Professional Documents
Culture Documents
Guidebook
GB941
Notice
Any use of this document by the recipient, other than as set forth
specifically herein, is at its own risk, and under no circumstances will
TM Forum be liable for direct or indirect damages or any costs or
losses resulting from the use of this document by the recipient.
Table of Contents
Notice ..................................................................................................................................................................2
Table of Contents ..............................................................................................................................................3
List of Figures ....................................................................................................................................................5
Executive Summary ..........................................................................................................................................6
Background ........................................................................................................................................................8
1.1 Dimensions to the RA problem ........................................................................................................9
1.2 Economical Perspective...................................................................................................................9
1.3 Different Approaches to RA .......................................................................................................... 10
1.3.1 Reactive, Active, and Proactive RA ...................................................................................... 10
1.3.2 Data Quality & Data Integrity vs. Process Improvement ..................................................... 11
1.4 Best Practices ................................................................................................................................ 11
1.5 RA Maturity Model ......................................................................................................................... 12
2 RA NGOSS, eTOM and SID .................................................................................................................... 16
2.1 NGOSS .......................................................................................................................................... 17
2.2 The eTOM...................................................................................................................................... 18
2.3 The SID .......................................................................................................................................... 18
2.4 The proposal .................................................................................................................................. 19
3 Revenue Assurance and Fraud ................................................................................................................ 22
3.1 Introduction .................................................................................................................................... 22
3.2 Revenue Leakage Differentiating Fraud and Revenue Assurance Issues ............................. 22
3.2.1 Case 1 .................................................................................................................................... 23
3.2.2 Case 2 .................................................................................................................................... 24
3.2.3 Case 3 .................................................................................................................................... 24
3.2.4 Case 4 .................................................................................................................................... 24
3.3 Relationship between Fraud and Revenue Assurance............................................................... 24
3.3.1 Collaboration for multi-dimensional leakage: ....................................................................... 25
3.4 Recommendations for a Collaborative Approach ........................................................................ 26
3.4.1 Collaboration Components ................................................................................................... 26
3.4.2 Key Benefits of a collaborative approach ............................................................................. 28
4 Revenue Assurance and Regulation ....................................................................................................... 29
4.1 Sarbanes Oxley ............................................................................................................................. 29
4.1.1 Relevant Sections of SOX .................................................................................................... 29
4.1.2 Interplay between SOX and Revenue Assurance ............................................................... 30
4.1.3 Linkage between SOX and eTOM processes ..................................................................... 32
4.1.4 Key Requirements for Revenue Assurance Activities to Enable SOX Compliance .......... 32
4.1.5 Illustrations of Interplay between SOX and Revenue Assurance ....................................... 34
4.1.6 Benefits for SOX Compliance Derived from Revenue Assurance ..................................... 34
4.2 Europe & UK specific linkages...................................................................................................... 34
4.2.1 Introduction: ........................................................................................................................... 34
4.2.2 Implementation of the new European regulatory framework .............................................. 35
4.2.3 Scope, Aims and Definitions ................................................................................................. 35
4.2.4 Structure - National Regulatory Authorities .......................................................................... 36
4.2.5 Obligations and Tasks of National Regulatory Authorities .................................................. 36
List of Figures
Executive Summary
In the context of Revenue Assurance - the main question for any business is how
much leakage is acceptable and how to improve the operations and systems that will
minimize those leakages. An effective RA process must ensure the integrity and
synchronization of both data and processes across all the disparate systems and the
network itself, in order to sustain operational and financial efficiency. RA provides
analysis of the relationship between network resources, services, customers, and
generated revenue, and enables the CSP not only to detect revenue leakage (e.g.
un-billed customers, mis-billed customers), stranded assets, and operational
inefficiencies, but also to understand the reasons for these undesired occurrences.
This Guidebook originates from TMF Revenue Assurance Technical Report 131, a
technical report on RA issued by TMF in 2004, and leads the reader through different
facets of RA, collecting the experiences of various professionals.
In particular, the Guidebook deals with the following topics, each one covered in a
separate chapter:
SID and eTOM models support for RA, according to the recent proposal of
TMF Modeling team to integrate RA into the SID and eTOM
In conclusion, a technical Appendix introduces the reader to the Telecom Fraud topic,
ending with taxonomy of possible frauds.
A background section follows, to briefly highlight some the key aspects of TMF
TR131 which may be considered a starting point for this work: Traditional RA
approaches, drip tray model, RA maturity model, and RA best practices.
Background
The above factors, coupled with the tumultuous economic climate that started with
the slowdown in 2001 and the revitalization in 2004-5 and the current regulatory
environment, provide evidence and compelling need for RA in more and more CSPs.
This need, in turn, together with the acknowledgement of the strategic significance of
RA for CSPs, resulted in the formation of organizational units to ensure the accuracy
of financial reporting and revenue recognition. Given increased regulatory and
competitive pressure and in order to remain competitive and profitable, CSPs are
continuingly restructuring their organizations according to new business targets and
priorities. These structural change and the response to market conditions suggest the
benefits of the acceptance of a holistic RA process to optimize the business process,
the usage of existing assets, the data integrity and as a result - maximizing revenues
and in parallel - reducing costs and increase profitability.
Up to 2004 no CSP emerged as credible industry leader, nor was a unique definition
available to comfortably align RA practitioners from different business domains. This
situation may be understood since RA evolved from several organizational units
(Finance Control, Network Operations, Fraud Management, Billing Operations, etc.)
each of which has a different perspective, approach to RA and own priorities.
For the revenue stream in the usage-based billing environment (i.e. billing that is
based upon data volume, duration of sessions, etc.), a comprehensive analysis of the
entire process from capturing and recording a billable event through billing, cash
collection, accounting and revenue recognition is required. One example of an
approach used by a CSP offering voice telephony services is to compare the
networks CDRs (Call Detail Records) to SS#7 events to verify the proper ratio of
CDRs to SS#7 events. An alternative technique uses test calls that are generated
either manually or automatically, to compare the generated CDRs to the record of the
event from the subscribers perspective.
