Professional Documents
Culture Documents
RAStandards2009 PDF
RAStandards2009 PDF
The
R e v e n u e A s s u ra n c e S ta n d ar d s
Release 2009
GRAPA
Oakwood Hills, Illinois, USA
Other Books by Rob Mattison:
The Data Warehousing Handbook - 2006
Published by
All rights reserved. Printed and bound in the United States of America. No part of this book may be reproduced or utilized in
any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and
retrieval system, without permission in writing from the publisher.
Use of a terms in this book should not be regarded as affecting the validity of any trademark or service mark.
Table of Contents
Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Chapter 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
GRAPA Countries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Members' Regions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
GRAPA Benchmarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
GRAPA in 2009 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
GRAPA Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
New Committees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
The GRAPA Benchmarks: The State of the Revenue Assurance Profession Today . . . . . . 21
GRAPA Benchmarks: Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Educational Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
GRAPA Standards – Approach and Prerequisite Components (Practices and Body of Knowl-
edge) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
The Standards Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
GRAPA Workshops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
GRAPA Committees . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Tools Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
GRAPA Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
GRAPA Standards: Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Chapter 6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
The Revenue Assurance Lifecycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
2. Economy of Scale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3. Ability to Organize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Phase IV++ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Chapter 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Forensic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Risk Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Exchange Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Process Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Systems Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Revenue at Risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Remedy Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Remedy Recommendation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Chapter 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Controls, Corrections and Compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Management Decision-Making. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Remedy Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Understanding Controls. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Definition of a Control. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Audits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Test Plans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Synchronization Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Auto-Adjustment Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Understanding Corrections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Chapter 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
What Kinds of Cases Should be Included in the Charter for Revenue Assurance?. . . . . . . . . . . . . . . . . . . 81
Leakage Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Fraud Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Cannibalism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Chapter 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Domains and Scope Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Chapter 11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Organizational Principles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Best Fit Criteria for Revenue Assurance on a Task-by-Task or Domain-by-Domain Basis . . . . . . . . . . . . 119
Organizational Principle #1: The Relationship of Revenue Assurance to the Operational Team. . . . . . 122
Organizational Principle #2: The Relationship of Revenue Assurance to Other Support Organizations . .
123
Organizational Principle #3: The Relationship of Revenue Assurance to Top Management . . . . . . . . 123
A. Assess and Report Risk –Forensics and Overall Risk Analysis. . . . . . . . . . . . . . . . . . . . . . . . . 124
The Revenue Assurance Management Team Can Make the Decision . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
Chapter 12 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Operational Principles and Ethics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Consensus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Integrity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Rationalization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Appendix A. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Standards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Subscription . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Credibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
C. Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Appendix B. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
VII.K. Revenue Stream Maximization – Network Element Outage Assurance Techniques . . . . . . 165
Foreword
In January of 2009, the Global Revenue Assurance Professionals Association (GRAPA) formally published the official Stan-
dards for the Practice of Revenue Assurance for 2009. These Standards are the result of many hours of hard work by dozens of
volunteers who labored to make the Standards as neutral, unbiased, practical, and useful as possible for the thousands of people
who are currently employed as Revenue Assurance professionals in the Telecommunications industry.
This book is an in depth review and exploration of the current Standards. The Standards Document itself is only 18 pages long,
but the implications and interpretations of the dozens of different principles are extensive.
It is our hope that the majority of the people practicing Revenue Assurance around the world today take the time to review these
Standards and make use of whatever they find to be beneficial.
In an effort to encourage the dissemination of these Standards as quickly and accurately as possible, it was decided to make this
book available via several channels:
1. GRAPA members can download a PDF version of the book, free of charge, using their GRAPA Membership ID on the
GRAPA website.
2. Anyone wishing to obtain a copy of the book without providing personal contact information can purchase an e-download
from a number of sources.
3. The book will also be made available in soft- and hardcover format and can be purchased from a number of sources.
This book (and the Standards) represent a work in progress; not a definitive last word on the practice of Revenue Assurance. We
hope that it provides professionals with a rich body of knowledge, a perspective to clarify their thinking, and that it improves
their professional careers.
If you are genuinely interested and/or engaged by this book, we hope that you are inspired enough to join the GRAPA organiza-
tion and become further involved in the ongoing refinement of these Standards.
Although it is not be possible for me to give credit to all of the many people that participated and helped with this process, I
must acknowledge some of those that had a major role in “making the book happen.”
Mike Sullivan (USA), Wessel Scheepers (South Africa), John L. Myers (USA), Henry E. Whyte (Ghana), Sriram Dharmarajan
(India), Baba Diomande (Gabon), Désiré Nindjin (Ivory Coast), Robert Martignoni (Germany), Carola Rusch (Germany), Enid
Mullin (South Africa), Victoria de Aboitiz (Argentina), Theodore Daniel Toma (Egypt), Pete Van Cleve (USA), Ravikumar
Jigajinni (India), Anthony Cruz (Philippines), Malthesh Gududappa (India), along with the U.S. GRAPA team members who
helped to make this happen including Brigitte Mattison, Chris Yesulis, Laura Knigge, Dustin Mattison, Eva Pristera, Nathan
Langlois, Michael Crowley, Amy Beymer, Teresa Shepp, Jade Blackwater, and many others.
This work could not have been completed without your dedication and continuous effort.
I would also like to acknowledge and thank our copy editor, Rick Alaska, who made this book read as smoothly as it does.
Rob Mattison
Chapter 1
Help Wanted: Well financed Telecommunications Company looking for an experienced Revenue Assurance manager. Must be
able to keep track of millions of miniscule, obscure facts and details, and be expert at Telecommunications technology (four
generations) regulations (change monthly), business models (change frequently), finance, and operations (change daily).
Successful candidate should be familiar with wireline, wireless, interconnect, roaming, 3G, Wi-Fi, WIMAX, and dozens of other
technologies.
You will be required to guarantee the integrity of the operation of hundreds of processes (processes that are the responsibility
of someone else) and check to make sure that every single bit of revenue earned is accounted for across hundreds of operations
and dozens of departments.
You will also be required to participate in and assure the profitability and success of dozens of new service offerings. You will
make use of technologies that are so new they haven’t even been invented yet, while not upsetting or causing the finance, inter-
nal audit, I/T, technical or operational management teams to feel threatened in any way.
You will be forced to work with a minimum staff, budget and with only a few inappropriate tools, while being held personally
responsible for any and all losses no matter how small, and no matter who is actually responsible for creating the problems.
Must be willing to work for minimum wage, work long hours and assign credit for your accomplishments to people you had to
fight to get things fixed in the first place.
Seems like a great job, doesn’t it? But looking around the Telecommunications industry today, you can easily find hundreds of
job openings with exactly these kinds of qualifications and terms. More unbelievably, you will also find a core group of highly-
motivated individuals who are willing to voluntarily take on these tremendous jobs.
To the casual observer and even to the seasoned Telecommunications professional, the phenomenon known as Revenue Assur-
ance creates quite a bit of confusion and at times some controversy. Despite the confusion, the bickering and apathy, it is clear
that Revenue Assurance is growing in scope, depth and breadth on nearly a daily basis.
At the height of the “Old School” Revenue Assurance crusade personnel were expected to be responsible for the sacred “Switch
to Bill” domain. This assures that every CDR that came off the switch can be accounted for in the billing system, and not much
else.
The irony, of course, is that this represents only a small portion of the overall revenue exposure that a typical Telco experiences.
Even more ironic ̶ even in those days, getting this simple piece of the complex revenue management puzzle assured was no
small task.
One of the first places we can look when trying to explain the Revenue Assurance phenomena is the demise of one of the vener-
able institutions of “old school” Telecommunications, the BOM.
The BOM (Billing Operations Manager), used to be one of the most important people on the Telecommunications management
team. The BOM usually reported directly to the CEO, and was considered the second most powerful member of the manage-
ment team after the CTO (Chief Technology Officer).
For people familiar with modern Telecommunications, the concept of the BOM might seem foreign and difficult to understand.
But the BOM had traditionally been a critical cog in the Revenue Management machine.
The Billing Operations Manager was the person responsible for the integrity of everything in Billing Operations. The BOM was
responsible for making sure that the CDRs were generated by the switches. This person ensured that mediation processed the
CDRs successfully. The BOM was king of running the billing cycles, and usually had credit and collections responsibilities.
In short, the BOM had absolute full operational and financial responsibility for the capture, processing and collection of rev-
enues. The CEO needed to call only one person to answer questions about revenues or collections, and that was the BOM.
What a concept! What a great idea ̶ a fully integrated operational group responsible for the integrity of all revenue related
activities!
The BOM, of course, was a difficult job. It required that a person be an expert politician, technician, operational maven, and
financial manager. The BOM had to know how to make things happen and how to make sure that others did as well. Most criti-
cally, the BOM had the power to change things what needed to be changed (because of the impact on revenues) and the BOM
had the support of the organization to ensure that it happened.
