottom line – and very quickly.

For real-life examples of just that, please see the TM Forum Case Study Handbook, available free to members at www.tmforum.org/CaseStudyHandbook. We look forward to replicating this success in the critical area of customer experience.



Successful retention efforts may send a message to others thinking of straying

account, but it is far from an exact science despite the fact that this calculation is often displayed as a mathematical equation.

Churn prevention and customer retentionOnce customers at risk of churning have been identified, ‘churn prevention’ and ‘retention’ measures can be employed in order to keep them.

Different customers will respond differently to retention offers. Churn prevention has to work across different markets and customer segments to identify which offers are most appropriate for each and every customer. It is important that retention efforts are targeted at those potential churners most likely to react positively. Good churn management not only identifies customers at most risk of churning but those who are most likely to respond well to the right retention offer, made in the right way.

It is these offers and their effectiveness that make or break churn management activities. There are many retention methodologies available to service providers, but the most common are:

loyalty systems to reward those who keep using your services;

frequent, positive communications; providing extraordinary customer service; providing product and service integrity; measuring and monitoring lifetime value of a

customer; rewarding feedback – welcoming complaints; proactively using social media to reinforce support message and monitoring social networks for speedy response to customer complaints.

Even after all measures are put in place to keep customers happy and loyal, there will still be overriding reasons for them to churn that are completely beyond the control of the business.

Some operators will go to great lengths to ‘save’ customers and accounts that are deemed worth going the extra mile for. Special customer retention teams may be given the freedom to do whatever it takes to save a customer, and this almost always involves personal contact to determine what the issues behind the churn are, and how they may be overcome.

While this may seem extreme action for a business that has many thousands of customers churning each month, the message it sends to the marketplace is often very pronounced. Just like the effect of negative press, such as reports of over-billing and poor service, when a customer feels they have received special treatment they are more likely to mention it on social media such as Twitter and Facebook.

Determining the following and power of social individuals should be part and parcel of the churn management process and successful retention efforts may not only save the ‘lost sheep’, but also send a message to others thinking of straying.

In summary, successful churn management must include all of the elements outlined above, but there is no standard ‘catch-all’ methodology that will work for all businesses. Churn management is a constantly evolving science that must be part of any risk management strategy, and it is one that will, if executed well, deliver bottom line benefits.

“Churn management is a constantly evolving science that must be part of any risk management strategy.”




Revenue assuranceSection 5

The term revenue assurance (RA) describes the work required to ensure that a service provider’s processes, practices and procedures maximize revenues. RA is a practical response to issues with operational efficiency, most commonly relating to billing and collection of revenue. It is end-to-end, crossing all departmental boundaries and it involves the completeness, accuracy and timeliness of data.

RA should also not be confused with revenue management (RM). One of RA’s earliest proponents, David Smith from ABIS, points out that RA is fundamentally about accurate billing for customers’ use of products and services (whatever those products and services happen to be) and securing all revenue due. RM is fundamentally about developing and implementing strategies to maximize revenues (utilizing the network, products, services, pricing, billing capability, marketing, sales and customers as resources).

Smith’s definition, encompassing four main components, has been used since the term RA was first coined and it still applies today. “RA is accurately billing for all transactions, products and services provided in accordance with contracts and tariffs, while managing fraud to acceptable levels and collecting all due revenue.”

Some of the procedures associated with identifying, remedying or preventing errors are, these days, undertaken by a dedicated RA department, though this varies greatly depending on the organizational structure of the service provider.

Responsibilities for RA usually sit between the Finance and Technology areas. However, RA initiatives are sometimes started in a business unit or marketing group. RA is, in

reality, a niche business activity that relies on the use of data quality and process improvement methods to improve profits, revenues and cash flows without influencing demand. This has been defined by the TM Forum RA working group based on research documented in its RA Overview (TR131).

The RA process is a means to identify, remedy and prevent problems that result in financial under-performance without necessarily generating additional sales.

Revenue leakageRevenue leakage is the most common term used to describe lost revenue. The metaphor is that of leaking water from a pipe, where water stands in place of revenues or cash flows, and the leaks represent waste. The value of RA is hence determined by the size of the leaks ‘plugged’, and possibly also those leaks prevented before they occur, although estimating the value of the latter is very problematic (TM Forum is working in this area, see box on page 35).

Revenue leakage is an inherent risk in the communications revenue cycle, regardless of the scale and region of operations. A very thin line exists between ‘leakages as an inherent risk’ and ‘leakages as a business challenge’. Identification and recovery from subscribers or partners is the delta between these two forms: the stronger the delta, the larger the gap.1

Revenue leakage can also be viewed as revenue that has been earned, but lost on its way to the corporate wallet. It can take the form of services that have been provided but have been under-billed or unbilled, or had misapplied credits and adjustments. Examples range from customers who are getting free

1KPMG Global Revenue Assurance Survey 2009



Leakage across the revenue chain remains a challenge for operators

service to rate table errors that are pricing services for less than tariffs allow.

Revenue leakage (including fraud-related) across the revenue chain remains a challenge for operators. While operators in developing markets face a wide range of issues, including the upfront challenge of high revenue leakages, operators in developed markets are faced with insufficient data to accurately identify and recover most of the estimated leakages.

While the cause of revenue leakage requires disciplined root-cause analysis, the following partial list gives insight into the breadth of every day issues and activities that may lead to revenue leakage:

Manual provisioning processes. Manual correction of service orders that fall out into error files with re-entry that is not completed correctly.

New services that do not flow through legacy systems correctly.

Disconnect orders that are deferred and then forgotten.

Records/database discrepancies that result in manual intervention that is not carried out correctly (service is provided, but records are not updated).

Inadequate interfaces between operation support systems and network elements.

System failures in mid-transaction. Incorrectly applied rates and tariffs. Incorrect restoration of customer data

following a system failure. Service adds that are provisioned by translators for field forces without the required service order update.

Internal fraud resulting in free services for friends and family.

Errors or corruption during system migration.

Where revenue assurance sitsThe relevance to finance departments is part historical. Initially, RA activities were basically part of the audit function, initially external, but these days subject matter expertise is required from network and IT systems as well as from the business side. Most RA tools utilize data from network elements and these are implemented or operated by the technology side.

Marketing groups and/or business units (such as wholesale or retail business lines) will often embark on RA projects in an effort to improve their own product line margins. Marketing and business units are pivotal in providing input into the ‘should-be’ state of customer bills and products and are also finding extended uses for the data being extracted by RA tools, particularly with reference to Business Intelligence and Analytics. Billing, CRM and other customer data comes from these and other back-office systems.

The sphere of influence achieved by RA varies greatly between service providers, but is usually closely related to back office functions where small errors may have a disproportionately large impact on revenues or costs. Errors in rating plan calculations are good examples of these. The processing of transaction data in modern service providers can be very complex and RA tools have become so sophisticated and effective, their output is being utilized by more and more departments, particularly by marketing for purposes of customer profiling.

The RA techniques applied in practice cover a broad spectrum, from analysis and implementation of business controls to automated data interrogation. At one end of the spectrum, RA can appear very similar to the kinds of review and process

“Most revenue assurance tools utilize data from network elements and these are implemented or operated by the technology side of the business.”




mapping techniques applied for other financial controlling objectives like accounting integrity, as exemplified by those derived from Clause 404 of the Sarbanes-Oxley Act. This form of RA is most commonly promoted by consultancies.

The size of such consultancies covers the entire range. The so-called ‘Big 4’ all offer some form of RA consulting, but there are also niche specialist consultancies. At the other end of the spectrum, RA is treated as a form of reactive automated data interrogation, seeking to find anomalies in transaction data that may indicate errors and potential revenue loss. This form of RA is most commonly promoted by software vendors that aim to provide configurable tools to extract and interrogate a service provider’s source data.