For event-based charges (SMS, MMS, etc.) the tariff structure could be regarded as
even simpler and requiring only reconciliation. Some providers tend to tie such
charges to those of content delivery service (video, music, etc.), which include quality
of service related attributes; this requires much stricter controls to be performed.
There are other dimensions to the problem such as pre-paid and post-paid issues,
wholesale and retail differences, and so on. Each one requires particular care and
may even require a distinct approach, since the type of service or targeted customer
segment influences choice of methods and priorities for the CSPs RA program.
Assessing costs and benefits is a required first step prior to introducing new often-
complex projects within a business. This is also the case for an RA initiative. To
address this issue, TR131 includes a detailed discussion of the outcomes of a real life
example of a cost-benefit analysis performed by an operator.
The analysis uses a drip tray model; a common metaphor used in describing the
affect of errors in processing charges, a term commonly referred to as leakage. The
metaphor is appropriate as the loss of water from a pipe exhibits similar properties to
the loss or corruption of data as it is processed from one system to the next.
The amount of water lost by the pipe could be measured by comparing the amount
that goes into one end of the pipe against the amount that comes out of the other end
of it. Though simplistic, the comparison of ins and outs lies at the heart of activities
intended to monitor, diagnose, prevent and measure the extent of error.
In Out
Some drip trays will lead to the capture of errors, some will lead to their capture and
resolution. Capturing errors without resolution means that errors are measured but
still take place. Capturing and resolving errors means measurement of errors that
would have gone unresolved without the drip tray. A drip tray that captures errors
without leading to resolution has a cost, but no clear attributable economic benefit.
The analysis indicates the benefits of an effective and on-going RA strategy greatly
outweigh the costs associated with the project and the operation.
Using the following definitions for different styles of revenue assurance initiatives
Reactive doing something as a response to existing leakages, for example a project to
identify and resolve the causes of actual revenue loss;
Active doing something to address problems as they occur, for example by monitoring
of problems in real-time. This approach is designed to initiate corrective responses
prior to any revenue loss takes place;
Proactive - acting in anticipation, by implementing controls and other measures to prevent
problems from occurring
In general, the reduction in time required to respond to a problem is the basis for the
shift from reactive to active RA. The goal is to anticipate what can go wrong and
prevent it. This pre-emptive approach is the basis for proactive RA.
controls help preventing the problems from occurring in advance and normally do so
by being addressed in the design and deployment phases. That said, it is a bad
practice to rely only on Proactive controls since, as a result of the significant
complexity of the operations and business systems and processes of a CSP, some
problems may not be able to be detected proactively
An approach pursuing Data Quality & Data Integrity focuses on improving the quality
of data to ensure accuracy of revenue. This normally involves the extraction of data,
from one or a number of systems and/or the consistency validation of the data when
moving from network to billing.
In this type of audit style approach, RA tends to identify where potential areas of risk
exposure might exist: within system functionality, handoff between systems, as well
as supporting business processes and interaction between the processes and
systems.
Both approaches are complementary and we recommend combining them. There are
RA problems that will be detected only by one of the previously mentioned
techniques. For example, an automated provisioning process that generates many
errors and needs human intervention, may end with successful provisioning and
complete data integrity, but cause revenue leakages (the customer will start to use
the product later) and subsequently increase the CSPs costs (the cost of the human
intervention). This problem will be detected only by using Process Improvement
techniques and not by Data Integrity techniques.
Best practices have been constituted to ensure that comprehensive strategies include
network element configuration data, OSS service activation data, usage data,
mediation rules, and customer account data from order entry, billing and CRM.
Best practice in RA represents a dynamic striving for optimization rather than the
static delivery of a particular series of methods, controls and tools. RA best practice
itself shall be subject to perpetual review and shall not be considered as a static
process.
carried out. eTOM and SID, to some degree inherently provide for improved benefits
of technology integration that reduce some, but not all of the potential fallout
associated with technology components that do not interface without a global
standards adoption.
TMF Revenue Assurance Technical Report 131 (TR131) also sets forth five
successive stages that characterize the RA level of maturity within a CSP. Not only
does this scale give CSPs a benchmark to measure their progress against other
CSPs, but it also lays out a road map for other RA operations.
Five steps of maturity have been identified, with the fifth step an ideal to be reached.
Initial, when no RA process has been established and only arbitrary ad hoc reactions to
circumstances;
Repeatable, when RA processes are developed at the level of individual projects,
products and implementations. Flaws are identified and remedial action is taken.
Defined, when RA processes are developed for the whole organization. Organizational
priorities for revenue assurance are understood and guide proactive deployment of
resources.
Managed, when RA processes provide consistent quantitative measures. Measures
drive planning and control.
Optimized, when the measures, planning and controls implemented in order to improve
the business themselves become the subject of continual improvement.
Five distinct aspects have been identified to help assess the RA maturity level of a
business:
Organization aspect of RA responsibilities reflects how well the objectives of individual
staff and of the business as a whole are aligned with the goals of revenue assurance.
People that are dedicated only to revenue assurance or provide secondary support.
The influence of RA knowledge over the company refers to the ability to proactively
instigate, manage and deliver change.
The effectiveness of design and implementation, the synergy use of different tools to
meet multiple business objectives.
The improvement of company processes, including RA, which is itself a process that
should be improved over time.
The economic benefits of following a defined RA process gradually take shape as a
company moves up the maturity ladder. In the first few stages of maturity, there is low
hanging fruit - economic benefits that are easy to identify and provide an immediate
return. These benefits are realized by finding discrepancies in data that directly
impact billable and collectable revenues. Although the benefits from resolution of
these problems continue to exist, CSPs can see significant economic improvements
when they focus on process improvement. At this level, usually in the managed stage
and above, a CSP can prevent a less than optimal business process from evolving
and thus take its revenue assurance activity to the higher level of maturity, producing
more profound, long term results.
The level of economic benefit that a CSP can realize goes hand in hand with its RA
maturity as defined by TR131. There are no shortcuts in this process. An organization
must go through these stages to build the required level of trust that will allow it to
maximize the benefits of a full and effective revenue assurance process.