The Product Manager in the old school Telecom world, like the BOM, was a person with end-to-end responsibility. The Product
Manager was responsible for the profitability and success of products from inception to creation, to deployment, and throughout
a product’s lifecycle.
When the Telco decided to create a new service offering, the Product Manager (typically a member of the CTO team) was
responsible for ensuring that everything associated with that product, was addressed, especially from the technology and mar-
ket and sales forecast side.
The “old school” Product Manager was one third technician, one third operational manager and one third marketer. It is not
surprising that, with a good BOM and a good Product Manager, there was little doubt about how well a Telco was being man-
aged, and most importantly, who was responsible when something went wrong.
Although the “good old days” of Telecommunications had virtues, such as profitability and stability, several factors disrupted
the previously “normal” way of operating. The past 25 years have seen an explosion in innovation, invention and disruption of
the Telecommunications business model on every front. New technologies, disruptive and inconsistent regulatory variance, and
deployment of radical new sales channels and business models have reduced Telecommunications to a mere shadow of what it
used to be. With so much changing so quickly, Telecommunications organizations have been forced to adopt a radically differ-
ent kind of operational control model.
Prepaid systems, credit cards, cash payments, direct bank deposits, and a myriad of other financial vehicles complicated the
simple, straightforward model that directed the Billing Operations domain.
In the midst of all of this we find the humble Revenue Assurance practitioner.
These are extremely complex questions. Revenue Assurance, like everything else in Telecommunications today, is typified by
a wide range of different implementations and interpretations depending upon where you go and who you ask.
The people who view and treat Revenue Assurance this way have relegated the discipline to simple straightforward “monetary
menials.” These “menials” are the billing system “maid service” that follows the operational teams, attempting to sweep the
droppings from overly aggressive and forgetful Operational Managers.
In this world view, the Operational Managers are responsible for bringing in the big bucks and cannot be saddled with respon-
sibility for the minor details. So instead of expecting them to clean up after themselves, we bring in the Revenue Assurance
janitors who make sure that there are no major messes left behind.
Almost all Revenue Assurance departments started out this way, but an increasingly large number of groups are finding them-
selves forced into the limelight and pressured to take on more and more responsibility for a scope that far exceeds the humble
“Switch to Bill” beginnings.
One of the biggest trends seen in the expansion in the responsibilities of the Revenue Assurance professional is the movement
into areas where prevention of loss is as important as detection and elimination of existing losses.
To take on the mantle of prevention, we have to define exactly how far to take it.
It is in this wild, crazy, confusing world of conflicting missions, objectives and operational assumptions that most modern
Revenue Assurance departments find themselves. While almost every Telco on the planet today has a Revenue Assurance
department, the disparity in staffing, missions, responsibilities, and charters can be immense.
Even in multi-national Telcos, where one parent corporation oversees dozens of subsidiaries, the missions, makeup and roles
of the Revenue Assurance departments can be quite disparate.
GRAPA was founded and has as its primary mission the job of aiding Revenue Assurance professionals around the world in the
definition, standardization and professionalization of the Revenue Assurance job.
Early in the life of the organization it became clear that the key advantage that most members were seeking was a clear set of
standards by which they could set their goals and objectives.
There are many reasons why GRAPA has taken on the development of a clearly defined, industry-wide, globally accepted set
of standards for the practice of Revenue Assurance.
In general, the objectives of these standards are to help the industry overall, and the Revenue Assurance professionals as indi-
viduals to improve the quality, quantity and effectiveness of their activities to the benefit of all parties involved.
There are hundreds of companies around the world that can clearly identify themselves as a part of the Telecommunications
industry, but the variance between these companies can be quite large
There are several factors that make the standardization of anything within the Telecom industry extremely difficult. These
include the following disparities.
In addition to the disparity in size of the customer base (headcount), there is also a large difference in the average revenue per
user (ARPU). As a result, for some carriers a high headcount combined with a high ARPU will mean that highly automated,
repetitious and rigidly defined operational parameters, combined with employment of many highly trained specialists, will
yield the best benefit from a revenue protection perspective.
For the smaller companies that also have a lower ARPU, the employment of fewer people who perform a wide variety of
responsibilities will be the order of the day.
Headcount and ARPU disparity establish the first set of parameters dictating what an optimum Revenue Assurance approach
will be.
High ARPU
High Headcount
Low ARPU
Low Headcount
Figure 1.1 Optimum size and nature of RA team in relation to the ARPU and Headcount of carrier
High ARPU
High Headcount
Low ARPU
Low Headcount
Figure 1.2 Optimum structural and automation approach based on the ARPU and Headcount of carrier
Older technologies are by definition more stable, better understood and more easily contained than new technologies. This
translates into a clear need for an increase in Revenue Assurance support as the technology gets newer.
Indeed, the newest technologies typically have almost no built-in revenue controls whatsoever, and in these cases the job of the
Revenue Assurance team becomes focused on the creation of controls rather than enforcement of existing controls.
In the same way, Telcos with a highly diverse set of technologies (many generations and many different types of technology)
will typically find themselves in need of this same kind of active participation by Revenue Assurance.
Newer
Technology
Complex
Environment
Older
Technology
Simpler
Environment
Figure 1-3 Relationship between the complexity and age of technology to the need for RA support
For example, the German people are famous for their dedication to detail, precision and for doing things “the right way.” An
employee of a German carrier is likely to have a cultural predisposition towards doing things right the first time and thus elimi-
nating the need for the double-checks that a Revenue Assurance organization will provide. This greatly limits the areas where
Revenue Assurance might be required.
Indeed, in the older, more established Telcos, there are often well established Business Process Reengineering teams, IT teams
and seasoned Internal Auditors who understand the intricacies of Revenue Assurance much better than any traditional Revenue
Assurance team. Ironically, this institutionalization and formalization can sometimes create a “backlash effect” where the struc-
tures are so inflexible that the organization creates “blind spots” that generate Revenue Assurance exposure.
Newer
Organization
Less Structure
Older
Organization
Mature
Processes
And
Operations
Figure 1-4 Relationship between age and maturity of an organization and its need for Revenue Assurance support
But there is no logical reason that we should not be able to establish a set of standards, structures, guidelines, and knowledge
sharing that will enable the industry to attain a reasonable “economy of scale” for investment in Revenue Assurance.
This is the core challenge to the establishment of Revenue Assurance as a profession and to the efficient practice of Revenue
Assurance across the industry. How do we establish a set of standards that can support everyone, allowing everyone to benefit
from the shared mission, goals and challenges, while at the same time recognizing and adapting to the differences that are the
heart and soul of the industry?
We have the privilege of sharing with you the results of the GRAPA organization’s two-year project in order to accomplish this.
We hope that you find our efforts to be interesting, informative and helpful in your understanding of Telco operations. We also
hope that it increases your appreciation of the incredibly complex and interesting job of Revenue Assurance, and the complexi-
ties of creating, staffing and training your own Revenue Assurance team.
As with all efforts of this type, the standards in this document should be considered a “work in progress” rather than a finished
product. The teams and individuals involved in the creation of these standards, and in the practice of Revenue Assurance
around the world, are constantly increasing, modifying, and improving the definition of Revenue Assurance and its many arts
and skills.
We do not consider the publication of these standards as the end of a process but as the beginning of the real work. Now that the
standards have been formalized and approved, people can examine those standards and the Revenue Assurance job itself with
a level of scrutiny that was not previously possible.
Will these standards be the final word in Revenue Assurance? Absolutely not! But we are confident that they represent a strong
start.
Rob Mattison
President
GRAPA
Chapter 2
An Introduction to the
Global Revenue Assurance
Professionals Association
The standards document presented here represents the sum total of the participation of hundreds of Revenue Assurance profes-
sionals from every continent working for telecommunications companies of every type and size.
Creating the environment that made this kind of collaborative effort possible was not easy, and it is important for anyone
reviewing these standards to have an understanding of their origin, why we believe they are important, and most importantly,
why we believe they are legitimate.
More importantly, this discussion demonstrated that Revenue Assurance professionals are very interested in learning what other
RA professionals are doing. A desire to share information, to learn from each other, and to create a community of professionals
has been continually expressed by Revenue Assurance professionals.
About six months later, a small group of people decided to turn these needs and concepts into a viable professional association.
This association was dedicated exclusively to creating a Revenue Assurance community and solidifying the professionalization
of the discipline.
First and foremost was a strikingly simple fact. The definition of professional and the advocacy of professionalization have
one core requirement; there needs to be an association, a body, or a group that defines and bestows professional status upon its
members. In other words, the first step in the process of professionalizing the Revenue Assurance business is the creation of an
association whose mission it is to attain that objective. And so, the Global Revenue Assurance Professionals Association was
borne.
Some may ask, why choose this method to pursue professionalization? Surely there must be an easier and more convenient
way to do this.