A less popular form of reactive automated assurance involves using both software and specialized hardware as a means of extracting additional data on transactions, for example by creating actual network events or interfacing directly with network elements to replicate ‘dummy’ events and check their progress from ‘switch to bill’ (test call generation). As with consultancies, IT-oriented RA solutions are offered by vendors of billing and mediation software, and by specialized niche providers.

Strategies such as identifying and preventing revenue leakage are business priorities for service providers. Despite the attention being given to RA initiatives, service providers had limited early success due to their focus on reactive initiatives, lack of access to critical data in order to quantify revenue leakage and the limited tools available in the marketplace. That has changed dramatically for the better in more recent times.

Systemic and pervasive revenue leakageOne of the pioneer vendors of RA tools, Connexn Technologies (acquired by Azure Solutions and subsequently by Subex) outlined in a white paper2 back in 2002 that revenue leakage can either be ‘systemic’ which is an individual problem that impacts many customers, or ‘pervasive’, which is associated

with a single customer or network component assigned to a single customer.

That definition was so clear and concise it has been adopted by many players since and is replicated here to emphasize that even after all this time, the fundamentals of revenue leakage discovery and root-cause analysis have changed very little.

“Systemic leakage typically receives the most focus since it tends to be easier to fix and has higher visibility. Systemic leakage is an individual problem that impacts many customers. A single occurrence can result in huge sums of loss. Examples of systemic leakage include:

Network element translation error that turns off usage recording.

Rate table error that results in under-billing a large number of customers.

Billing system coding error that causes certain types of usage records to be deleted.

System failure that corrupts customer account data.

“Pervasive leakage tends to be more difficult to identify and correct and typically has the greatest overall revenue impact. It is usually associated with a single customer or network component assigned to a single customer. The individual loss may be small, but collectively pervasive leakage results in far greater loss than systemic leakage.

“Examples of pervasive leakage include:

not billing a customer who has been provisioned for a value-added feature like voice mail;

a customer who has working service, but is not being billed because there is no customer service record in the billing system;

provisioning a customer for a new package offering, but not billing for the package because the order did not complete.

“Systemic leakage tends to be most visible, and therefore has received the most attention. It also tends to be the easiest to identify and

2Available at www.tmforum.org/Revenue Assurance


www.tmforum.org/revenueassurance


The fundamentals of revenue leakage discovery and root-cause analysis have changed very little

correct, and therefore resource-strapped RA organizations see it as low hanging fruit. Pervasive leakage, on the other hand, tends to be the quiet leakage mentioned earlier. It is not easy to identify or correct, but most likely represents the greatest revenue leakage. To address pervasive leakage, service providers must either deploy automated solutions or allocate large numbers of people. However, these are resources that typical RA organizations lack.”

RA requires a holistic approach that addresses both systemic and pervasive leakage. In addition to taking a holistic approach, service providers must be able to monitor, analyze and act on the information derived from RA initiatives. Effective RA tools are almost mandatory in order to accomplish this. Those tools must also be able to access a broad range of systems and network elements and must also have the capacity to analyse large quantities of disparate data.

RA has been a hot topic for many years now and a great deal of time and resources have been spent trying to identify and stop revenue leakage. Despite this, some service providers still appear to be struggling with the problem.

There are three main reasons why RA initiatives falter:

1. RA organizations and initiatives tend to focus on reactive activities addressing highly visible leakage rather than taking a more comprehensive approach. When there is high visibility associated with a major revenue leakage, RA organizations get plenty of attention, and sometimes direction, from senior executives. The first reaction is to determine how to stop the leakage, and then how to prevent a major loss from occurring again. Unfortunately, this reaction frequently only drives single-point solutions in the form of metrics and controls. For instance, following a major usage data (CDR) loss, a metric may be implemented that raises a flag when usage volumes drop below a certain number. This will prevent a loss from

becoming major as long as someone sees and reacts to the flag, but it doesn’t keep the problem from happening in the first place.

2. Due to the lack of access to critical data, RA organizations have difficulty determining how much revenue their company is leaking, and where the leakage is coming from. Without data it is difficult to set priorities on where to use the limited resources that are available for RA work. Also, due to the lack of data, the most visible leakage may be getting all the attention, while other significant leakage may go quietly undetected, month after month. While the large visible loses certainly injure a company, the undetected quiet leakage can drain life-giving revenue from a company to the point of collapse.

3. RA organizations have had few options on how to go about their work. Organizations are hampered by the lack of access to data and the ability to monitor and analyze what data they do receive. When they contract internal IT organizations for access to data, they are usually given a single-point solution that has limited flexibility and is not reusable. In many cases the cost and time-to-delivery of IT solutions are prohibitive and the initiative cannot even be started. Due to the lack of tools, most RA organizations have turned to manual data collection and analysis, often supported by expensive external consulting resources.

The need for toolsWhile taking a holistic approach is an integral step in ensuring an effective RA program, the access to relevant data and the resources to monitor, analyse and act on the information derived from that data is also essential. While manual approaches have been attempted with limited success, the key to working with the massive amounts of data relevant to RA is an effective tool set.

There are a number of vendors offering RA products beyond consulting, and most of those have focused on reactive RA. Internal IT department attempts to build one-off RA tools

“A great deal of time and resources have been spent trying to identify and stop revenue leakage. Despite this, some service providers still appear to be struggling with the problem.”




and solutions have been expensive and time-consuming.

The lack of a robust set of RA tools is a difficult problem to overcome. To better understand the problem, it helps to look at what issues need to be solved, and then at what characteristics the tools need to have in order to address those issues.

There are four common issues most RA organizations are faced with today. An effective tool set should help with all four;

1. Budget constraints2. Limited staff or resources3. Limited or no access to relevant data4. Never-ending list of RA initiatives to be worked.

Effective tools increase productivity and perform tasks that simply cannot be done manually. Specific characteristics of RA tools stem from the broad range of systems they must be able to access, and the large quantities of disparate data they must be able to analyse. RA tools must also have the following abilities:

readily interface with business support systems, operations support systems and network elements;

extract and populate RA relevant data within the above systems;

translate and transform data to and from appropriate syntaxes;

compare and analyze large volumes of data from multiple data sources;

monitor and display key process indicators; identify and correct data defects that are

resulting in revenue leakage; minimize development costs through pre-

constructed and reusable functionality sets.

RA tools, coupled with a holistic RA approach, can help stalled RA organizations cross the chasm and move into finally getting RA under control.

A strong RA capability is a core attribute of successful service providers. RA may not

sound strategic but it is a necessity and can be a differentiator. There has been recent attention in the news on the traditional benefits of RA, but the opportunity for contribution to the bottom line is larger than simply recovering leakage.3

Service providers in developed markets must add additional products and suppliers/partners to their systems daily. In the high growth, emerging markets, service providers are inundated with the sheer volume of transactions.

The real opportunity lies in assuring that all this activity translates into higher margins. Service providers that invest in their RA functions are developing a key differentiator that will enable them to operate more effectively and make sure all that activity actually reaches the bottom line.

The appropriate investment in RA depends on the service provider’s RA maturity.

For young service providers:

Establish an RA department. Invest in RA tools early. Establish clear reporting and visibility. Establish goals to increase maturity.

For mature service providers:

Leverage RA effectiveness by increasing awareness, making prevention a part of everyone’s job.

Establish prevention-related measures of the RA function so true contribution is visible.

Expand the remit of the RA function to tackle the emerging issues.

The charging and third party settlements situation becomes more complicated as the customer buys applications and games. The nature of the charge is typically set by the application developer – not the application store. Depending on the application and its intended usage, there may be an upfront charge, a flat monthly fee, or usage/transaction-based charges. All of which must be settled

3TM Forum Revenue Assurance: The Hidden Opportunity, available at: www.tmforum.org/BIQRevAssuranceHiddenOp


http://www.tmforum.org/BIQRevAssuranceHiddenOp


Service providers that invest in revenue assurance are developing a key differentiator

with different providers each with different terms, refund policies and fraud exposures.