Current RA Trends
The process of RA maturation within an individual service provider is a response not only to the
growth of internal RA experience and expertise, but also reflects the influence of a number of
external macro- and micro-development factors on the perceived RA needs of the business
and the prioritization of RA activities. These external drivers also evolve over time. The primary
categories are as follows:
Macro-economic: the overall state of local and global economies and their impact on
business confidence.
Commercial: the need to increase revenues/margins and lower costs; competitive
pressures.
Industry Regulation: the development of industry-specific regulatory initiatives, ranging
from the general, such as liberalization and privatization in developing markets, to the
specific, such as OFCOMs OTR003 in the UK which requires service providers to
demonstrate metering and billing accuracy with potentially stringent penalties for non-
compliance.
Corporate Governance & Fiscal Legislation: most notably the Sarbanes- Oxley Act in the
US and the EUs 8th Directive, introduced to restore public faith and transparency in
the governance, internal controls and audited financial statements of public
companies. (See section 5 ff)
The initial surge of interest in RA coincided with the worsening economic conditions in
developed markets experienced by the high technology sector including the
telecoms industry at the start of the century. Cyclical economic factors are now
improving and causing a concomitant change in the corporate mindset from
accountancy-led back to entrepreneurial-led. There is now some evidence that the
role of mature RA is being asked to change in response, and the Maturity Model
(see section 1.7) may need to be amended to accommodate this.
highlighted the fact that compliance is now a bigger driver for IT initiatives than ROI,
this reprioritization is, again, not unexpected. However, there are some key
differences between RA and Internal Audit drivers. Whilst demonstrating the accuracy
and completeness of financial reporting is of high relevance to RA, the primary goal
has historically been to satisfy commercial imperatives increasing revenues and
margins whilst reducing costs and these are not key compliance targets.
RA is maintaining input into planning processes, but primarily with a focus on cost
management slant. Typically in such cases, RA expertise in being targeted at tactical
than strategic objectives.
These changes are not necessarily in the best interests of either the evolution of
effective RA or for the broader benefit of service providers looking to ensure cost
effective operations for new generation services.
As RA has increased its influence, and through the necessary efforts of groups such
as the TM Forums RA Working Group and Catalyst projects, the knowledge and
expertise of the RA practitioners is beginning to be standardized into a core RA
process methodology that can be applied across all business units to uncover,
recover and inhibit revenue leakages from a wide variety of different systems,
processes and circumstances. This is critical for the benefit of the entire telecoms
industry, and can provide a critical bridging of operational and business (financial)
processes. However, the business value of RA is engendered in people whether in
an internal RA team or external consultants and not solely in formularized process.
Revenue Assurance is not yet part of the NGOSS eTOM (enhanced Telecom
Operations Map) and SID (Shared Information and Data) paradigms. The
TeleManagement Forums Revenue Assurance modeling team submitted a proposal
about the integration of RA with the SID and eTOM. This proposal is under review,
and our expectation is that it will be accepted with minor changes in the next few
months. In this document, we present the highlights of the proposition.
The eTOM Business Process Framework serves as the blueprint for process
direction and the starting point for development and integration of Business and
Operations Support Systems (BSS and OSS respectively). The SID, as the NGOSS
information model, provides an information/data reference model and a common
information/data vocabulary from a business as well as a systems perspective. Using
the SID in combination with the eTOM business process and activity descriptions, it
becomes possible to create a bridge between the business and Information
Technology groups within an organization, providing definitions that are
understandable by the business, but are also rigorous enough to be used for software
development. The integration of RA into the eTOM and SID will greatly impact the
standardization of RA, permitting service providers, system integrators, and vendors,
to implement RA in a canonical way, reducing costs, and ensuring interoperability
between systems and processes.
For the sake of the RA practitioners who may not be familiar with the NGOSS, eTOM
and SID framework, we first provide a short introduction to NGOSS, eTOM and SID.
2.1 NGOSS
The Enhanced Telecom Operations Map (eTOM) is the ongoing TM Forum initiative
to deliver a business process model or framework for use by service providers and
others within the telecommunications industry. The TM Forum eTOM describes all
the enterprise processes required by a service provider and analyzes them to
different levels of detail according to their significance and priority for the business.
For companies adopting eTOM, it serves as the blueprint for process direction and
provides a neutral reference point for internal process reengineering needs,
partnerships, alliances, and general working agreements with other providers. For
suppliers, eTOM outlines potential boundaries of software components to align with
the customers' needs and highlights the required functions, inputs, and outputs that
must be supported by products.
The SID provides the common language for communicating the concerns of the four
major groups of constituents represented by the four NGOSS Views: Business,
System, Implementation and Deployment, defined in the NGOSS Lifecycle. Used in
combination with the eTOM business process and activity descriptions, SID makes it
possible to create a bridge between the business and Information Technology groups
within an organization, providing definitions that are understandable by the business,
but are also rigorous enough to be used for software development.
In order to integrate Revenue Assurance into the NGOSS framework, and to gain all
the benefits of this framework, RA must be integrated at least into the Enhanced
Telecom Operations Map (eTOM), which defines the business processes in the
telecommunications industry, and into the Shared Information/Data Model (SID). The
integration of RA into the eTOM permits telecommunications operators to have a
better understanding of the function of RA at the operational level and to comprehend
the interactions between RA and other processes. The integration into the SID allows
identifying the common data/information model that should be followed by RA
solutions, permitting structured and easy integration between RA solutions, and
between RA solutions and other entities in the telecommunications operational map
The TMF RA modeling team made a detailed proposal of integration of RA into the
SID and eTOM. Below is a high-level description of this proposal. The reader should
keep in mind that this description is neither detailed nor exhaustive, and that
exactitude was sacrificed for simplicity.