Clearly, the decision to form an entirely new, unfunded and unsponsored association was a difficult one, but the decision was
made, addressing the needs of autonomy and consensus.
There are many organizations, companies and institutions that would be willing to, and have offered to “sponsor” GRAPA, but
these offers have been categorically rejected. The reasons are simple.
If the GRAPA organization were to take significant funding from outside organizations, GRAPA would by definition stop being
independent and would have to respond to the demands of the sponsors.
For example, if a major Revenue Assurance software company or a major Telecommunications equipment vendor were to
significantly bankroll GRAPA, then the mission, focus and direction of GRAPA would be required to meet the demands and
needs of those sponsoring organizations, and not those of the membership. We believe that, if GRAPA is to be successful, then
the integrity of the organization and of its statements and activities must be completely above reproach.
It is tempting to take short cuts, developing an association and direction for the Revenue Assurance profession that caters to
the needs and demands of a select sub-segment of the Telecommunications industry, instead of working hard to get everyone
involved.
It is incredibly tempting to narrow the focus of GRAPA activities to the large, high volume, well financed Telcos. The employ-
ees at those companies have higher incomes. The companies have larger budgets, and it would be easy to attract lucrative
funding and quick success by catering to this group’s specific needs.
However, while tempting, this specific focus might alienate the much larger population of telecommunications professionals
in the process. Defining the association to cater to the more privileged individuals would deprive the membership of insight
into the exciting, dynamic and innovative breakthroughs in Revenue Assurance practices that the smaller, less financed, more
challenged professionals have to offer.
It was decided that, in order to target as large a population of professionals as possible, the criteria for
membership and for participation had to be geared towards the entire spectrum of carriers, geographies and
situations.
GRAPA Countries
Afghanistan Germany Panama
Albania Ghana Paraguay
Algeria Great Britain Peru
Angola Greece Philippines
Anguilla Grenada Poland
Argentina Guatemala Portugal
Armenia Haiti Puerto Rico
Aruba Honduras Qatar
Australia Hong Kong Romania
Austria Hungary Russia
Azerbaijan India Rwanda
Bahrain Indonesia Saint Lucia
Bangladesh Iran Saudi Arabia
Barbados Iraq Senegal
Belgium Ireland Serbia and Montenegro
Belize Israel Sierra Leone
Benin Italy Singapore
Bolivia Jamaica Slovakia
Bosnia and Herzegovina Japan Slovenia
Botswana Jordan South Africa
Brazil Kenya Spain
Brunei Darussalam Kuwait Sri Lanka
Bulgaria Latvia Sudan
Burkina Faso Lebanon Suriname
Cambodia Lesotho Swaziland
Cameroon Libya Sweden
Canada Lithuania Switzerland
Cayman Islands Luxembourg Syria
Central African Republic Macedonia Taiwan
Chad Madagascar Tanzania
Chile Malawi Thailand
China Malaysia Togo
Colombia Maldives Tonga
Congo Malta Trinidad and Tobago
Costa Rica Mauritius Tunisia
Cote d’Ivoire Mexico Turkey
Croatia Mongolia Uganda
Czech Republic Morocco Ukraine
Democratic Republic of Congo Mozambique United Arab Emirates
Denmark Namibia United Kingdom
Dominican Republic Netherlands USA
Ecuador Netherlands Antilles Uzbekistan
Egypt New Zealand Venezuela
El Salvador Niger Vietnam
Estonia Nigeria Yemen
Fiji Norway Zambia
France Oman Zimbabwe
Gabon Pakistan
Georgia Palau
Palestinian Territory
Members' Regions
GRAPA members can bet found in every region of the world. Our greatest membership numbers are currently in Africa and
Southern Asia, but we are gaining quick acceptance and growth in the South American, European and Northern Asia markets
as well.
1.79% (3)
7.74% (13)
5.36% (9)
Asia 32.14% (54)
Africa 4.76% (8)
Middle East
W. Europe 3.57% (6)
E. Europe
N. America
Latin America
S. Pacific 11.31% (19)
GRAPA members work with all of the major lines of business in telecommunications today: Wireless (GSM and CDMA),
Wireline, DSL, Cable, Satellite, Long Distance, Roaming, WiFi, WiMax and many other technologies. As you can see by this
graph, GRAPA members provide a highly representative coverage of each of these "lines of business".
GSM
CDMA
Wireline
WiFi
WiMax
Cable
Broadband DSL
Satellite
Content
Other:
Frame Relay
VAS
Wireless 3G
0 10 20 30 40 50 60
14.29%
1 to 300,000 27.38%
300,001 to 600,000
7.14%
600,000 to 1,000,000
1,000,001 to 2,000,000
2,000,001 to 3,000,000
3,000,001 to 5,000,000 7.14%
5,000,001 to 10,000,000
More than 10,000,000
12.50%
14.88%
7.74%
8.93%
Since GRAPA does not accept sponsorship (due to the need for autonomy) and chooses not to demand membership
fees (due to the desire to attain maximum participation by as many professionals as possible) it is critical that there be
some way for activities to be funded.
(The rationale for this is simple. If GRAPA is developing the standards, body of knowledge and professionalization
that people really want and need, then they should be willing to pay for it. In fact, if they are not willing to pay for it,
then that actually proves that the material being developed is offering no real value to the constituency. The success of
the Revenue Assurance academy, and the certification program is, in fact, a very powerful and crystal clear litmus test
for the effectiveness of the association and the work that it performs. If what the association creates is relevant, adds
value to people’s careers and makes sense to managers, then the classes and certification will be filled. If not, then the
association is clearly failing.)
These small teams provide support to the different committees and members in the accomplishment of their objectives.
GRAPA Benchmarks
One of the more prominent and useful of the GRAPA activities in 2008 was the GRAPA benchmarks, which consisted of a
number of different questionnaires. These were designed to help the GRAPA organization and members to understand current
Revenue Assurance practices around the world.
The rules for GRAPA benchmarks are simple. If you participate in the benchmark, you get to see the results. Over 300 members
participated in our benchmarks in 2008 and several dozen are planned for 2009.
GRAPA in 2009
2009 will see a number of improvements and re-commitment to many things that worked well in 2008. More importantly, we
will continue with our innovation by providing a number of new activities.
GRAPA Certification
Simultaneous with the release and promotion of the GRAPA ratified standards will be the launching of the GRAPA Certifica-
tion Program. This program was designed to assist Revenue Assurance professionals in establishing clear goals and objectives
for their career paths. It is designed foremost to accomplish the primary objective of GRAPA, which is the professionalization
of the industry.
GRAPA certification includes requirements for members in the areas of training, testing and real world experience. GRAPA will
be assembling a support staff to support this certification effort.
For more information about the GRAPA certification program, see the GRAPA website at www.grapatel.com/A-GRAPA/02-
Certification/Certification.asp
The Revenue Assurance Academy is a training organization that offers classes to professionals through a number of different
venues including:
a. On-site training at corporate locations
b. Venue-based training at independent training sites and hotels around the world, including Johannesburg,
Miami, Chicago, Dubai, Madrid, Cairo, Lagos, Nairobi, Kuala Lumpur and others.
c. Web-based training classes
This same organization administers the GRAPA certification program, a program designed to assist Revenue Assurance profes-
sionals in defining a career path and attaining the training and experience necessary to accomplish those objectives.
For more information about GRAPA training see the Revenue Assurance Academy website at: www.ra-academy.org
New Committees
In addition to the already exciting work being done by existing committees, several new committees are being formed. Included
will be committees to address:
1. Credentialization - Determining which major certification / industry standards bodies GRAPA should align with. GRAPA is
already engaged in the study and consideration of membership in the TIA, working with the ITU at the national level, NOCA
and several others.
2. Spanish, Arabic and French Language Development - GRAPA understands the importance of the accessibility of information
and training in a language that is comfortable for the member to undertand. For that reason, we will be launching several major
initiatives to deploy the standards, Townhalls, training and other GRAPA materials in French, Spanish and Arabic.
Chapter 3
These are just a few of the questions that the GRAPA organization has set out to answer through execution of a number of dif-
ferent benchmark surveys?
In 2008, GRAPA conducted more than twenty different benchmarks covering a number of different topics. The largest (with the
most responses) were the “GRAPA General Revenue Assurance Practices” and “Revenue Assurance Team Member Profiles.”
The General Practices surveys asked GRAPA members basic questions about:
1. The size of their departments
2. Positioning of their departments within their organizations
3. Budgets and plans for expansion
4. Scope
5. Mission
6. Basic Organization
In total, over 200 people participated in these benchmarks, providing solid information about the “state of the profession” for
those individuals. The relatively small size of the benchmark compared to GRAPA membership is primarily due to the fact that
GRAPA membership was approximately 300 at the beginning of 2008, but grew to a staggering 1700 by the end of the year.