The bottom line is that the charging and third party settlements environment is becoming more complex through a combination of complicated service bundles, increased transaction volume and an expanded supplier population.

As a result, the opportunity for RA problems to emerge has blossomed. Accuracy of service definitions and customer data becomes much more important. Tracking the new transaction types through to correct billing and fund allocations to third parties takes on a draconian aspect.

Even flat fee and pre-paid plans do not protect the service provider from this maelstrom. Purchases must be tracked and the suppliers managed. Fixed-line providers are not immune to this growing complexity.

In the recent TM Forum Business Intelligence Quarterly – Securing the bottom line with revenue assurance, a number of the RA industry’s leaders debated the impact of new services on RA practice. The take-aways from this virtual debate were that:

New service could lead to legal exposure as well as revenue leakage, for example, new uses of data could violate data protection legislation, which varies from country to country and that a well-trained RA team could lower this exposure.

Value-added services can increase financial risk because service providers are operating alongside traditional communications services. This might not simply lower revenue but incur cost. Be aware that the risks are high and take precautions.

Machine-to-machine (M2M) communication and the explosion of interconnections is

underway. It means new data flows, and new functionality to track interactions and analyze exposures. Flexibility is the key to protecting operations.

Revenue management teams need a shared information store. Access to information is essential for high maturity RA teams and can improve the effectiveness of less mature teams.

The risk from identity and information theft are growing fast, due in part to putting convenience ahead of security. Service providers need to protect their services from this sort of exposure to fraud.

How TM Forum helpsTM Forum is perceived by the industry as the most active body in the RA space. Through its collaboration program, service provider members, vendors, consultants and accountants have come together to produce what have become industry standards.

In the words of Eric Priezkalns, author of Revenue Assurance – Expert Opinions for Communications Providers and moderator of the popular talkRA website, “No one person can be an expert in all aspects of RA, ours is a hybrid discipline.”

This is because of:1. The cross-functional nature of the activity and the consequent need for a variety of skills from IT, marketing, finance, et al.2. The difficulty of generalizing across businesses with different objectives and business models.3. Political infighting within each service provider about responsibility for revenue leakages and assurance. 4. The difficulty in reliably measuring the value added by RA as separable from underlying performance. There is some debate about

“The charging and third party settlements environment is becoming more complex through a combination of complicated service bundles, increased transaction volume and an expanded supplier population.”




the relative merits of the different techniques that can be employed in RA.

To address these and other issues, TM Forum’s activities in these areas include:

Revenue Assurance Maturity ModelThis is a tool intended to aid strategic planning for RA by assessing the current level of maturity of RA activities within a service provider, and aids in determining what should be the next appropriate major strategic ambition to reach the next level of maturity, as well as how to assess when it is reached (see page 13).

It provides a consistent methodology to benchmark the RA capabilities of an organization against other counterparts in the industry of the same maturity.

Understanding what level of RA maturity a service provider is at is critical in comparing its performance with other service providers at a similar level of maturity and to assist in determining what needs to be done to reach the next level, in a cycle of continuous improvement.

Revenue Assurance Guide BookThis guidebook is designed for RA practitioners giving practical advice on how best to tackle the challenges of RA within service providers.

It is a how-to guide providing a quantitative and process-based analysis of revenue leakage that has become the de-facto way RA professionals do business. It addresses all aspects of RA processes including their relationship to the TM Forum Frameworx suite of standards, regulatory compliance, methodologies, utilization of tools, benchmarking and effectiveness of RA procedures.

Business scenarios within service providers are constantly evolving with the introduction of new products and services, changing compliance and pressure to ensure efficient generation and recovery of all revenues. RA departments have grown and matured into integral components of any modern service provider. The Revenue

Assurance Guidebook and its addenda provide the most comprehensive reference source for RA professionals.

Revenue Assurance Key Performance IndicatorsThis document provides instructions on how best to utilize the KPI Metrics Workbook that is provided as an Excel spreadsheet.

It defines 20 KPIs that provide a common framework to measure three important aspects of RA: revenue leakage, RA process efficiency and data quality. It provides a standardized set of metrics providing service providers with a complete view of RA status and trends over time.

KPI Metrics provide staff and management with a means of determining how well their operation is tracking, if they are meeting objectives and what level of maturity they are at.

Revenue Assurance Leakage ExamplesThis addendum provides a list of real-life examples of RA issues from a range of potential failure points at which leakage can occur, demonstrating the breadth of the RA discipline.

The examples presented here are based on the end-to-end order to cash life cycle within service providers and are presented in an easy to follow format.

Service providers need to review the scope of their RA activities and minimize the chance of leakage from areas that may otherwise remain undetected. The degree to which they are measuring and scrutinizing these areas is a key factor in RA Maturity.

Revenue Assurance Controls and Coverage ModelThis document recommends a series of controls that service providers should consider implementing in order to reduce the risk of RA related issues and a method of assessing the coverage and effectiveness of those controls.

By embracing risk management techniques service providers can identify their revenue leakage risk areas by finding weaknesses,



The business scenarios within service providers are constantly evolving

establishing the coverage, identifying gaps in existing controls, and assessing the business impact of those risks.

Its goal is to improve the efficiency of existing RA controls and to benchmark the level of coverage.

Revenue Assurance Coverage Model Measurements InventoryThis spreadsheet contains a list or inventory of the most common RA coverage areas that a service provider should check in the areas of product management, finance and accounting, customer management, order entry and provisioning, network and usage management, partner management and rating and billing.

This is used in conjunction with RA Controls and Coverage Model to improve the efficiency of existing RA controls and to benchmark the level of coverage.

Revenue Assurance Training and CertificationDelivered by renowned RA experts, this three-day program provides your staff with the expertise to develop a comprehensive RA program to drive your company up the maturity model, and to higher profits.

In addition, an annual RA Survey is carried out that focuses on organizational structure, collaboration with other revenue management disciplines, and proactive vs. reactive approaches. More than 30 operators participated in the 2011 survey.

The TM Forum RA Performance benchmark helps you answer questions such as these and to focus your improvement efforts in the areas that will have the biggest impact. It provides insights into critical RA performance indicators at the strategic, tactical and operational levels.

Participants in this metrics-based study receive a personalized report and analysis of their performance relative to the study group. Participation in the study and the associated personalized study report are entirely free of charge to service provider members of TM Forum.

Measuring the impact of prevention within revenue assuranceRevenue assurance (RA) can be worth many millions of dollars to a service provider annually, but at the moment, it only measures what it recovers for the organization, not the money it prevents from leaking in the first place. This makes it hard to build the business case for continuing or increasing investment in preventive revenue assurance: as revenue assurance practices mature (see Revenue Assurance Maturity Model on page 13), the emphasis should move from recovery to prevention, which is more cost effective.

Today each company is doing its own calculations around preventive RA and the industry needs a proven model. This would show how and why prevention is important to the health of the organization, particularly its bottom line, save RA departments a lot of time and effort, and service providers will also be able to use it for internal and external benchmarks. In the future we want to develop a new set of tactical and operational business metrics to support this activity (see box on page 11).

A high successful and popular Catalyst project addressed these issues at TM Forum Management World 2011. The Catalyst program is TM Forum’s rapid prototyping environment where suppliers and systems integrators work together for between three and six months to create solutions for critical industry operational and systems challenges. They accelerate the development of and validate TM Forum’s best practices and standards.

The model that the team developed for the Catalyst looks at three aspects: the contribution of RA by detecting and recovering leakage; preventing leakage; and mitigating risks, which is an often neglected aspect.

The Catalyst was championed by BT, China Telecom, China Unicom, MTS allstream, Swisscom and Telefónica O2, supported by vendors Ericsson, cVidya Networks, Synaptitude Consulting, Progress Software and Huawei.

Their findings were reported to the RA Team within TM Forum’s Revenue Management Initiative, which discussed them and used them to create new best practices. They will be published in a new addendum to TM Forum’s Revenue Assurance Guide Book (GB941), which will be part of Revenue Assurance Solution Suite, release 4 (planned for May 2012).