Revenue Assurance
RA Control RA Trouble Ticket RA Assessment
RA KPI RA Action_Response
RA Objective
RA Violation
The Revenue Assurance Control ABE defines policy-based rules that represent the
logical definition of comparisons performed on entities to identify Revenue
Assurance Violations. For example a Revenue Assurance Control may compare
pre mediation and post mediation call details records (CDRs) to identify improperly
dropped CDRs, i.e. Revenue Assurance Violations
Revenue Assurance Objectives are targets whose infringement may trigger the
creation of Revenue Assurance Trouble Tickets. Examples of Revenue
Assurance Objective are that the value of the Revenue Assurance KPI that
counted the number of dropped CDRs is lower than 50,000, or that the trend of this
value over a period of time is negative (the number of violations is dropping). When
one or several Revenue Assurance Objectives are violated, a Revenue
Assurance Trouble Tickets may be issued. For example if the number of dropped
CDRs is higher than 50,000 a Revenue Assurance Trouble Ticket may be issued
and assigned to someone, to check the cause of the problem, and to try to recycle
the dropped CDRs. Revenue Assurance Trouble Tickets may be created as a
result of the infringement of one or more Revenue Assurance Objectives, or as a
result of the finding one or more Revenue Assurance Violations.
The RA ABEs proposed are based on existing SID ABEs, for example the Revenue
Assurance Trouble Tickets is defined using the already existing SID ABE of
TroubleTicket, and the Revenue Assurance actions/responses is defined using
the already existing SID ABE of Activity.
Revenue Assurance (RA) business entities support the complete RA lifecycle. These
processes range from creating RA controls, KPIs and RA objectives, identifying RA
violations and trouble tickets, resolving trouble tickets to assessing an enterprises RA
program. RA eTOM processes are shown in Figure RA.5.
3.1 Introduction
Traditionally, most CSPs identified fraud management as a priority in the early days
of operations. The early focus and implementation of systems contributed to the
development and maturity of fraud management practices and systems. Although
there is a clear relationship between fraud management and revenue assurance,
fraud management has evolved as a separate function, often under different
department and sponsorship within the organization. Industry-wide, there is
consistency in the approach and system functionalities for fraud management.
However, revenue assurance is still an immature activity for many CSPs. Revenue
assurance activities in most of the CSPs are independent of their fraud management
practices. As new issues and systems come into place, there is an increasing need to
look at both fraud management and revenue assurance together due to the nature of
the leakages and the solutions and practices to identify these.
Revenue leakage in any CSPs operations can be grouped into three categories,
namely, Fraud, Revenue Assurance and Bad Debt. Revenue Assurance problems
are mainly due to the operational inefficiency in the systems or processes. Fraud
represents the deliberate intention to avoid payment and Bad Debt is the combination
of un-intentionable and intentionable revenue loss.
An example of this segmentation is a new bundle offer from an operator may cause
leakage due to illegal use of services and network or non-payment of the dues by the
customer. Other leakages such as the customer not being billed properly as in the
case of under billing or over-billing and issues such as the order not being provisioned
are due to inefficiency in the system.
Illegal use of services & Customer not billed correctly Customer does not pay
network Under-Billing = Lost Revenue
Customer does not pay Over-Billing = Customer Churn
Order not provisioned
It may not be possible to have a clear segmentation and resolution for the following
reasons:
Differentiating factor is very thin: The root cause of fraud and revenue assurance can be
the same. Intent and root cause are the differentiating factors. Incorrect provisioning
of service at the switch without provisioning at the billing system causes revenue
leakage, as the service usage cannot be billed for. The root cause could be a shortfall
of the provisioning process or an intentionally performed activity. In the former case,
this is a revenue assurance problem and in the latter case, it is an internal fraud.
In case of most of the problems, since the data analyzed is the same, it would be
reflected on multiple tools and systems. This trend is likely to continue and become
more significant in case of IP and event records.
3.2.1 Case 1
Service is not provisioned for a particular subscriber in the billing system, but the
subscriber is using the service. The subscriber is provisioned in the network element.
This scenario can be interpreted in the following way:
The subscriber has been illegally provisioned in the network element
The subscriber was genuine, but because of a process error or error in provisioning
system, only network element was provisioned.
3.2.2 Case 2
3.2.3 Case 3
A sudden increase in traffic is detected from a trunk configured for national calls from
an interconnect operator. This scenario can be interpreted as:
Incorrect trunk configuration causing other traffic (such as international traffic) to be
routed through the trunk;
A third company is illegally routing its calls through the trunk using devices such as
gateway SIMs
There is a genuine increase in traffic. This calls for a renegotiation of the existing
contracts and tariffs.
3.2.4 Case 4
As a part of new product development and testing, a CSP provisioned mobile phones
and services for field-testing. This testing included quality of service and network
coverage testing.
At the end of the testing period, the majority of the phones were not
returned but services on them were left activated due to a process error.
After the launch of the new service, fraudsters gained access to these test
phones and used them for illegal call selling, causing significant losses.
As illustrated by the above cases, there is a need to look at each issue identified by
fraud management or revenue assurance systems in multiple perspectives.
It is usually possible to detect the leakage and identify the cause area. However, it is
difficult to find out the root cause (such as intent or process error) without taking a
holistic view of the issue;
It is possible that a revenue assurance problem, such as scenario defined in case 4 can
easily pave the way for fraud to be committed on the network. The revenue
assurance problem, if not corrected with a holistic view, can provide loopholes for
fraudsters to attack the network. Identification of the relationship and its effects is
critical for choosing the correct resolution and prevention methodology.
Certain internal frauds are likely to be detected by the revenue assurance system first.
Unless the exact cause and intent of the problem is identified, it may not be possible
to prevent the issue from reappearing. If treated as a revenue assurance problem
alone, it is likely to be used in a different manner by the fraudster to exploit the
loopholes. Therefore, the issue requires analysis by both revenue assurance as well
as fraud management systems.
Time for resolution of issues is critical. For faster resolution of certain problems detected
by one of the functions, it may be necessary that the information be passed on to the
other relevant function at the earliest opportunity. A collaborative approach facilitates
transfer and early action on such issues.