As a result, the number of participants represents approximately 25 to 35% of the membership at the time the surveys were
conducted.
It is clear, from the survey results and the follow-ups conducted, that the typical Revenue Assurance areas in many Telcos in
2008 were subjected to several different types of volatility.
1. Radical shift in the perceived importance of the Revenue Assurance function. The Revenue Assurance team often
finds itself the focus of high expectations and top management attention for short stretches of time, followed by peri-
ods of management apathy and lack of concern. This shift from critical to laissez-faire appeared to happen more than
once in a given year. In other words, one of the characteristics of Revenue Assurance would appear to be that it moves
into and out of the spotlight based on a number of different factors.
2. Incredibly rapid expansion in scope. 2008 saw an incredible explosion in the headcount allocated by top manage-
ment to the Revenue Assurance function, as well as an almost unbelievable push to add continually increasing scope
to the responsibilities of the Revenue Assurance team. Benchmarks of only two years ago showed Revenue Assurance
as almost exclusively relegated to the sacred “switch to bill” domain. Benchmarks in 2008 showed Revenue Assurance
departments assuming responsibilities for areas that were formerly, or traditionally, considered to be the responsibility
of Internal Audit, Network Operations, Product Development, and Marketing. This dizzying increase and redefinition
of the scope of Revenue Assurance has by far been the biggest single challenge in the development of Revenue Assur-
ance standards.
Some of the volatility that we discovered in these surveys is attributable to the high percentage of African, Middle Eastern and
South Asian members in GRAPA. These markets are currently undergoing some significant volatility at the highest level. It is
important to note that even the more “stable” European and North and South American carriers had their fair share of this type
of volatility, although it was not quite as severe.
Equally important is the fact that these markets are quickly overtaking the European and American markets as the “thought
leaders” and “trendsetters” in the industry. As the shift of emphasis and innovation moves from the “old school” European and
American carriers to the new leading African, Asian and Middle Eastern operators, the importance of these markets and their
behaviors will continue to increase.
GSM
CDMA
Wireline
WiFi
WiMax
Cable
Broadband DSL
Satellite
Content
Other:
Frame Relay
VAS
Wireless 3G
0 10 20 30 40 50 60
1.79%
7.74%
5.36%
Asia
32.14%
Africa 4.76%
Middle East
W. Europe 3.57%
E. Europe
N. America
Latin America
S. Pacific 11.31%
33.33%
The average years employed was 3.46 years. The average years in Revenue assurance was 2.02 years.
This means is that most people have been in Revenue Assurance for two years or less, and the majority of them spent at least
one year in some other role in the Telco before moving to Revenue Assurance.
1-2 years
3-10 years
11-20 years
0 50 100 150
Large numbers of people identified themselves as having Accounting, Operations or IT skills, with backgrounds in Billing,
Mediation and Network each providing significant representation. It is interesting to note that over 20% of the respondents cited
experience and training in Network Operations.
Accounting
I/T
Operations (Billing)
Operations (Network)
Operations (Mediation)
Other, specify:
0 20 40 60 80 100
Educational Background
The educational background of most Revenue Assurance professionals is higher than that of most “typical” Telecom employ-
ees. The vast majority of Revenue Assurance practitioners have a four-year college degree and almost half of them also have
advanced degrees.
Trade School
Some College
0 50 100
The largest group is made up of the Internal Audit organizations, but Sarbanes-Oxley, Quality Management, and Risk Manage-
ment groups are also well-represented.
Sarbannes-Oxley
Internal Audit
Risk Management
Corporate Governance
p
Business Process Re-engineering
Quality Assurance
Process Quality
None
0
0 50 100 150
Of course, this delegation of responsibility to the operational groups does not speak to the quality or effectiveness of the
effort.
Network Operations
Mediation
Postpaid
Prepaid
Roaming
Interconnect
Provisioning
Sales
Credit
Collections
0 10 20 30 40 50 60 70
15.48% 15.48%
3.57% 4.17%
CEO
CIO
CFO
CTO
Other:
61.31%
41.07% No
No 50.00% Yes
Partial
Yes
8.93% Partial
It is in this area, that the GRAPA Standards were seen as a more critical tool. Without a standardized way of dissecting and
explaining the various aspects of the Revenue Assurance job, it is clearly impossible to assess the extent to which Revenue
Assurance is actually being done.
In general, the surveys showed that Revenue Assurance teams were involved in dozens of areas. Many of these areas appear
to be quite inappropriate and out of scope for what we would traditionally consider to be the “Revenue Assurance” job. While
the classical “switch to bill” job shows up, its importance continues to diminish as bigger risks to revenue are discovered, and
as the reliance on the simplistic postpaid, voice and circuit-based business models give way to the exponentially more complex
models of the twenty-first century.
The scope of Revenue Assurance clearly includes the following areas in many Telcos around the world. Any attempt to define
a set of criteria for measuring the actual penetration and assignment of responsibility to Revenue Assurance for these areas is
greatly confused by:
1. The shared nature of Revenue Assurance responsibilities
2. The almost random practice of self-assurance by different departments
3. The almost random acceptance of Revenue Assurance type responsibilities by Internal Audit, SOX and other oversight
groups
4. The maturity, skills and adequacy of the Revenue Assurance teams themselves
5. The size, profitability and nature of the Telco organization
However, taken as a whole, you will find Revenue Assurance departments responsible for the revenue and operational integ-
rity aspects of every single line of business with which Telcos are involved. This is along the entire depth and breadth of the
Revenue Management streams from Network Operations, Switch Utilization, Network Investment Assurance, Network Out-
age Assurance, Marketing, Churn, Sales Channel Security and Assurance, Credit, Collections, Product Development, Prepaid,
Interconnect, Roaming, and dozens of other areas.
For a comprehensive listing of the currently defined and approved body of knowledge considered to be in-scope for Revenue
Assurance as of 1 January 2009, see the GRAPA “Body of Knowledge” Index in the Appendix of this book as well as the details
of the Objectives (Levels of Assurance) section of the Standards.
Training of personnel
Standards and procedures
Budget
Systems selection
System development
Cooperation between groups
Role within the overall organization
Staffing
Technical skills development
New product development integration
0 50 100 150
Rapid Growth
Shrinking
0
0 50 100 150 200
The GRAPA Standards must clearly define exactly what the different responsibilities of a Revenue Assurance function are and
provide practitioners with a way to understand, diagnose, differentiate, and negotiate boundaries with each of these groups.
(The Disciplines section of the standards provides a framework for understanding what the different Revenue Assurance respon-
sibilities are, and the Principles section offers a definition for how the Revenue Assurance team is to negotiate and establish
operational boundaries with these overlapping groups.)
Clearly, the definition of responsibility of a Revenue Assurance group to relieve Operational Managers of their responsibilities
for operational integrity and protection of revenue streams would be disastrous.
At the same time, ignoring the fact that Operational Managers can be aided in these responsibilities through the specialized
skills and focus of a Revenue Assurance team cannot be ignored either.
Proposing a method for the definition and negotiation of these boundaries is also defined in the Principles section of the stan-
dards.
Of course, it will be impossible for GRAPA to provide certification until there is a clear set of standards, a good vocabulary, and
an accepted body of knowledge upon which this training and certification can be based. It is in support of this goal that these
standards are being solidified and published.
Chapter 4
The biggest needs and issues as determined by our benchmarks, town hall meetings and seminars are:
1. The need to define the “fit” of Revenue Assurance within the organization, especially in regards to top management,
other assurance organizations (Internal Audit, Sarbanes Oxley etc), and the critical relationship with Operational Man-
agers. In other words, determining the issues of responsibility and accountability.
2. The need to define a mechanism for the organization of the Revenue Assurance job so that managers can train, staff,
organize, measure, and assess the effectiveness of practitioners.
3. The need to create a clear, consistent vocabulary and structure that can be applied to the majority of the vastly different
implementations of Revenue Assurance across different geographies, technologies and cultural templates.
The structure employed to accomplish these objectives involved the definition of the standards themselves, along with related
and supporting information and structures.
Body of Knowledge – The body of knowledge defines the prerequisite knowledge that a Revenue Assurance practitioner must
have. It defines the “curriculum” to which a person must adhere in order to perform the Revenue Assurance job with integrity.
Practices – The profession must have a set of guidelines for how things are done. Practices provide practitioners with informa-
tion on what most Telcos typically do to assure various systems and situations. These are the practices that Revenue Assurance
professionals follow. While many consulting organizations promote “best practices,” it is GRAPA’s position that the most criti-
cal is not the definition of “best” but of “standard” practices. Indeed, without a definition of what the standard practices are,
the definition of “best practice” is problematic at best. GRAPA has prepared and will begin to build a comprehensive library of
such practices as the next step in the standards and certification processes.
Standards – Standards are built on the foundation, and assumption of the existence of practices and body of knowledge. They
describe the structure, operating principles and guidelines for the organization, along with the “fit” and execution of Revenue
Assurance.