We are also working on a second phase of this Catalyst project at TM Forum Management World 2012 in Dublin, in which we will demonstrate the resulting best practices and their importance to service providers.




How do service providers view risk management, and how should they proceed?

Section 6

By now it should be clear to the reader that risks are pervasive. This leads us to a few issues:

How are service providers approaching risk today?

What do they view as their most significant risks?

What is driving risk management investment?

To get a sense of this, we interviewed senior managers at 18 service providers from North America, Europe and Asia. While all had at least some focus on risk management, they varied broadly in their viewpoints, assessment of risk and view of the drivers of risk.

How do service providers view themselves as risk managers? Our first question was a self-assessment of their relative industry position as risk managers. Figure 6-1 illustrates their viewpoint.

As can be seen from the chart, only 21 percent identified themselves as leaders or above average, while almost twice that saw themselves as below average or as laggards. The largest portion, 42 percent, viewed themselves as ‘average’, neither better nor worse than other service providers. Risk management programs appeared to be more mature in larger service providers and in developed countries, for a variety of reasons. When we asked the leaders and above average companies why they felt this way, they spoke of management commitment and risk management disciplines incorporated into planning, program execution and operations measurement.

When we asked the lower profile companies why they felt this way, they indicated that there was limited formal risk management planning or management emphasis, and that most of the emphasis in their companies was skewed toward near-term growth and profitability, with substantial investments in risk management coming from external drivers (more on this below).

Clearly, this response scenario supports our assertion that many people feel that risk management is still being seen as an expense as opposed to an investment or an important operational cost. In fact, the laggards and a few of the below average self-ranking companies felt that their management was more interested in “unfettered growth”, and that investments in risk management were sometimes seen as diverting resources from that effort, or even slowing it down.

Figure 6-1: How would you describe your company relative to other service providers in adoption of risk management practices?

Leader

Above average

About average

Below average

Laggard

5%

50

40

30

20

10

0

16%

42%

26%

11%



Audits were the most common driver of risk management investment

What drives risk management investments?We next asked our service provider respondents to describe the top three drivers of risk management investment in their companies. The results are shown in Figure 6-2.

Interestingly, the most common driver was audits. This included both internal and external audits, and respondents who chose this answer tended to come from those service providers who ranked themselves as average or below on our first question.

The second most popular response was best practices adoption. These respondents cited instances where individual business units or departments took upon themselves to proactively incorporate risk management practices into their operations, usually as part of a larger program. The practices mentioned covered a broad span, and included aspects of credit, security, customer retention, data quality improvement, and other aspects. Importantly, these efforts were initiated within the department, and not from corporate management.

The third most popular response was strategic planning. These initiatives could be characterized as driven by senior management though either a formal strategic planning initiative, or through a planned periodic (usually annual) risk assessment process.

Next came business performance. These were initiatives driven by reactions to business performance during the year, rather than by the annual strategic planning or risk assessment initiatives. The most common examples given here were efforts in customer retention or credit management, with a handful from other places.

Bringing up the rear were regulatory

Figure 6-2: Top three drivers of risk management investment

Audit

Regulatory compliance

Best practices adoption

Extraordinary events

Business performance

Strategic planning

80

70

60

50

40

30

20

10

0

72%

33%

61%

28%

44%

56%




compliance (though service providers are clearly worried about this as an external driver) and extraordinary events. So new initiatives or changes in regulation drove some activity, and significant external events like natural disasters, economic developments or security events.

Perhaps the most important conclusion here is that much of the risk management activity in the industry is at least perceived as being driven by external events, such as auditors, regulators and extraordinary events. In addition, only about half of our respondents listed strategic planning and review as a top three driver of investment (though best practices can also be viewed as a proactive approach, albeit at the department level). This is somewhat concerning, but not inconsistent with the majority of respondent’s views of themselves as average or worse in the industry.

Biggest risks moving forwardFinally, we asked our respondents what they believed their biggest risks were over the next three years. The results appear in Figure 6-3.

As can be seen, the largest area of concern is retention of customers. This is particularly true among the respondents from developing countries, where markets have only recently begun to approach maturity for core services, and churn rates are relatively high. However, the worry comes not just from losses to direct competitors, but also from the perspective of maintaining customer relevance and wallet share given the onslaught from device manufacturers, content owners and distributors and web players.

“Respondents were concerned with their ability to understand customer needs and competitive thrusts, and be innovative enough to respond to market dynamics in a timely fashion.”

The second concern expressed was in the area of security and privacy. Service providers worry in particular about maintaining information privacy, but also about the increasingly sophisticated hacker community, especially given the proliferation of smart devices and related operating systems and applications.

Achieving financial targets was the third most popular response, with some worried about growing revenues in such a competitive market, and others concerned about continual cost reduction and saying they have already substantially addressed the ‘low-hanging fruit’ in their cost reduction initiatives.

Close behind was market management risk. These respondents were concerned with their ability to understand customer needs and competitive thrusts, and be innovative enough to respond to market dynamics in a timely fashion.

Figure 6-3: What are your top three risks over the next three years?

Customer retention/ growth

Achieving financial targets

Fraud management

Security and privacy management

Asset management

Revenue leakage

Market management

Technology management

Regulatory risk

44%

80

70

60

50

40

30

20

10

0

67%

22%

50%

6%

22%

39%

17%

33%



Service providers must take the initiative to focus on risk management

Source: TM Forum, 2011

Figure 6-4 Mapping risk management to value creation

Regulatory risk came next. Much of this was expressed in terms of initiatives like privacy and net neutrality, but respondents also worried in general about the ability of regulators to understand and clearly regulate increasingly complex ICT markets, as well as the ability of service providers to effectively educate and influence regulators.

Next, in a tie, came fraud management and revenue leakage. Some of this came from those who described themselves as laggards, but others expressed concern over ‘future fraud and revenue leakage as new services such as cloud computing emerged.

Finally, a few respondents cited technology and asset management as important areas of risk.

So how should service providers approach risk management?While virtually every enterprise has deployed varying approaches to risk management over the years, it is increasingly clear that service providers need to take the initiative to focus strategically and holistically on it, or they will be driven to recurring tactical and reactive responses by external and internal forces.

By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators and society overall. Accordingly, perhaps the healthiest alternative is to embark on a strategic approach that examines value creation for the enterprise and evaluates risk as a component

“By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators and society overall.”

Mission Goals Strategy Objectives Operations ValueCreation

Risk Management and Assurance Set of Rules




of value creation. This is the approach taken by GB952, as illustrated by Figure 6-4.

In addressing risk management, service providers should plan to conduct an annual risk assessment, identifying what defines key risks and perceived impact, prioritizing the aspects of each of the risks, and determining priorities. In conducting the assessment, service providers should broaden the scope beyond traditional financial and regulatory risks, considering the full value chain and the environment it operates in.

They may find it useful to conduct some scenario planning to evaluate the full impact of the more significant risks, and provide these as input to the strategic planning process. From there, they will need to evaluate their ability to manage or respond to risk-related events, and how well those response processes are integrated into their operating processes. From here, service provider management determines their priorities and, importantly, embeds them into their action plans.

There are many resources that exist to guide service providers in this process. For example, ISO 31000 is generally recognized as the international standard for risk management, and many organizations across all industries refer to this standard. The Committee of Sponsoring Organizations of the Treadway Commission internal control framework includes a section on risk assessment.

The Public Company Accounting Oversight Board, created by the Sarbanes–Oxley Act, a 2002 United States federal law, offers guidance, especially in the area of fraud. COBIT (Control Objectives for Information and related Technology) provides a guidebook addressing

governance and management information and related technology. Our own GB952 offers guidelines for addressing risk management, and several other publications address various aspects of risk management. Many accounting, consulting and IT firms offer services and solutions in various areas as well.