To analyze and resolve revenue leakage issues at a holistic level and in many cases
evolve revenue generation opportunities out of this effort, it is important to adopt a
collaborative approach to revenue assurance. We recommend collaboration between
Revenue Assurance and Fraud Management at three levels: the team level, the
process level, and the tool level. In many cases, such collaboration permits analysis
and resolution of revenue leakage at a holistic level that would be missed otherwise.
Similarly our recommendation is to use tools and processes for RA and Fraud that
permit sharing data, KPIs, case management, dashboards and reports. However, we
do not necessarily recommend using the same tool or process for revenue assurance
and fraud (additionally, we do not necessarily recommend to use of the same tool for
all revenue assurance tasks, we recommend rather to use the best of breed). Our
recommendations are explained in the following sections.
Cross-fertilization of information;
Faster communication of issues and detected discrepancies;
Faster handover of issues between the teams;
Faster identification of key issues and information
3.4.1.1.2 Challenges in collaboration between revenue assurance and fraud
management teams are:
In many CSPs, Fraud and Revenue Assurance teams exist as different departments and
may even have different executive sponsors. There may be a need to change
existing organizational structures or define structures that allow effective exchange of
information.
3.4.1.2 Process
Streamlined activities that facilitate faster resolution of issues, especially for cross-
functional issues;
Reduce redundant processes.
3.4.1.2.2 Challenges brought about by process integration are:
3.4.1.3 Tools
Fraud Management and Revenue Assurance tools can be integrated at two levels
Data Management layer and Business layer.
At the data management layer, the systems use the same data processing and storage
for the interfaces that are commonly used by both. Integration of tools can provide in
significant operational expenditure and infrastructure savings for the CSP.
At the business layer, the integration involves common alarms, workflow, reporting and
presentation. This allows users to share and collaborate effectively. Automation helps
in faster issue communication and resolution, provided appropriate processes are set
up and issues are summarized correctly.
3.4.1.3.1 Advantages of integration of tools:
Integrated platform that can address both revenue assurance and fraud management
issues;
Modes of operation of fraud management tool and revenue assurance tools are typically
different. Due to the nature of the problem, its perceived impact on the business and
economic considerations, fraud management tools are typically real-time systems
whereas RA tools generally work in a batch-processing mode.
Standard interfaces for tools to collaborate.
The discipline of Revenue Assurance by its nature addresses a number of topics that
are subject to a variety of international and statutory regulations.
Diverse regulations, each having its unique focus, can be aligned into two major
groups of industry-neutral, and industry-specific regulations. Examples of the former
include European Unions 8th Directive and the Sarbanes-Oxley Act (SOX), which is
often considered the most significant and illustrative regulation with respect to its
rigorous compliance rules. Examples of the latter group, with regard to
telecommunication industry, include a wide range of guidelines and standards,
covering billing accuracy, network and service availability, settlements between
CSPs, customer relationship management, privacy of customer data, revenue
booking and recognition and many other telecom issues.
The objective of this chapter is to provide an overview and guidance on some of the
regulatory requirements that could be partly or fully addressed by a comprehensive
Revenue Assurance function.
The Sarbanes Oxley Act of 2002 was enacted largely in response to a number of
major corporate and accounting scandals involving some of the most prominent
companies in the Unites States. These scandals have resulted in loss of public trust
in reporting practices and corporate accounting. The objective of the SOX Act is to
restore investor confidence in public markets and enhance penalties for corporate
wrongdoing. The SOX Act has entitled the PCAOB (Public Company Accounting
Oversight Board) to oversee compliance with relevant provisions of the Act.
Presenting Conclusions
Fraud, Deficiencies & Significant changes in the Disclosure Controls should be disclosed
Section 404 Internal Controls
Management accepts responsibility for establishing & maintaining Internal Controls
Management is responsible for assessing the effectiveness of Internal Controls
External Auditor attests managements assessment of Internal Control
Key elements of NGOSS framework, namely eTOM and SID, referred to in the
Chapter 2 of this Guidebook, could be successfully used as an efficient basis for the
development of diverse risk management functions, including Revenue Assurance,
Regulatory Compliance and others. This idea is illustrated by the below diagram:
Revenue
Assurance
IT
Governance
Regulation
Compliance
Internal
Business Audit
Risk
Management
Revenue Assurance: data quality and process improvement aimed at prevention and
management of revenue leakages or instances of fraud, caused by subscriber,
external party or a Companys employee.
SOX Compliance: maintenance and enhancement of an adequate system of internal
controls over financial reporting through the period of compliance.
Internal Audit: independent assurance of compliance with Companys internal policies
and procedures.
Business Risk Management: alignment of risk management with strategy, people,
business processes and related technology.
IT Governance: alignment of IT processes with business requirements to meet
organizational objectives.
Linkage between Revenue Assurance and SOX can be realized at Level 2 of eTOM.
Figure 8 below represents processes in Operations area that are subject to SOX
compliance in terms of internal control for financial reporting that could be considered
part of Enterprise Risk Management or Stakeholders & External Relations
Management at Level 2 within Enterprise Management area.
4.1.4 Key Requirements for Revenue Assurance Activities to Enable SOX Compliance
From SOX perspective, any Control Framework developed within the Company
should explicitly show the following sections:
Monitoring
Information and Communication
Control Activities
Risk Assessment
Control Environment
The above layers are defined by COSO (The Committee of Sponsoring Organizations of the
Treadway Commission) integrated control framework that is adopted by PCAOB (Public
Company Accounting Oversight Board) as the most relevant for use from compliance
perspective. COSO is a voluntary private sector organization dedicated to the improvement of
the quality of financial reporting through business ethics, effective internal controls, and
corporate governance. COSO was originally formed in 1985 to sponsor the National
Commission on Fraudulent Financial Reporting, an independent private sector initiative that
studied the causal factors that can lead to fraudulent financial reporting, and developed
recommendations for public companies and their independent auditors, for the SEC and
other regulators, and for educational institutions.
Control Environment encompasses the tone of an organization, and sets the basis for how
risk is viewed and addressed by an entitys people. This includes risk management
philosophy and risk appetite, integrity and ethical values, and the environment in which they
operate.