Standards
Body
of Practices
Knowledge
GRAPA Workshops
The GRAPA membership disseminates its knowledge, expertise and intentions through a variety of mechanisms. One of the
most compelling and effective is GRAPA workshops. Workshops are combined training/problem solving sessions wherein
GRAPA members meet to discuss their common problems, approaches and solutions. These sessions, offered through the
GRAPA Revenue Assurance Academy, provide a compelling, in- depth and personal source of input and knowledge-sharing.
More than twenty workshops were held around the world in 2008 in Asia, Europe, Africa, Middle East, North and South Amer-
ica. These workshops were each attended by at least fifteen participants and included Revenue Assurance Managers, CFOs,
Internal Auditors, Revenue Assurance Practitioners, Management Consultants, Software Engineers, and IT personnel.
GRAPA Committees
GRAPA hosted a number of committees for the development of standards in 2007 and 2008. These committees were used for
most of the ‘advance’ work in the standards process, such as defining the basic parameters, guidelines, body of knowledge and
framework. Committee members came from Management Consulting, Software and Revenue Assurance departments.
The current ratification process is underway, with public notices being sent to the entire membership allowing them the oppor-
tunity to vote and accept the standards. The ratification voting process has yielded an incredible ninety-five percent acceptance
of the standards as specified. Based on this mandate from the membership, we have chosen to formalize and promote the stan-
dards contained in this document.
The standards development process yielded information and knowledge that came to be labeled as either part of the GRAPA
“Body of Knowledge” and/or the “Practices Library.” While not part of the actual standards, they are clearly a critical compo-
nent to the overall framework that is being defined. We have summarized the basic nature and content of these two areas.
The GRAPA Body of Knowledge was developed in tandem with the Standards effort, but identified as separate from it. The
GRAPA body of knowledge for Revenue Assurance is quite extensive and is made up of the following major components:
Complete domain knowledge must include a clear working knowledge of how the various technologies that support different
telecommunications services work. Indeed, without a sound foundation in the technology, assurance is almost impossible. Inclu-
sion of these technology areas into the definition of the required Revenue Assurance Body of Knowledge is sorely needed.
The rationale for including sound technology domain knowledge as a prerequisite for effective Revenue Assurance activity is
clear and pronounced. Without knowledge the Revenue Assurance professional must always “guess,” “assume” and blindly
hope that interpretations and conclusions are correct.
On the other hand, the naysayers in each of the technology areas (Network and IT) will claim that “only an engineer with years
of experience can understand what we do.”
While we have the utmost respect for the skill, experience and years of effort that IT and Network Engineers put into perfection
of their craft, it is also true that:
1. There are many intelligent and indeed some brilliant people involved in the practice of Revenue Assurance.
2. Debunking the “mystery” of Network and IT is clearly one of the first and most important jobs of the Revenue Assurance
professional.
3. Knowing enough about how things work in order to assure them is different than knowing enough to build and manage
them.
Tools Knowledge
In addition to knowledge of domains and techniques, the practitioner must also be familiar with and conversant in the utiliza-
tion of the wide variety of different systems, applications and other tools especially designed to aide in Revenue Assurance
activities.
Note: For an exhaustive index of these different body of knowledge domains, see the index in the appendix of this book.
GRAPA Practices
The GRAPA Practices Library defines the sum total of the best estimate of how different professionals perform the Revenue
Assurance job. Practices are divided into the following major categories:
1. Standard Controls Inventory
2. Diagnostic and Administrative Techniques
3. KPIs and Measures
The GRAPA Standards define the different types of controls, along with what they are, how they work, etc. The Standard Con-
trol definitions specify how and where they are applied.
There are currently nine standard controls for the assurance of a mediation system. These include CDR Transport, Mediation
I/O, Filtration, Suspension Management, Error Management, Consolidation Operations, Business Rule Assurance, Change
Control, and System Security.
Each of these controls describes the basic operational and technical environments associated with the control. They also define
the standard approach taken to ensure that a particular area does not experience a higher than normal “loss” or “risk of loss.”
For example, the first area listed is “CDR Transport Assurance.” This is the process of assuring that all CDRs are successfully
transported from the switch to the mediation system.
The standard practice for implementation of this control is to utilize the Mediation System CDR Serial Number and TTFile
Continuity reports.
The standard application of this control is for Mediation Operations to check these reports each day, and to report any variance
outside the normally defined range of losses (risk tolerance parameter) to the Revenue Assurance Forensics team for analysis
and resolution.
The job of the Revenue Assurance professional is to take a look at the existing environment and determine:
1. The exact level of risk of loss associated with each control
2. The level of assurance that should be applied
3. The tolerance for risk/loss that should be integrated into the environment. Note: We refer to steps 1, 2 and 3 as the Forensics
process.
4. That controls are implemented and enforced. This is referred to as the Compliance process.
The Standard Controls library forms the foundational reference for the Revenue Assurance professional.
Note: The Practices library for GRAPA is currently found embedded in the GRAPA certified training courses. Work on a true
reference library will be undertaken as the need arises.
Included are other techniques such as “Revenue Mapping,” “Noise Analysis,” and other approaches that help the Revenue
Assurance manager to organize and optimize Revenue Assurance activities.
Also included are techniques for organizing the Revenue Assurance group itself and for the different systems and activities
involved.
Like the practices and techniques libraries, the current body of knowledge associated with KPIs and measures can be found in
the GRAPA Forensics and Management training classes.
In the next chapter we will focus on the overall structure of the GRAPA Standards themselves.
Chapter 5
One of the biggest challenges in the development of a set of standards is determining how to organize the material. Many people
in the GRAPA organization had great ideas about what Revenue Assurance is, how it should be done, what works and what
doesn’t, in addition to what is important and what is not.
When documenting standards of this nature, you need to determine how to separate each of the concepts, while simultaneously
pointing out their interrelationship.
The standards as specified here, when coupled with the practices and body of knowledge, present an amazingly clear and
straightforward way to organize and professionalize the practice of Revenue Assurance.
There is a risk, however, that the reader will examine some aspects of the standards and fail to see how they are appropri-
ate. This reader may have missed how the other parts of the standards make them appropriate. Therefore, we ask the reader
to review the standards in their entirety, before jumping to any conclusions about their adequacy or appropriateness. These
standards are an interlocking set of foundation stones which, when utilized together, will deliver what we believe is a highly
effective Revenue Assurance practice.
The GRAPA Standards themselves have been organized into the following four major categories:
1. Disciplines and the Revenue Assurance Lifecycle – Which define the four major “Jobs” in the Revenue Assur-
ance domain (Forensics, Controls Management, Corrections Management, and Compliance) and the way they work
together to assure revenue risk. The four core disciplines that make up the job of Revenue Assurance often surprise
people when they first review them. But for most practitioners, the soundness of the approach quickly helps them to
understand their jobs in new and more manageable ways. Not only does the definition and delineation of the Revenue
Assurance Disciplines provide a badly needed organizational reference, it makes interdepartmental boundary setting,
establishment of measures and KPIs, and the negotiation of responsibilities quite clear and straightforward.
2. Domains – Which provide the vocabulary and method for designating what is “in” and “out” of scope for Revenue
Assurance activity. By far, one of the most confusing and difficult to manage aspects of the Revenue Assurance job
is the continuous ebb and flow of responsibility and scope. Revenue assurance is, by definition, a fill-in job, a stop-
gap and supporting role to the major function of the Telco, which is the operational part. If Revenue Assurance is to
be successful, it must have a method and a process for defining what it is doing, where it is doing it, and what it is
expected to deliver as a result of that involvement. Domain management and definition is a foundational concept of
the standards for this reason.
3. Objectives (Levels) – Which define what the purpose of the Revenue Assurance activities are to be in each area.
By far the most controversial, interesting and exciting aspect of the practice of Revenue Assurance is the incredible
diversity in the definition of exactly what the objective of that effort should be. Under GRAPA, we refer to the differ-
ent objectives as “levels” of assurance. Assuring against current revenue losses, prevention of losses, anticipation of
loss, and mediation of all losses in all of their forms comprises the second critical aspect of Revenue Assurance scope
definition and control.
4. Principles – Which define the organizational and operational guidelines for establishing a Revenue Assurance group.
The principles address the ethics of how Revenue Assurance should be practiced, as well as establishing the guidelines
for how the Revenue Assurance practitioner is to relate to and work with top management, related assurance groups,
and the Operational Managers they serve. It is our firm belief that, if Revenue Assurance is to graduate from the status
of a part-time, ad hoc, short term solution to a profession, then establishing an ethical foundation and declaring clear
and enforceable organizational boundaries is critically important.