While all this may make addressing risk management seem straightforward, there are myriad challenges to be addressed. Executive sponsors must be identified and recruited for the ERM program. These will often come from the senior management team. It is important to establish a corporate ‘risk appetite’ to establish which risks a company will take, and those it will not.

It is also important to clearly communicate decisions and reasons throughout the organization. In some cases in our interviews, those who ranked themselves as average or worse simply disagreed with the apparent risk appetite, or said it was unclear to them.

Establishing and empowering a central risk coordination function and justifying the function from a ROI perspective is necessary, if it is to be effective. Develop clear, realistic action plans. Establishment of a risk inventory is a critical early step, including descriptions and initial impact assessments. Assigning ownership for each of the risks in the inventory is a next logical, but often complex, step.

Understanding the stakeholders for each risk category, and developing monitoring and reporting processes and capabilities to keep them abreast of developments can be time and resource consuming. Develop policies and procedures for interfacing with external organizations (such as partners, customers,

“Service providers should plan to conduct an annual risk assessment, identifying what defines key risks and perceived impact, prioritizing the aspects of each of the risks, and determining priorities.”



Appropriate process analytics are crucial to risk management efforts

The profile of risk management has risen considerably in the last decade. Following some high-profile corporate failures, more and more of the business world is turning to the discipline of Enterprise Risk Management (ERM) to help them manage uncertainty, avoid ‘shocks’ to the system and instill confidence in investors.

Risk awareness needs to be embedded within the communications provider’s organization. By forming a bridge between the TM Forum’s Frameworx suite of standards and the generic global ERM standards, such as ISO 31000 and the COSO ERM Framework, TM Forum’s ERM team aims to support the lean execution of ERM within communications providers.

Leveraging the TM Forum’s Business Benchmarking Program (see page 11) will give communications providers a unique opportunity to compare how they manage risk with their peers, and hence to use those benchmark results as a basis for setting and managing the expectations of external stakeholders.

If you would like to know more and/or take part in the ERM initiative, please go to www.tmforum.org/enterpriseriskmanagement or contact Steve Cotton, Head of Revenue Management, TM Forum via [email protected]

TM Forum’s Enterprise Risk Management Group

auditors, law enforcement agencies, and so on) for certain types of risks. Incorporating risk concepts and coverage into the internal auditing function is a vital step to making sure that vigilance is maintained.

Finally, a commitment to the introduction of appropriate process analytics is critical to risk management efforts. In order to properly and efficiently discover and manage risk related events and issues, service providers need the appropriate tools, along with a well trained staff and a commitment to data accuracy.

Many companies in various industries are designating a central risk organization, and in some cases a chief risk officer, to take responsibility for managing risk within a company, working with various operational groups.

Although appointing a leader is an important step, the risk appetitie and resultant target

culture is directly dependent on the tone, as characterized by the risk appetite set by top management and the board. In the final analysis, it is the responsibility of the senior management, along with the board, to set the direction.

In closing, we hope we have presented a balanced perspective on the need for risk management practices within the industry. Risk management is an extremely important area for service providers, and while initiatives and maturity vary broadly among companies, service providers who are intent upon protecting their profitability and preserving their valued customers must find the balance in their risk management strategies and programs to enhance their value creation for their stakeholders.

We hope you have enjoyed the report, and gained some additional perspective on this complex but important topic.


Sponsored feature


Despite the presence of advanced fraud management solutions, bypass fraud continues to grow. Today, the losses due to bypass fraud amount to $2.88 billion dollars annually, an almost 44% increase over the previous year (CFCA Survey 2011). Regions such as ME, Africa and CALA have been struggling to cope with the growing menace of SIM Box fraud (the most common type of bypass fraud). Service providers not only have to cope with huge financial losses due to bypass fraud but also have to deal with problems such as customer dissatisfaction and regulatory pressures. To overcome this threat, service providers use the most common techniques which are not sufficient in today’s era.

Traditional Approach to Bypass Fraud Most of the service providers worldwide use one of the two techniques to combat bypass fraud. They use either

Test Call Generators (TCG) – Here the approach is based upon automatic generation of controlled traffic to known MSISDNs in service provider’s network through large portfolio of originators across the globe including fixed, CDMA, GSM, VoIP, calling cards etc. and monitoring the landing CLI on these MSISDNs or analysing the call information in service provider’s network through probes.

Statistical Profiling based detection through an FMS or scripts – Here the approach is based upon identification of Bypass Fraud by monitoring complex call patterns (Outgoing call count, distinct

Bypass Fraud – Are you getting it right?

destinations ratio, cell sites used, incoming to outgoing call ratio, SMSO, SMST counts etc.) originating from a service provider’s MSISDN or terminating over it. Any cases identified can then be used to profile and uncover other associated MSISDNs which are being used in the same Bypass Fraud racket.

However each of these approaches individually is not sufficient. They have their own advantages and disadvantages as shown below

Best bet to prevent bypass fraud – Combine TCG and FMS Today, fraudsters are evolving at a

Advantages Disadvantages

TCG Approach Very high fraud hit ratio – Sometimes even more than 90%

Incomplete coverage – Not possible to cover all routes across the world. Coverage is also tightly coupled with number of test calls generated.

Proactive or early identification – Connections can be detected even when no Bypass call pattern is exhibited

Susceptible to counter attacks – TCGs may become useless just after few days of operation as the Call bypass node may be programmed to reject (or leave) calls originating from the TCGs after some experience or pattern Analysis.

Minimum learning out of Fraud Hit – Lack of association between confirmed cases in absence of CDRs.

FMS Approach Better coverage – With the availability of CDRs, Subscriber & Dealer Information and profile pattern based detection, It has the potential to cover all

Reactive monitoring – Of no use until the pattern reaches the detection thresholds

No additional investment – Any Bypass specific call patterns can be converted to Rules for identification

Latency in detection – Connections need to make certain amount of usage for getting detected



rapid rate and traditional approaches to combating bypass fraud are not sufficient. With the strengths and weaknesses of the FMS and TCG approach known, what can be the solution to the ever increasing Bypass Fraud problem?

In our experience, the optimum solution to prevent bypass fraud is to combine both the approaches i.e. combine TCG and FMS and create an integrated bypass fraud solution. This solution seamlessly integrates the TCG approach with Fraud Management Systems, thereby combining pros of both approaches and eradicating the deficiencies faced by each of them individually.

The idea behind integration is to generate a maximum impact on the whole Bypass Fraud racket using every

confirmed fraud MSISDN identified either by TCG or FMS, with both the systems sharing actionable intelligence.

How this worksIn this approach, the confirmed Bypass Fraud MSISDN cases detected by the TCG are provided as an input to FMS automatically. Details like fraudulent MSISDN, Route/Trunk Information, Call origination country, time of the test call made and so on are fed into the FMS which then initiates a dedicated and combined Traffic, Account, IMEI, IMSI, CCID, Location and Profile analysis, over the Subscription and Usage database available. This helps to uncover the associated numbers involved in the same Bypass Fraud racket, but remained

Hybrid Detection Technique

SIM BOX

VOP LINK

Interconnect Partners

Associated SIMs

Fraudulent Dealers

Tra!c Analysis

IMEI Analysis

IMSI, CCIDSeries Analysis

Location Analysis

By Pass

fraudmanagement

New RoutesInjection

Fraudulent SIMBox Numbers

Related XDRS

Cellular Network TCG

undetected by TCG. This approach ensures there is a much deeper level of penetration and impact made over the whole Bypass Fraud racket with every confirmed fraudulent MSISDN identified by TCG. The diagram above shows the working of an integrated bypass fraud solution.

Benefits This integrated approach ensures that service providers are able to prevent bypass fraud and reduce fraud losses tremendously. Not only this, service providers, need not invest in separate TCG and FMS solutions but can use only a single seamlessly integrated solution which combats bypass fraud.