Risk Assessment includes risk analysis, assessment of a risks likelihood and potential
impact, as a basis for determination how those risks should be managed. Risks are assessed
on an inherent and a residual basis.
Control Activities represent policies and procedures that, when established and implemented,
help to ensure that responses to risks are effectively carried out.
Information and Communication ensures that relevant information is identified, captured, and
communicated in a form and timeframe that enable people to carry out their responsibilities.
Effective communication also occurs in a broader sense, flowing down, across, and up the
entity.
Monitoring ensures that internal controls are monitored and modified as necessary.
Monitoring is accomplished through ongoing management activities, separate evaluations, or
both.
An integrated Revenue Assurance function could provide facilitation for the following sample
list of control objectives mandated for telecom operators by the Sarbanes Oxley legislation:
Ensure that all collected events are processed according to established filtering rules.
Ensure that duplicated records are identified, labeled and analyzed.
Ensure that Customer information items stored in different internal data sources are
synchronized or regularly reconciled.
Ensure that all payments made and received for telecom services are properly allocated
to Customer or Service Partner accounts within proper period.
Ensure that external Customer information is regularly verified against internal customer
information.
Ensure that usage records are obtained from each Service Partner and reconciled with
internal records whenever applicable to verify accuracy of Service Partner invoice.
Ensure that all billable usage records from Service Partner are processed and billed
according to the billing rules consistent with existing contracts.
Ensure accuracy of service fees and charges classification to enable proper matching of
revenues and expenses.
4.2.1 Introduction:
It should be noted at the onset that within Europe the European Parliament and
Council provide directions and guidelines around the Regulatory Framework. The
The European Parliament and Council set a legal deadline of 24 July 2003 for the
transposition of the main provisions of a new framework.
4.2.4.1 Independence
At national level effective mechanisms must allow any user or undertaking providing
electronic communications networks or services the right of appeal to an independent
appeal body in the event of any disputes with a national regulatory authority.
Member States must ensure that national regulatory authorities exercise their powers
impartially and transparently. They must also ensure that the national regulatory
authorities make arrangements for consultation of the interested parties if they intend
to take measures, which could have a significant impact on the market.
Ensuring that users derive maximum benefit in terms of choice, price and quality;
Encouraging investment in infrastructure and promoting innovation;
Encouraging efficient use and management of radio frequencies and numbering
resources.
The national regulatory authorities must also contribute to development of the internal
market by, inter alia:
Encouraging the establishment and development of trans-European networks and the
interoperability of pan-European services;
Ensuring that there is no discrimination in the treatment of undertakings providing
electronic communications networks and services;
Cooperating with each other and with the European Commission to ensure the
development of consistent regulatory practice and consistent application of the new
regulatory framework for the telecommunications sector.
The final task of the national regulatory authorities is to promote the interests of the
citizens of Europe by, inter alia:
Ensuring that all citizens have access to a universal service, as specified in Directive;
Ensuring the availability of simple and inexpensive dispute resolution procedures;
Contributing to ensuring a high level of protection of personal data and privacy (Directive
on Privacy and Electronic Communications.)
Taking this fact into consideration there is a need to map an Organizations Revenue
Assurance functions to its obligations towards the Telecom Regulatory Requirements.
In every new market and technology, the challenges increase exponentially. Careful
attention to the impact on the operational infrastructure and processes is required for
CSPs to realize the potential profits that this market offers.
This section of the Guidebook addresses three main challenges. We offer general
strategies to overcome the challenges to realize the profits that this new breed of
services can bring in for the CPSs.
5.1 Challenges
Under the old value chain, CSPs owned the network, OSS/BSS systems and owned the
bilateral relationship with the customers. Consequently, network operators had
complete control of services offered to the customers. Figure 4 describes
schematically the old value chain for network operators. As long as network operators
effectively controlled their infrastructure (OSS/BSS) from process and data integrity
perspective, they were covered from a revenue assurance perspective.
One of the challenges that become evident with this value chain is the emergence
of new business model called the revenue-sharing arrangement. Based on the
role and responsibilities a CSP takes, and on who else is involved in the value
chain, the CSP has to develop a robust settlement process to accurately bill and
settle with the various parties in the value chain including the end user.
Another challenge with this new value chain is the level of control that the CSP
can exercise over the content and advanced services and over the customer
experience for the service. By level of control we mean control over service setup,
sales, provisioning, and fulfillment processes that now involve many parties, as
well as effective control and availability of accurate data from those involved
parties.
The other challenge is that the new value chain relies on multiple parties
to provide critical information to enable the CSP to formulate the event
record. The CSP faces the daunting task of assembling information from
all these parties, a task that poses a great source of process and data
integrity challenges.
This new way is in sharp contrast with traditional voice service, in which a call detail
record generated by switch has been the main source of information for the rest of
downstream OSS/BSS systems.
To offer the content and advanced services, CSPs has to set up its billing system to use the
complex set of rules and maintain the transient data for rating, taxing and billing, data that
may have been obtained from external sources. There are new attributes for quality of service
(QoS), complete versus incomplete transactions, bandwidth used, time of the day, level of
service (e.g. silver, gold, etc.), multi-party discount and multi product discounts. Configuration
issues, data availability and compatibility, and the need to handle multiple and complex
methods for rating and billing pose data and process integrity challenges for CSPs, especially
if their systems were not designed to handle such complex processing. Billing On Behalf Of
(BOBO), revenue sharing arrangements, display of events, activities and charges accurately
on the bill are key challenges that require exceptional revenue assurance controls to
maximize the revenue from the content and advanced services.
To highlight the complexity of the new value chain, lets take a simple scenario in which a
consumer has downloaded content. This simple business transaction requires careful
process and data integrity considerations to meet the demands of the new world. The
following questions illustrate the types of processing requirements, to be taken into
consideration to avoid the process and data integrity issues with the advent of content and
advanced services.
How does a content provider get paid for download attemptseven those that werent
successful?
Is there a re-attempt time frame, perhaps a window of one to four hours?
Is the customer entitled to download one instance of content again with any re-attempts
not to be rated?