Developing a comprehensive definition of revenue assurance, requires that we create a definitive summary of all of the different
aspects embodied by these standards. The decision of whether to include this definition in the standards was a difficult one. In
the final analysis, the statement of the definition of the Revenue Assurance discipline is by far our boldest statement. It leaves
little room for doubt and confusion in people’s minds. The definition of Revenue Assurance as to the practice of the standards
defined here is the keystone that holds the rest together and, as with all aspects, it is subject to legitimate query as well as less
than legitimate “name calling” and “nay saying” by the people who consider this to be a topic for the water cooler rather than
in the board room.
P r in c ip le s
D e fi n i t i o n
D o m a in Of O b je c t iv e s
R e v e nue
M a n a ge m e n t A s s ura nc e ( L e v e ls o f
A s s ura nc e )
D is c ip lin e s
As indicated by this diagram, the GRAPA Standards are organized into four major areas: Principles, Domain Management,
Objectives (Levels of Assurance), and the Disciplines. Each of these is based upon and borrows from the others, and they are
tied together through the definition of exactly what Revenue Assurance is, as defined by these standards.
Chapter 6
In order to conduct an intelligent discussion about how to organize, manage and standardize the Revenue Assurance function,
we need to first define is exactly what the Revenue Assurance job consists of.
Trying to get the Human Resources department to develop a job description or a list of requirements for the job will be even
more frustrating and confusing. This lack of a clear definition of the job, the skills and the boundaries of the operations is no
surprise, and is precisely the reason that a set of standards is so badly needed.
In our effort to build a comprehensive definition and description of Revenue Assurance, we begin with a purely functional
definition.
After more than 15 months of interviews, meetings and discussions with dozens of Revenue Assurance professionals, we were
finally able to come up with a simple list of tasks that everyone agreed includes the majority of what Revenue Assurance people
do. Not only were we able to crystallize and simplify the many disparate anecdotal testimonies, lists of tasks, and different
operational perspectives into a simple framework, but we were then able to map them back to the source and verify that we had
captured the heart of the Revenue Assurance function.
The disciplines illustrated here describe what needs to be done. The organization and top management must determine who
does what job.
Without exception, once presented with the rationale and given some time to process the structure, Revenue Assurance manag-
ers and practitioners agreed that these are the four “things they do” when they perform Revenue Assurance.
In other words, understanding forensic analysis of a postpaid billing system is a valuable skill, but understanding the principles
of forensic investigation is much more valuable. If you understand the discipline behind how to organize and execute a forensic
analysis, you can apply it to any domain or subject area. Conversely, if you understand only how to investigate a particular
brand of billing system, you are lost as soon as your domain changes.
2. Economy of Scale
Accompanying the development of these disciplines is the ability to greatly increase the effectiveness of individuals and teams
by enabling them to scale their knowledge and make themselves more effective in more domains in less time.
It is in this area of economy of scale of skills that Telco organizations face the biggest challenge. It is easy to assure a particular
system or domain in telecommunications if you are an operational and technical expert in that domain. But if you are not an
expert, you are severely limited. The development of these disciplines and the science that goes with them will greatly change
this factor.
3. Ability to Organize
Ask Revenue Assurance managers what their biggest constraint is, and they will tell you that it is people. Having the people
with the vast knowledge required for the many different Revenue Assurance jobs is a huge challenge. Consequently, most
Revenue Assurance teams are organized by domain. A network specialist assures all network issues. A billing specialist assures
billing issues.
The problem of course is that few organizations can afford to hire enough specialists to cover all of the areas.
A more effective approach is to re-think the way you organize your teams. Organizing teams by discipline (forensics, controls,
corrections, compliance) instead of by domain opens some exciting possibilities for getting a more effective organization of a
Revenue Assurance team (and for attracting and training specialists to fill out the coverage requirements).
Standardization of the terms utilized to describe the different functional areas, and the list of disciplines within each of them,
can only benefit everyone in the industry.
The functional disciplines described here offer a powerful template for understanding what the Revenue Assurance team is
supposed to be doing, and then provides the means to effectively measure and direct those activities where management wants
them to go.
The purpose of the GRAPA organization, and of these standards, is to provide a format and a forum for the open discussion and
modification of these standards. This leads to the organized and hopefully painless integration of innovations into the model
on a regular basis.
We not only encourage, we plead with the membership, to review these standards with the utmost in scrutiny, and to participate
in their improvement over time.
Note: At this time, we repeat, that the definition of these functions and the illustration of the Revenue Assurance Lifecycle is
not a statement about who should do what job, how to organize a department or any other operational or political issues.
We reserve those discussions for the section of the standards based on the principles of Revenue Assurance, and specifically the
Operational and Organizational principles.
In the same manner, how can you initiate and run a control, if no one has done a forensic analysis to determine exactly what the
risk in the given area is, and what the appropriate control should be? And of course, how can you report on how well the organi-
zation is complying with the Revenue Assurance containment program without Forensic Analysis to define that environment?
RA Lifecycle – Phase I
Forensic Analysis
Management
F
Internal
Audit o
Cases r
Customer Forensic Findings Report
Complaints e
Internal n 1. Quantification (Revenue At Risk)
Management
Incidents 2. Alternative Solutions Development
s 3. Rationalization of Remedies
External i 4. Recommendations to Management
Incidents Domains
c
Operational
Monitoring
s
While this may seem obvious and trivial when presented in this manner, it is amazing how many Revenue Assurance “prob-
lems” occur because people did not understand this basic fact.
A staggering number of organizations have attempted to implement Revenue Assurance systems at the cost of hundreds of
thousands and often millions of dollars, without doing a basic forensic analysis beforehand! Unbelievable, but true in more
cases than you might imagine.
People go through the incredible trouble and expense of installing a Revenue Assurance system, basically a system designed to
automate and report on controls. They then discover that the area being monitored is not losing any revenue, or is losing much
less than the cost of the system implemented to manage the control!
Nothing could be more obvious, or more critical. You must perform a disciplined, rationalized analysis of an area before you
can decide what the appropriate level of assurance needs to be.
Take a mediation system for example. Following are two organizations with the same number of customers, same revenue and
same type of traffic, but with very different mediation environments.
1. Carrier one has a one-year old, commercial off-the-shelf mediation system. There is a team of four experienced personnel
in charge of operations in that area, and all major mediation controls are already reported by the existing mediation system
daily reports that the mediation operations team checks anyway for operational control reasons.
2. Carrier two has an eight-year old system written by a company that is no longer in business. There is only one person,
assigned part-time to the operational control of that system. That person runs none of the standard reports, and does not
know what they mean.
Clearly, the decision for setting up the appropriate controls for these two environments is quite different and only an in-depth,
disciplined analysis can be counted on to recommend the appropriate coverage plan.
The execution of a totally informal, undocumented forensic analysis is quite common and perfectly acceptable, as long as the
practitioner has done all of the necessary steps. It is assumed that, with experience, the professional can use shortcuts for many
steps. In cases where there is a trusting relationship with management and operational managers, an informal execution is com-
mon.
It is fundamental to the organization of the standards for the practice of Revenue Assurance that we clearly define and segregate
the responsibilities for different aspects of this process.
RA Lifecycle – Phase II
Implementation of Corrections and Controls
Correction
F …to policy,
o Management procedure or
systems
r Directive
e 1. Perception of Risk
Forensic
n Findings
2. Appetite for risk
3. Risk Profile Controls
s Report 4. Priorities Implementation
i 5. Budget
… creation of
6. Organizational and
c Operational Constraints reports,
s measures or
procedures
to monitor risk of
loss or actual loss
While it is clearly the job of the Forensic Analyst to investigate root causes, diagnose the situation and offer alternatives, it is
equally clear that the decision about which one to implement should not normally fall within the Revenue Assurance organiza-
tion.
3. Because of these exceptions, the decision about the implementation of controls, like those regarding corrections, must usu-
ally be brought before top management and the operational management team for a final decision about how, where and
when the corrections and controls will be implemented.
What is critical, from a standards perspective, is that all understand the following:
a. The structure and lifecycle
b. The major decision points and why they are implemented the way they are
c. The reasons for this separation of responsibility and the consequences for bypassing the separation
As long as the points above are understood, it is expected that each organization will use its own judgment for implementation
of this phase.
Management
F C
Internal
o M
Audit o
Cases
Recommended
Correction m a
Customer
r Corrections
n
Complaints e p
a
Internal n l g
Incidents
s i e
External i a m
Incidents Domains n e
c Coverage
Operational
s Plan Controls c n
Monitoring
e t
A well designed compliance operation will summarize each of the different activities of Revenue Assurance, and allow man-
agement to know quickly and easily the status of different initiatives and, most critically, the location and degree of risk across
the myriad systems and operations within the environment.