Sponsored feature


Mitigating Risk While Laying the Groundwork for Better Business Optimization

Network Service Providers are facing more risks and challenges today than ever before. The increasing complexity of new technologies and reality of hybrid networks are making it more difficult to manage network resources and ensure quality of service while keeping costs under control. There is also growing complexity on the business side, with new business models to support, new partner ecosystems to navigate, new services to launch and new vendors to manage.

Growth, Complexity and ChangeService providers are experiencing astounding growth in wireless data traffic, with AT&T recently indicating a 20,000% growth rate over the last five years. Smartphones and other connected devices have driven this growth, with no end in sight. BSS/OSS teams are left doing their best to manage these challenges while delivering increasingly complex services amidst the data deluge.

In order to stay competitive and support the complexity of new devices, services and content, operators are moving away from a non-differentiated and best-effort delivery mentality to a customer-centric mentality, where not only ‘volume’ of data must be managed, but also variety, velocity and value. High-value data services such as video, mobile TV, mobile apps, games, and mobile broadband consume huge amounts of bandwidth and require certain key performance indicators (KPIs) and quality of experience (QoE) metrics that are constantly being measured, monitored and enforced. Subscribers expect seamless and ubiquitous service quality across all devices, regardless of time, location or service.

Breaking down Application SilosAll these challenges create added risk, yet operators must address these challenges and additional issues such as

service quality optimization, spectrum management, roaming analytics, partner settlement, and subscriber profitability. As daunting as this may seem, each can be solved with today’s best-of-breed OSS and BSS solutions. The risk management challenge then becomes not only addressing these various issues, but ensuring that the cure doesn’t add to the complexity by creating disparate systems and silos that can’t communicate with each other.

Massive Scale Data Integration There is a mountain of data every CSP generates. Billions of real-time transactions and events, paired with historical data such as subscriber profiles and usage behavior, cost and revenue data, wholesale and roaming records, along with network information that tracks quality of service and network performance, all come together to create an incredibly valuable pool of detailed, accurate data. But sifting through the mountains of information to ‘connect the dots’ and put this data to use can bring about its own challenges.

Business Optimization In light of today’s new technologies such as 4G and LTE, service providers need to optimize wherever possible – protecting profitability while remaining agile and competitive in the face of

incredible industry growth and change. TEOCO’s solutions provide the insight and intelligence required to increase efficiencies throughout the business and network functions across your organization. From financial back office business systems such as Revenue and Cost Management, to more network-centric activities such as Routing, Network Planning, Service, Performance and Fault Management, TEOCO is focused on reducing costs, increasing efficiencies and ensuring a quality experience for your subscribers.

Added Visibility and Insight In order to gain additional value from your OSS/BSS investments, service providers must architect a solution that does more than just solve a single problem; one that reduces risk while providing valuable insight into your business, your network and your subscribers. But how do you get there?

At TEOCO, we focus on helping service providers to optimize their business across the entire organization. By understanding and providing key solutions in areas such as Network Management, Network Optimization and Service Assurance, TEOCO plays a significant role in solving many of the challenges that are plaguing service providers today. When OSS and BSS solutions are linked together through a



common source of data, however, we can create an enterprise-wide customer analytics solution that is more than the sum of its parts. Each of these key areas – network management, network optimization and service assurance, generates valuable customer and network data. TEOCO has developed a powerful analytics application that collects, correlates, and analyzes this data for use across the entire organization; the more areas of information collected, the more detailed and valuable the data. Marketing, Finance, Network and IT groups all benefit from a new level of intelligence driven by customer analytics.

A New Level of Network and Business Intelligence Service providers have evolved into the business of delivering high value content in an increasingly connected world. This demands a new level of intelligence that

yesterday’s networks didn’t require. This intelligence comes from the billions of transactions and interactions happening across your network and your business. Through powerful parallel processing capabilities and with amazing speed, TEOCO automatically captures, correlates, and analyzes these billions of bits of data - both historical and real-time, from across the business and the network. The ability to leverage this intelligence requires a system that provides a transparent, holistic view of the network - from the subscriber to the tower to the back-office.

The entire OSS/BSS ecosystem must work in unison with the highest levels of efficiency in order to both protect profitability and preserve customer loyalty. TEOCO helps you better understand your network, your customers, your business, and your bottom line.

Sources: http://vartips.com/carriers/att/att-mobile-data-volume-continues-double-annually-2062.html

About TEOCOTEOCO is the leading provider of Assurance and Analytics solutions to Communication Service Providers worldwide, optimizing network and business performance. TEOCO’s product portfolio includes:

Margin Assurance – Manage costs and revenues to understand the profitability of every interaction with customers and partners.

Service Assurance – Resolve faults, maximize performance & utilization, and improve customer experience.

Network Optimization – Optimize radio access networks to reduce costs while providing wider coverage and superior building penetration.

Customer Analytics – Combine profitability, quality of experience, and behavioral data to better understand, target and engage the subscriber base.

Since 1995, TEOCO has helped over 100 of the largest service providers around the world to manage and evolve their businesses efficiently and profitably, while enhancing the customer experience. TEOCO is widely recognized for its commitment to principled entrepreneurship, business ethics and employee ownership with a particular emphasis on its core values of alignment with employees, clients and community.

For more information about our solutions, please visit www.teoco.com, or contact [email protected]


Sponsored feature


It’s Time to Review the Revenue Assurance and Fraud Management Silos

IntroductionWithin the telecommunications industry, the definitions associated with revenue assurance (RA) processes have tended to embrace an increasingly broad range of activities and processes, sometimes encompassing fraud management, partner settlement processes, various aspects of billing and A/R, and even extending to enterprise risk management processes. RA should strictly focus on the processes associated with reducing revenue leakage within a communication service providers’ (CSPs) own technical infrastructure and business domain. This leaves open the question as to how best to define and align this with the broader complementary activities associated with fraud management (FM) and partner settlement (Interconnect, Roaming and Content settlement). For most CSPs, the management of these functions has tended to develop as separate disciplines and departments, requiring specialist skills, knowledge and processes.

Process definition itself is purely of academic interest, if new ideas cannot also translate into real efficiency gain. This is where the need for a considered alignment of RA, FM and partner settlement provides payback. Just as these business processes are becoming ever more complex, there is a need to harness developments associated with business intelligence systems to promote the possibility of multi-function revenue protection (RP) platforms. This requires integrated RP solutions harnessing and aligning data management, case management, workflows, and reporting requirements to consolidate these

separate processes within a single concept, already referred to as revenue protection.

The benefit of an RP approach is that it provides an opportunity for CSPs to consider the future direction of RA, FM and Partner Settlement. Instead of multiple entities, each with its own applications, a CSP should be able to embrace the concept of a unified RP platform, to assure and improve revenue, increase margins and provide a valuable source of information for strategy development.

Why We Need Better AlignmentThere is a clear need for better alignment between the objectives and processes associated with RA, FM and Partner Settlement. This can be demonstrated by indicating the sorts of reconciliation points between these processes:

At the network level, we would define control point’s using the signaling data and also use outputs from devices like test call generators for achieving some aspects of pro-active revenue assurance

In the retail environment, we would certainly expect to scrutinize Switch-Bill reconciliation with a major emphasis on leakages arising due to errors in the pricing or rating area: managing RA processes across both domestic and international traffic flows

In the broad area of provisioning and service fulfillment, we would look at Order-Cash reconciliation: encompassing end-to-end RA process audit and revenue flow

For roaming correlation and margin control, we might consider CDR-TAP reconciliation: monitoring roaming margins against interconnect termination rates or being able to accurately assign costs to IDD calls

For roaming reconciliation, we might consider TAP-NRTRDE reconciliation: ensuring that partial NRTRDE record data corresponds with full TAP records for roaming revenue reconciliation

It is time to re-consider the conventional silo based approach to these related processes. With broadly common objectives, RA and FM functions should be provided with a common reporting and business intelligence foundation to unify these processes. This is all the more relevant, when considering that these processes already use common source data for much of their activities.