Also, if subscribers purchase content, how long do they own it? And, as subscribers
change their handsets, how do you migrate the content from one handset to another?
What are the digital rights to the content in this instance? Is the subscriber eligible to
share the content with other subscribers under the same account (family members,
for example)?
The significance of errors in processing of content and advanced services transactions and
sessions has magnified potential loss due to error for network operators.
In this new value chain, an event transaction or session has replaced the CDR processing. It
means that accessing a mobile content offered by trusted third party is considered totally
different from making a simple voice call. The user activities in such a transaction could
spawn a set of multiple interactions and multiple dependencies with a number of third parties
such as ring tone and device wallpaper vendors, chat rooms, music and video content and
MMS providers each of which has to be accurately billed, with a portion of each payment
being shared with the owner of the content or service.
Suddenly the CSPs find themselves vulnerable for far more than just the cost of a voice call
in the event of billing errors. Error management becomes very complex and may involve
resolution of errors by multiple parties.
5.1.4 Challenge #4: Complex payment arrangements and revenue stream bypass
As part of the content value chain (e.g. content developers, content aggregators and content
distributors) may be independent of the CSPs and thus may offer their services and products
to more than one CSP in parallel, and get to the end customer in more than one way, there
may be a situation in which the end customer pays directly to the content vendors for the
content itself. The payment for the content delivery may be done directly to the CSP by the
end customer, or through the content vendor / aggregator. This is a whole new concept for
CSPs and it actually reduces the control that the CSPs have over the revenue stream, hence
increases the risk for revenue leakages.
This new environment offers many options to all players and to the customers in selecting the
payment arrangements and settlement agreements. The CSPs, and all players in the value
chain must determine their business strategy and goals. All in the chain are interdependent
for the production and delivery of the product. For payment and settlements, each must have
arrangements with the value chain members and the customer. Scenarios might include:
CSP handles all functions for the value chain. CSPs have some expertise and offers
to handle the payment (they know the customer), be the clearing house for the value
chain settlements (they have expertise with interconnections).
The value chain uses an outsourced payment and settlements clearing houses (bank
or Credit Card Company).
This is a whole new concept for CSPs and it reduces the control that the CSPs have over the
revenue stream, hence increase the risk for revenue leakages.
Define a New Services Launch Process for revenue impact assessment. This process
needs to be examined closely and testing of the launch process needs to be
evaluated from distribution of content and revenue recognition perspective.
Do not assume that legacy infrastructure would be sufficient to address the evolving value
chain. Carry out the assessment and review of the legacy infrastructure in support of
the new value chain. Identify the gaps, process and data integrity challenges.
Segregate the new value chain processes, reconciliation and accounting procedures from
the existing business processes and procedures.
Identify and partner with the vendors who can provide infrastructure with in-built
assurance framework necessary for mobile content and advanced services
Define the Clear set of rules of engagement with the value chain partners. Carefully
define the details on contract terms and conditions with partners of the value chain to
address the roles and responsibilities.
Evaluate the Settlement Challenges. Settlement requirements need close examination.
Content partners need to provide the accurate and timely data feed for settlement
information. Settlement process robustness from a business requirements
perspective and reverse settlement perspective needs to be evaluated. Configuration
of the partners within the settlement and billing system needs to be evaluated from
data accuracy and data completeness perspective
Call Centers Methods and Procedures (M&Ps) related to customer requests for credits
and adjustments for content need to be closely evaluated. Customer adjustments
need to be closely linked with the settlement process with the partners to ensure the
company can realize the adjustments from the content providers in case if they have
provided adjustments to its customers
Event data must be evaluated on a continuous basis in correlation with the common
customer problems for these services to identify data and process integrity issues.
6.1 Introduction
As a team, our objectives are to help, share, and add to the shared knowledge of all
members. If you have other examples that would help or enlighten future readers, please
forward to Gadi Solotorevsky (email: gadi.solotorevsky@cvidya.com )
The following diagram shows the main perceived causes of revenue loss by the telecoms
industry, based on a survey of the industry during 2005.
Other
6 External fraud
Leakage will occur at every weak point in all systems, whether automated or manual.
The list is not exhaustive but it provides an introduction/foundation for the detection of
leakage.
Revenue leakage is defined as revenue not received due to missed opportunity, failure to
bill for the services provided or failure to collect the payment.
Cost leakage is defined as overpayment of costs for chargeable services to third party.
B Provisioning
Failure to correctly record the provisioning of a service on the
B.1 network, and subsequently do not produce a correct bill Revenue Leakage
B.3 Service activated but billing account not set to bill Revenue Leakage
Ported out numbers not de-listed from billing for which costs
B.7 are still paid to third parties Cost Leakage
Paying retail rates to third party suppliers for lines which should
B.11 be charged as wholesale Cost Leakage
B.13 Number ranges already in use are assigned to new operator Revenue Leakage
C Network management
C.1 Loss of CDRs caused by local storage failure on switch Revenue Leakage
C.6 Route info set-up complete prior to rating & billing set-up Revenue Leakage
D.5 CDR produced, but not written into file on switch Revenue Leakage
D.6 Any data lost during file transfer between switch and mediation Revenue Leakage
Any data lost during file transfer between Mediation and Billing
D.7 System Revenue Leakage
Number of calls per month which are not billed as the billing
D.10 system incorrectly identifies them as 'duplicates' Revenue Leakage
D.12 xDRs incorrectly correlated and therefore not billed Revenue Leakage
D.15 xDRs too old to bill and subsequently written-off Revenue Leakage
TAP files from network not sent to clearing house and foreign
D.20 operator Revenue Leakage
E.2 Interconnect call rates set up incorrectly in the rating system. Revenue Leakage
E.3 Retail call charges entered incorrectly in the rating system Revenue Leakage
F Rating process
F1 Misidentification of traffic type and origin incorrectly identified Revenue Leakage
F3 xDRs written off due to inability to rate the event Revenue Leakage
G Pricing Structure
Call rates priced below standard cost charges, creating a
G1 negative margin. Revenue Opportunity
Low Margin Calls: Cases where Operator has set call rates
G8 significantly lower than other operators Revenue Opportunity
H Billing operations
H1 Bill not produced Revenue Leakage
H5 Print vendor does not receive all complete bills Revenue Leakage
I.4 Care credits are applied to a customer account inappropriately Revenue Leakage
I.9 Wholesale costs are not passed on accurately to customers Revenue Leakage
The RA Team has collectively classified revenue assurance efforts into the following
areas. In addition, we have compiled a list of scenarios according to these
classifications for ease of reference.