RA Lifecycle – Phase IV
Feedback Mechanisms (Alarms, Alerts, AutoCorrections)
Cases m a
Customer
r n
Complaints e p
a
Internal n
Recommended
Corrections Correction l g
Incidents
s i e
External i a m
Incidents Domains n e
c
Operational
s c n
Monitoring
e t
Coverage Operational
Plan
Monitoring
Each correction that has been specified needs to be tracked, and management kept informed about how and when the correction
will be implemented. When the corrected procedure yields new cases, these need to be fed back into the forensic process for
further review.
The fact that controls have been created is only the beginning of the Revenue Assurance process. The real work begins after
they have been implemented. The point of controls is to:
1. Provide management with an assurance that the risk of revenue loss is being monitored on a regular basis (by the run-
ning controls and reporting via compliance).
2. Generate alarms when revenue risk levels surpass the management specified levels (appetite for risk threshold). When
the threshold is violated, the forensic team needs to be notified so that appropriate investigation and adjustment can
happen.
With the implementation of appropriate feedback and communication mechanisms, the basic Revenue Assurance Process is
complete.
Phase IV++
After the successful establishment of the Revenue Assurance environment for the cases and domains that were specified as the
initial scope of the Revenue Assurance group, the real work of Revenue Assurance begins.
Now, the Revenue Assurance team must maintain vigilance and control over the areas currently in scope. At the same time, the
team will be reviewing and expanding scope by adding more domains and cases to the environment.
With patience, professionalism and trust, the scope of Revenue Assurance will continue to expand to include more of the Telco
environment.
Ad
d
m
or
e
ca
se
s
an
d
do
m
ai
ns
In the next chapter, we review the four Revenue Assurance disciplines in more detail to provide a better understanding of
exactly what is involved, and how they can be applied.
Chapter 7
Forensic Analysis
Provided with the general overview of the Revenue Assurance function, as defined by the Revenue Assurance lifecycle in the
previous chapter, it is now possible for us to provide a more in-depth review of each of the four basic disciplines that make up
the Revenue Assurance environment.
As we said earlier, at this point, our objective is to define what needs to be done in order to assure the different revenues of the
Telecom. We leave the discussion about who should do it for later.
There is no reason to assume that a formally-defined Revenue Assurance team should be expected to have the manpower,
expertise or predisposition to do any of the jobs we are talking about here.
Indeed, there are some Telcos where there is little or no need for a Revenue Assurance group. Internal Auditors, Business Pro-
cess Reengineering teams, Sarbanes-Oxley, Operations can all get the same job done. The critical point is not who does it, but
that someone does.
Forensic Analysis
The first of the four Revenue Assurance disciplines is Forensics (or Forensic Analysis). You may be asking, “How did you come
up with the term “Forensic Analysis” for this function? Why not “Systems Analysis” or “Assurance Review?”
The decision of what to name this function was not an easy one to make. We tested several different names and approaches,
but most of the more neutral and acceptable names carried such a large backlog of assumptions and pre-determined ideas about
what it meant and what was involved that we decided on the more exotic term Forensics.
The dictionary includes several definitions for the term “Forensics” but one of them fits our meaning. It states that Forensics is
“relating to the use of science or technology in the investigation and establishment of facts or evidence.”
That is precisely what Forensic Analysis is all about in this case. We want people to make decisions in the area of Revenue
Assurance based upon “facts” not “guesses” and we want those facts to be based on an organized, dependable “scientific
method.” It should not be based on an infinite collection of random observations, assumptions and gut-level guesses about
revenues, loss, and most critically -- the risk and forecast of loss.
When the Forensic Analyst takes on a case or domain, the objective is primarily to determine the amount of revenue that the
company risks losing in this particular situation.
The
Cases Reports
Forensic
Analysis And
Process Recommendations
Domains
Fundamentally, we can view the Forensics Process as consisting of three parts, the Inputs to the Process, The Forensics Disci-
plines themselves (scientific methods employed) and the Outputs.
Cases
The first and most common input to Forensics is the case. There are many different kinds of cases but they have one thing in
common; they are discretely-defined events which indicate a possible or definite risk of revenue loss. There are many different
sources of cases. One source is the straightforward and usually random cases that are reported. These include:
1. Customer complaints
2. Management observations and directives
3. Whistle Blower reports (for fraud cases)
4. Operational personnel observations and reports
5. Internal Audit recommendations
These random reports of cases, while important and useful, usually represent a small percentage of the total number of cases
that a forensic team will review. The most common and largest single source of cases is from alarms and alerts issued by con-
trols.
Ultimately, the goal of the overall Revenue Assurance process is to install enough controls, so that all revenue risks are ade-
quately anticipated and reported as “alarms” that the Forensic Team can analyze and respond to. Alarms of this type include:
1. Report of a higher than normal loss of CDRs from the Mediation System
2. Report of a higher than normal percentage of rating errors from the Billing System
3. Report that a new interconnect partner has been brought online without completion of the proper assurance checklist
Domains
The other, equally important input is a domain. Whereas a case is a discreet event that is turned over to the Forensics Team for
diagnosis, domains represent a completely different kind of input.
A domain of interest for the Forensics Team is a complete subsection or component of the company’s Revenue Management
chain or product group that management has decided should be included within the scope of Revenue Assurance.
Domains are turned over to the Forensics Group so that they can do a comprehensive evaluation of the potential lost exposure
that the area represents so that a proactive and well-developed coverage plan can be recommended.
In other words, cases are reactive notifications that the Forensics Team needs to try to “backtrack” and determine what hap-
pened. Domains are areas where management has decided that the Revenue Assurance team should be proactive, and determine
ahead of time where the most likely leakage points might be. They then recommend controls and corrections in order to prevent
it from happening in the future.
We will withhold our detailed discussion of domains for the chapter on Standards, which is dedicated to that topic. Suffice it to
say that domains are broader and more comprehensive in scope than cases.
Domains are typically assigned to the Revenue Assurance team by top management. Domains are also assigned by invitation,
issued by the manager of a particular operational area, or by edict, at the direction of Internal Audit, Sarbanes-Oxley or another
Compliance Management group.
Any given company on a given day can generate dozens of cases that must be addressed. In addition, most companies are badly
in need of a clear Forensic review of most domains (product lines and systems) that they operate. So how does the Revenue
Assurance Forensics Team manage it all?
In other organizations the majority of Forensics is deferred to the Revenue Assurance team. Other groups, like Internal Audit
or Business Process Reengineering; only get involved in special cases.
The process of determining which organization should be assigned responsibility for Forensic Analysis is very important and
we will discuss this issue in detail under the Operational and Organization Principles section of the standards. At this point it is
important to note that the Forensics job is most often shared between multiple organizations.
Case Or
Domain
What analysis
and at what level
Risk Is appropriate?
Analysis
Exchange
Is Analysis
No there enough
Revenue at Risk
to Justify Systems
Forensic Investment? Analysis
Process
Analysis
Statistical / Numerical
Analysis
Coverage
Plan
Development
We provide a brief description of each area here. The techniques utilized in each area are considered part of the “Practices” sec-
tion of the standards and are a critical part of the GRAPA Body of Knowledge for Revenue Assurance professionals.
Risk Analysis
Risk Analysis is the application of predefined and proven techniques for the assessment and determination of the level of risk
of loss, or the extent of the risk of loss to be found within a particular domain or case.
Risk Analysis techniques provide the Forensic Analyst with tools that allow him/her to determine the level of probable risk
without experiencing the extreme expense of extensive, detailed, specific quantification.
The purpose of Risk Analysis is to allow the Forensic Analyst to draw preliminary conclusions about the extent of the risk of
loss before investing in a more extensive evaluation. Forensic Analysis is costly in terms of time, money and effort, and the
Forensic Team must be sure it is prioritizing efforts based upon a foundation of the best return on investment. This requires a
clear understanding of the amount of revenue at risk, and the magnitude of that risk, prior to engaging in an in-depth evalua-
tion.
There are many different techniques that we include in the ever-growing collection of Forensic Risk Analysis practices. Some
of the most common and best understood include:
Revenue Mapping – This is the rigorous process of identifying each of the major revenue streams that the company has, and
mapping out each of the different systems and operations involved in the realization of revenue. A Revenue Map traces the
progression of a revenue transaction from the point of activation/provisioning, to the point of revenue generation (usually on
the network), through the different systems that handle the transactional information. This is done to the point where the money
is collected and credited to the customer’s account and the customer’s prepaid balance and general ledger as recognized rev-
enue.
Risk Mapping – A Risk Map is a derivation of a Revenue Map, which allows the Forensic Analyst to understand in relative and
absolute terms, the differences and degree of revenue at risk within each component of a Revenue Stream.
Noise Analysis – Noise analysis is a process that allows the Forensic Analyst to determine the relative revenue at risk, based
upon collateral and coincidental data related to each link in the revenue chain, as defined by the Revenue Map. Noise analysis is
an extremely powerful Risk Assessment technique that allows the analyst to identify the greatest risk exposure with a minimum
need for numerical and analytical work.