The closer alignment between RA and FM creates a common RP platform which provides a multi-dimensional approach to the protection of domestic, as well as international revenue. Such an integrated platform provides tangible cost benefits, in terms of process alignment and efficiency gains. Reconciliation, case management and dashboards can be shared across all functions. An integrated RP approach lets RA and FM functions operate together, so that data from separate activities can be combined into a single report, dashboard or application workflow.

Integrating Revenue Protection ProcessesWith a cross-functional RP platform in place, a CSP can embrace the value of

Joseph George – Director of Fraud, Revenue Assurance and Interconnect at MACH



wholesale business optimization, giving it the ability to improve revenue, manage margins and minimize costs. To do this, involves a 4th integration point - business intelligence – which enables CSPs to go beyond standard operational reporting and dashboards, to provide detailed analytical and investigative capabilities to link and correlate RA, FM and Partner Settlement data. Within this context, analytical capabilities augment operational BI by enabling a CSP to evaluate revenue and margin flows at more discrete levels, such as by bundle, offer, product, device or partner. The next logical stage should be to model and evaluate likely combinations of services that might yield new or enhanced revenue opportunities. Following this logical progression, we now have the fundamentals for a very comprehensive business optimization platform.

The implementation of this approach ensures that all revenue protection processes are multi-dimensional, integrating the retail dimension (Domestic RA and Fraud) as well as at the wholesale

dimension (Roaming and Interconnect RA + International FM + Partner Settlement). Revenue, cost, margin and partner data can be evaluated to provide feedback for fraud analysts, finance managers, product managers and revenue assurance staff, so that specific revenue management strategies can be evaluated quickly and accurately. An integrated approach to RP ensures fast response, avoiding the typical 2 or 3 month delay in retrieving accurate data for analysis.

ConclusionRevenue Assurance (RA), Fraud Management (FM) and Partner Settlement have tended to develop in silos, each with their own processes, language and conventions. In order to achieve potential cost efficiencies, the alignment between these functions should no longer be ignored.

Linking closely aligned processes, common data and platform management activity provides optimum re-use of RA, FM and Partner Settlement data. There are common application analysis and case

management/workflow functions that are re-usable across these functions. When properly implemented, these processes should be able to graduate from a focus on post event investigations towards a more predictive and pre-emptive approach to preventing fraud, minimizing interconnect and roaming costs and ensuring all revenue is billed, at both the retail and wholesale level.

Taken to the next logical step, such a platform can become the basis for more advanced business optimization activity, and be used to identify opportunities to enhance revenue, reduce cost, eliminate fraud and maximize profitability. The main obstacles are likely to include process integration, organizational alignment, and cross-department negotiation, rather than the technology itself. While this concept might represent a significant organizational change, it represents a very real opportunity to drive further efficiencies and realize cost advantage in the alignment of retail and wholesale RA and FM processes.


Sponsored feature


Communication service providers (CSPs) have been challenged so hard and often in the last decade – by the never-ending emergence of new products and services, by the avalanche of data accumulating every second and by the sophisticated demands of customers – that only the ones who adopted the continuous process of transformation have survived. Those at the forefront of the race gained an amazing capability and agility globally and changed their focus on conquering new markets while others are struggling not to lose what they’ve got.

Most of the time the cycle of transformation is triggered by new technologies. The challenge is not finding customers to sell the technology to, but selling it to them on time. ‘Time to market’ has become a very important factor in attracting new customers, increasing the loyalty of existing ones and reducing the churn rates.

A secondary driving force for a new transformation is the lack of support for convergent products and services. As competition grows, the variety of these products and services widens. CSPs empowered by convergent product support can exploit the synergy of bundling different products and adding new partners to their sales network. Consequently, they increase their market share.

Dealing with the enormous amount of data and capturing all the details, patterns and trends, as well as the big picture, is another challenge for CSPs. Even though IT technologies claim to resolve this problem, when you look at the high level IT architecture of many businesses, the IT systems themselves

Challenging the Transform-idable with Telaura CRM Suite!

are the cause of a lot of complexity and difficulty. Some CSPs operate with hundreds of distributed systems. These fragmented systems are a burden for IT and operations departments using them. Additionally, the more time passes before transforming these systems, the more complicated things become, and so the more courage is needed to start it because the risks are higher.

This is where TM Forum’s Frameworx suite of standards comes in. Embracing the proven methods of TM Forum Frameworx is the least frustrating way of undertaking an IT transformation for both CSPs and vendors. Meeting on the same platform, software service companies and CSPs can understand each other better and work together faster. The process-driven approach of Frameworx increases reusability and assures that systems and processes can be built on in future, easing the effort needed to keep up with the fast evolution of communications today.

Etiya has been in the telecommunications business for more than 10 years and has recently developed a new complete customer relationship management (CRM) solution, the Telaura CRM Suite. It has gained a market presence quickly, with its first implementation at the biggest CSP in Turkey.

The main idea behind the development of Telaura CRM Suite was to provide simplified, standardized, end-to-end CRM processes that allow effective management at macro and micro levels. Other objectives that had an effect on the design were providing very high data visibility, keeping relational information

about the customers and providing one common interface for all different customer interactions flowing from all touch points.

Each one of Telaura CRM Suite’s 14 modules serves in its domain as outlined by the Business Process (eTOM) and Application (TAM) Frameworks, both part of TM Forum’s Frameworx suite of standards.

Product Catalog Driven Order ManagementTelaura CRM Suite is a complete end-to-end CRM solution that can handle customers, products, product catalogs and business interactions, satisfying all the business rules according to the service provider’s needs.

The bottom-up product catalog contains the definition of services, resources, products and offers, and all the relationships between them.

The order management is driven by the product catalog and captures, validates, decomposes and orchestrates the orders by accessing product definitions, providing dynamic order fulfillment for CSPs. Convergent and multi-play product support of the systems enables CSPs to deliver innovative services to their customers in the shortest time. These rules are executed by Telaura Order Management to unify and secure the order entry, and to provide assistance for customer sales representatives.

External Rule ManagementTelaura CRM Suite supports defining complicated business rules in the Rule Engine. The Rule Engine serves internal and external systems as a business rules



repository. The external Rule Engine allows the defining complex business rules via scripts which these scripts take effect immediately. Every step in the order flow is a rule execution node. The Rule Engine allows binding complex business rules regarding customers, accounts or products to these rule execution nodes. Telaura Order Management recognizes the entities involved in the rule scripts and ensures that the rules are obeyed during order process.

Smart Churn SupportTelaura CRM Suite’s intelligent churn module enables the defining of business rules to resolve complicated situations with dissatisfied customers. The system includes three step churn management, suggesting different approaches to customer sales representatives, depending on the customer’s specific circumstances. It is possible to design churn catalogs available for customers who display behaviors indicating that they may terminate their contracts. Churn management identifies the customers at high risk of doing so, so that CSPs can act to prevent it.

Low Integration CostsTelaura CRM Suite offers reliable, simple, process-centric and agile applications that are integrated with each other to provide interoperable services, allowing dynamic business processes that span organizations and platforms. Telaura service oriented architecture (SOA) enables service discovery, integration and use, allowing CSPs to overcome many distributed enterprise computing

challenges within a very short time and at low cost.

Each module in Telaura CRM Suite has been designed to be a part of the complete solution as well as to serve as a stand-alone product. Modules have been developed to work together yet they can be replaced or partially integrated into other systems with minimum effort.

Telaura Customer and Account ManagementThe Telaura Customer and Account Management system gives an overall customer-centric approach to all business driven processes.

Enriches customer experience management Manages third party relationships and common interfaces to give a real 360° customer view

Provides consistent experience across different customer interaction channels

Enhances call service representative assistance.

Telaura Product Catalog ManagementThe Telaura Product and Catalog Management System supports multi-play product portfolio and convergent product definition.