Fraud in telecom networks has been a problem that has always plagued the bottom
line of operators. The lure of easy money turns many a man into a fraudster. There
are many ways to defraud and abuse telecom networks - both wireline and wireless.
Ingenuity and innovation are the hallmarks of this tribe of modern-day bandits.
Telecom companies have a long history of fraud fighting but the imaginative methods
employed by fraudsters call for continuous improvements on the solutions deployed,
to check fraud.
Fraud - Unnoticed?
In spite of the fact that many telecom companies worldwide have lost significant
amounts of money due to fraudulent activity in their networks, a large number of
CSPs are still not addressing this crucial issue. In many cases, they even feel that
fraud does not exist. Even though one wishes that this should be the case, this is
never true. Losses due to fraud often get swept under the carpet as bad debt. A
recent study has proven that the portion of revenue lost due to fraud could form 40-
50% of the bad debt component! Another aspect is the belief that networks based on
digital technologies are secure. The networks that were rolled out earlier used
analog technologies that had several technical loopholes. Fraudsters exploited these
opportunities to make money. The advent of digital technologies like GSM put paid to
most of the technical frauds. Perhaps this could be the reason why many GSM
operators feel that they are safe from the clutches of villainous fraudsters.
This acquires gigantic proportions in a roaming scenario due to the delay in accessing
call detail records and subsequent detection. One can understand the possibility of
this fraud when we realize that roaming is a key feature offered by GSM operators
and has many business benefits. Subscription fraud in the roaming situation is often
referred to as Roaming Subscription Fraud.
Subscription Fraud is the most damaging amongst the non-technical frauds. The
methodology adopted here is simple with the fraudster obtaining a connection from
the telecom company using the normal, accepted procedure of the company. The
fraudster has no intention to pay and rings up huge bills, in a very short time frames.
The telecom company comes to know of such high usage only after some time and
by then it would be impossible to trace the fraudulent subscriber. Ultimately all the
payments that were to be recovered from this subscriber will have to be written off.
A variation of this is what is called the Call-Sell Fraud. Here the fraudster abuses the
call-forwarding feature of networks and uses his connection to set-up multiple,
simultaneous calls for his clients. The client pays a lesser amount of money than
they would normally pay the telecom company. The fraudster can, of course, afford to
offer such a subsidy as he has no intention of ever paying any money to the telecom
company. By the time, the bills are raised and the company comes around to collect
the money, the fraudster would have made a significant amount of money and flown
the coop.
There is also another interesting variant called Premium Rate Services (PRS)
Fraud. Premium Rate Services are closely associated with fraud in two ways -
fraudsters are likely to abuse the network to call these numbers and the PRS content
providers themselves might defraud. The PRS content provider first obtains a
subscription through some devious means and then uses this subscription to make
calls to their own PRS service and thus inflates the transactions to their service. The
CSPs pay the PRS content provider irrespective of whether this fraudulent subscriber
has paid or not. Call selling and PRS are the major contributors to losses due to
subscription fraud and could be more than 50% of the total fraud loss.
Wireline networks face some other frauds like PBX Hacking and Clip-on Fraud. The first
type of fraud is possible where the PBX supports a feature called Direct Inward System
Access (DISA). Here, an employee of the organization owning the PBX can dial into the
PBX and get access to an external line - for making long distance and international calls -
through keying an authorized PIN. Hackers dial into such PBXs and crack the PIN and
thus gain access to an external line that allows them to make long distance and
international calls. The organization owning the PBX will get an inflated bill that includes
calls made by such hackers. As the name suggests, Clipon fraud is an unauthorized
physical connection to a telephone line using some clamping devices (like alligator clips).
This is one of the oldest forms of telecom fraud. Both of the above types of fraud are
surfing frauds, which imply unauthorized use of a service or a product.
Pre-paid systems that were deployed initially had several inherent problems such as
last call exposure and were prone to fraud attacks like hacking of platform. Vendors of
pre-paid systems understood the seriousness of the issue and upgraded the
technology in the platforms, making them more secure. This has led to a false belief
among operators that pre-paid systems are fraud-free. This is not true and huge
losses are being reported due to Pre-paid Fraud. Fraudsters have found it possible to
defraud pre-paid platforms through the abuse of security codes, using ghosting
techniques to confuse the platform, internal fraud etc.
In addition to the above, there exists the problem of internal fraud wherein
employees within the operator or associates of the company aid outsiders in
defrauding the network. Employees have access to all parts of the network and are
sufficiently knowledgeable to know where to play the dirty tricks. There have been
instances wherein employees have used highly sophisticated instruments (which
were actually meant to be used for network troubleshooting) to obtain confidential
information and make money using this information. Internal Fraud is extremely
dangerous and can lead to a quick erosion of revenue.
8 Administrative Appendix
This document will continue under formal change control. Supporting work will be
issued as companions to this document. A document of this type is a living
document, capturing and communicating current knowledge and practices. Further
inputs will be made because of detailed work ongoing in the TM Forum and the
industry.
8.5 Acknowledgments
The members of the TeleManagement Forum Revenue Assurance Technical Team prepared
this document:
A number of people provided input and/or formal contributions. Although not an exhaustive list, many
thanks to the following for their thoughtful input and contributions
Enrico Angori - Datamat
Sachdeva Deepika Siemens
Enabling the development of a market and real products for integrating and automating
telecom operations processes.
The members of TM Forum include service providers, network operators and suppliers of
equipment and software to the communications industry. With that combination of buyers
and suppliers of operational support systems, TM Forum is able to achieve results in a
pragmatic way that leads to product offerings (from member companies) as well as paper
specifications.