Drives fast time to market Has bottom-up constructed catalogs

to drive top-down order decomposition Eliminates manual product creation in multiple systems and avoids the products being duplicated

Provides data to analyze products’ lifecycle and performance Offers a flexible discount structure.

Telaura Campaign ManagementThe Telaura Campaign Management System ensures that campaign definition and execution processes are easy, measurable and customizable.

Offers total campaign process management Supports campaign simulation Enables campaign budget planning Supports campaign execution

Planning.

Telaura Sales and Order ManagementTelaura Sales and Order Management provides an easy-to-use interface for sales representatives, flexible and powerful configuration options for back-office users and a detailed tracking and reporting engine for senior management. To drive your sales force order, Telaura Sales Order Management, with its out-of-the-box functionalities, offers the following benefits:

Unifies order entry for convergent products Helps sales representatives up sell

and cross-sell Provides efficient order tracking and

reporting with built-in sales reports Defines complex business rules Offers Information Framework (SID)-compatible application program interfaces for external sales portals.

Telaura CRM Suite received the Most Impressive Customer Projects Award in August 2011 from Oracle with its implementation at TTNET. For more information about Etiya and Telaura please visit www.etiya.com.



Our sponsors

Subex Limited is a leading global provider of Operations and Busi-ness Support Systems (OSS/BSS) that empowers communica-tions service providers to achieve competitive advantage through Business Optimization and Service Agility – thereby enabling them to improve their operational efficiency to deliver enhanced service experiences to subscribers.

The company pioneered the concept of a Revenue Operations Center (ROC™) – a centralized approach that sustains profitable growth and financial health through coordinated operational con-trol. Subex’s product portfolio powers the ROC and its best-in-class solutions enable new service creation, operational transformation, subscriber-centric fulfillment, provisioning automation, data integ-rity management, revenue assurance, cost management, fraud management and interconnect / inter-party settlement. Subex also offers a scalable Managed Services program and has been the market leader in business optimization for three consecutive years. Subex has been awarded the Global Telecoms Business Innovation Award 2011 along with Swisscom for the industry’s first success-ful Risk Reward Sharing model for Fraud Management.

Subex’s customers include 16 of the top 20 wireless operators worldwide* and 26 of the world’s 50 biggest** telecommunica-tions service providers. The company has more than 300 installa-tions across 70 countries.*RCR Wireless list, 2010 **Forbes’ Global 2000 list, 2010

www.subex.com

TEOCO is the leading provider of Assurance, Optimization and Analytics solutions to Communication Service Providers worldwide. TEOCO’s product portfolio includes:

Margin Assurance – Manage costs and revenues to understand the profitability of every transaction.

Service Assurance – Resolve faults, maximize performance & utilization, and improve customer experience.

Network Optimization – Optimize radio access networks to reduce costs while providing wider coverage and superior building penetration.

Customer Analytics – Combine profitability, quality of experience, and behavioral data to better understand, target and engage the subscriber base.

Since 1995, TEOCO has helped over 100 of the largest service providers around the world to manage and evolve their businesses efficiently and profitably, while enhancing the customer experience. TEOCO is widely recognized for its commitment to principled entrepreneurship, business ethics and employee ownership with a particular emphasis on its core values of alignment with employees, clients and community.www.teoco.com

MACH connects and monetizes the telecoms world. It provides its more than 650 operator customers with clearing services, partner billing, messaging connectivity, mobile data services and revenue protection solutions, all integrated with a $10bn / year operator settlement capability.

MACH’s ‘M Protect’ revenue protection platform combines multiple dimensions of revenue assurance and fraud protection, addressing current and next generation fraud and revenue assurance processes, with a cost effective, integrated and flexible delivery model encompassing licensed, cloud based and managed service options. The ‘M Protect’ platform integrates domestic, international, retail and wholesale processes into a unified revenue protection architecture.www.mach.com

Founded in 2004, Etiya has been designing, developing and realizing Business&Operation Support Systems and conducting Systems Integration. Since its foundation Etiya has become the leading supplier of CRM systems in Turkey and has currently reached a volume of thousands of users and millions of customers. Our mission is to understand and meet the needs of our clients by delivering high quality value-added solutions.

In order to meet the individual needs of our clients, our experienced business analysts and system engineers deeply analyze the business processes to design unique and optimized solutions. Our qualified consultant team helps our clients to align their business processes with the eTOM Business Process Framework.

We have extensive experience in Telecommunication Business Processes, working with the biggest telecom operators in Turkey to help them define, develop and bring to market their new products and services. www.etiya.com


Visit www.tmforum.org/researchandpublications to find out more

Perspectives 2012

Perspectives is TM Forum’s annual publication for senior professionals in the world of digital services.

The theme of this year’s edition is our industry’s progress to a fully connected digital world. The digital world will impact every business sector on the planet with new business models and markets, which will bring major threats to those who fail to seize the opportunities the digital economy brings. In order to make the most of these opportunities, companies need to be smart and move fast.

With access to some of the industry’s leading lights and most sought after journalists and analysts, if you are part of the communications or related industries, whether you sit in the boardroom or stand by the water cooler, make sure that you read Perspectives 2012.

Business Intelligence Quarterly: Mobile Money: Who gets the lion’s share?

TM Forum’s Business Intelligence Quarterly explores the business transformation issues facing our industry right now. Standardized, reusable, recyclable processes and flexible systems and platforms are the key to being able to embrace new business models, launch new services fast and open up new revenue streams.

In this issue, we look at mobile money and investigate how service providers might profit. Issues covered include: new players and new technologies; regulation and mobile money; and the services on offer in developed markets.

Read the results from our benchmarking program as we assess best practices for managing a business evolution project, including project selection, impact of using standards and COTS software, managing the project and measuring its success.

Have you seen our other recent TM Forum publications? Free to TM Forum members and now available for non-members to purchase online

January 2012 | www.tmforum.org

BUSINESS INTELLIGENCE QUARTERLY

Sponsored by:

MOBILE MONEYWho gets the lion’s share?

US$1,750/Free to TM Forum members

DEFINING THE 4G MARKET

Sponsored by:

$995 USD / free to TM Forum members

QUICK INSIGHTS

2 0 1 2 | w w w . t m f o r u m . o r g

LTE PRICINGMODELS

2012/13

[t ransform] [d ig i ta l ] [business]

Reducing the risk of transformation

Show me the money – profit from new services

Innovation – finding the missing link

CREATING OUR CONNECTED WORLD

How communications are making bright ideas reality

LTE pricing models: Defining the 4G market

Two years after the first commercial LTE launches, service providers are refining their pricing, packaging and marketing plans, with notable trends emerging. This report does the hard work for you, giving you stacks of real-life examples that allow you to establish your competitors’ approach to LTE pricing and packaging.

We update you on the progress of service providers and operators worldwide, including NTT DoCoMo in Japan, Verizon Wireless in the U.S., CSL in Hong Kong, TeliaSonera in Sweden, Rogers Communication in Canada and many more, from Armenia to Uruguay.

We discover a hugely varied marketing and pricing landscape, from bundling to discounts, access to content such as music, subsidized devices, contract promotions, and differentiation through speed, price, devices and usage plans.


http://www.tmforum.org/ResearchPublications/7097/home.html

http://www.tmforum.org/ResearchPublications/7097/home.html#TRCPublications/Link48022



ENABLING INNOVATIONThe game is changing for communications service providers. Cutting costs is merely a ticket to play, not to grow. The key to growth lies with innovation – underpinned by business agility, smart partnerships and inspired creativity.

As the global industry association focused on simplifying the complexity of running a service provider’s business, TM Forum brings together a

community of more than 50,000 professionals on the cutting edge of innovation. As a unifying force for the industry, it’s time for you to join more than 750 companies across 195 countries collaborating to simplify service innovation. Visit www.tmforum.org to learn more about TM Forum membership and how we help you enable innovation.


Enterprise Risk Management

Business

Transcript of Enterprise Risk Management