Gross Tally Analysis – this is the process of creating meaningful and easy to generate metrics, ratios and indicators that allow
the analyst to quickly estimate loss exposures. Typical GTA metrics include:
1. Average value of customer
2. Average value of CDR
3. Average value of 1 Erlang
4. Average value of a particular network element
5. Many others.
Environmental Risk Assessment – The Environmental Risk Assessment technique provides the Forensic analyst with a list of
collateral and secondary conditions that can be ‘tested’ in order to assess the relative risk associated with a particular compo-
nent. For example, the age of a switch, the proficiency of the network team managing that switch, the frequency of audits and
the percentage of faults and corrupt CDRs that a switch generates can provide the Forensic analyst with a great deal of valuable
collateral and generalized risk information, which can help narrow down the analysis and scope.
One of the most powerful techniques that can be integrated into risk analysis is the utilization of statistical analysis. Sampling,
distribution analysis, forecasting, cluster analysis and other techniques can be utilized by the analyst to do preliminary risk
analysis, as well as the more advanced Revenue at Risk forecasts generated as the last step in the process. Note: For detail on
these techniques see the Numerical/Statistical Analysis Techniques section.
There are many more Forensic risk analysis practices, but the above examples provide you with an idea of what is involved in
these practices and how they are utilized.
When risk analysis has been completed, the Forensic analyst will have formed an opinion about the merit, viability and urgency
regarding the case or domain in question. At this point the analyst will decide to:
1. Choose not to analyze at this time due to the low value or impact that it represents
2. Choose to forward the case/domain for a more in-depth analysis
It is as this point that the analyst determines which additional analytical techniques should be used, and what degree is most
appropriate. Each of the downstream processes has an objective, with specific skills and techniques associated with them. In
general, it is uncommon for a Forensic investigation to employ all of them.
Exchange Analysis
Exchange Analysis is the process of reviewing all of the terms and conditions associated with the contracts and/or regulations
to which the Telco is subject. Exchange in this context refers to the economic exchange between two legal entities. The typical
exchanges reviewed under exchange analysis include:
1. The contract and arrangement between a carrier and interconnect partners
2. The contract and terms between a carrier and content providers
3. The contract and terms between the company and the organization that prints top-up cards
4. The contract between the Telco and the bank that supports ATM -based top-up
5. The contract, terms, conditions and service level agreements associated with rate plans to consumers
6. The regulatory constraints on prices, contracts and service level guarantees as declared by government, association or other
legally binding conditions
Exchange Analysis can have a fundamental impact on the effectiveness of any Forensic Analysis that involves customers,
regulators or partners. Failure to include an analysis of these contracts (explicit and implied); laws and agreements leave the
Forensic Analyst unable to answer many key questions regarding how things should or should not be handled.
In some countries they do, in others they do not. Which is correct in your case?
2. When the SS7/C7 Network fails between the Switch and IN, are the customers’ calls cut off, or are they allowed to com-
plete the calls at no expense?
In some countries the Telco is required to complete the call for the customer. In others it is okay if they do not. In some
cases there is a service level commitment to customers to let them finish the call.
Unraveling the complicated legal and contractual issues is a critical component to many Revenue Assurance situations.
Process Analysis
Process Analysis is a well known, well understood and well practiced discipline. It involves the utilization of process models,
process narratives and a well defined set of tools and techniques to help the analyst understand, document and recommend
improvements to processes that are not optimal.
Process Analysis is integral when multiple organizations and complex interrelationships make operations confusing, contradic-
tory and a danger to the efficient and effective capture and processing of revenue.
Systems Analysis
As is true in the case of Process Analysis, Systems Analysis is a well-defined and well- understood discipline in its own right.
While Process Analysis focuses on people and operations, Systems Analysis focuses on computer systems and network element
operations. Some of the disciplines associated with Systems Analysis are similar to those utilized in Process Analysis, but many
are unique to the IT and Network world.
Decision trees, logic maps and a host of other tools help Systems Analysts understand and diagnose problems with revenue
flows related to systems.
One of the most frustrating (and sometimes comical) experiences is watching a person who has spent many days on a Numeri-
cal Analysis experience having all of the work thrown out within the first 15 seconds. This happens after it is revealed that
the analyst has missed some critical aspects of the exchange, process or system environment that completely invalidates the
assumptions.
Numerical Analysis is the process of gathering and analyzing straightforward reports generated by the different systems
involved in the area under investigation. Alternately, it can involve the development and creation of Data Warehouse generated,
special purpose reports in order to get a unique view of the situation under investigation.
Ultimately, it is impossible for the Forensic Analyst to make meaningful recommendations and to draw valid conclusions with-
out numerical data to back up the Forensic Findings Report.
In addition to the straightforward numerical reports created by the analyst, a great deal of powerful insight can be gained by
leveraging Statistical Analysis techniques. Statistical techniques are helpful not only as part of the in depth Forensics Analysis,
but as an adjunct to the Risk Analysis process as well.
There are a great number of Statistical Analysis techniques that can help the Forensic Analyst to do the job. These techniques
fall under a few basic categories, which include the application of Statistical Analysis in order to perform:
1. Risk Analysis – Helps the analyst to quickly determine the extent and severity of risk without requiring expensive detailed
data review
2. Root Cause Analysis – Utilizes pattern recognition and other techniques to uncover patterns that provide pointers to the
cause of a problem
3. Early Detection – Makes use of techniques that show an early indication of where a problem is most likely to occur
4. Forecasting – Provides the analyst with the ability to anticipate losses and approximate the extent of loss
The table below illustrates some of the areas where these techniques are commonly applied.
is
lys
y
sis
nc
na
rk
de
nA
al y
wo
T
aly en
n
AR
An
tio
sio
e
g
An ral T
lN
gr s
lin
/C
ibu
Re si
ter
es
ura
aid
mp
str
nt
us
Ch
Ne
Ce
Sa
Cl
Di
Risk Analysis X X X X X
Root Cause Analysis X X X
Early Detection X X X X
Forecast X X X X X
Controls Design X X X X
The subject of Statistical Techniques and their application to Forensics is vast and wide and far beyond the scope of this book,
but the preceding summary should help provide an overview of the area.
It is clear that an industry-based investment in the exploration and application of Statistical Techniques to the challenges of
Forensics will undoubtedly deliver extensive and effective benefits to the industry over the next several years.
Revenue at Risk
Based upon the material collected and reviewed in the previous sections of the document, the Forensic Analyst is ready to sum-
marize the findings in the form of a Revenue at Risk Statement. The Revenue at Risk Statement reports on:
1. How much revenue has been lost to the firm over the past 12 months due to this condition or situation
2. How much revenue loss can be anticipated over the next 12 months if no action is taken
3. The rationalization and justification for those numbers.
Calculating and reporting the revenue at risk for each case or domain might at first seem to be a lot of trouble, especially if it is
being forced into this rather rigid format. But there is a very good reason for imposing this discipline, and that has to do with
the KPIs for Forensics.
In the final analysis, it is not the number of leaks that the Revenue Assurance team finds, or the number of cases it investigates
that determines value. The true value of any Revenue Assurance effort is the Revenue at Risk that is detected, contained and
prevented.
But how can you measure it and report on it if you do not have a set, standardized method for analyzing and reporting it? That
is the pivot point and cornerstone of Revenue Assurance efforts, the accurate creation of Revenue at Risk Reports.
The revenue at risk numbers generated as the output of the Forensics Process has many purposes:
1. It is the key piece of data required to enable management to make a sound decision regarding which remedies (corrections
or controls) make the most sense.
2. It is the key piece of data that will allow the Revenue Assurance manager to show the value that Revenue Assurance is
bringing to the business.
3. It is the key fact that can help Revenue Assurance and top management motivate operational managers to change their
ways and tighten up their operations.
4. It is the only way that you can establish a simple and easy to understand metric. This will enable the Revenue Assurance
team to compare the benefits and risks to the business across the myriad operations and processes involved. It is the ideal
least common denominator for all Revenue Assurance reporting.
Remedy Review
After the reporting of the revenue at risk for the case or domain, the next component in the findings report is a review of the
different remedies for the situation.
Remedies can be recommendations to change policies, procedures or systems, or they can involve nothing more than the for-
malization and reporting of operational monitoring that is already being practiced.
In all cases, a review of possible remedies should clearly show the advantages and disadvantages of each alternative, in addition
to the rationalization and return on investment that each anticipates.
Remedy Recommendation
Finally, the Forensic Findings Report should include the recommendations of the Forensic Analyst and the reasons for the
recommendation.
A big factor in the formalization of this process is the way that many different groups will be counted on to provide Forensic
Analysis. The more diverse the groups, the harder the implementation of this rigid structure. In the same manner, most organi-
zations have a very large number of small cases, and a small number of large cases.
Clearly, the larger the domain, or the more extensive the revenue at risk under consideration, the more formally and the more
thoroughly you will want to implement your Forensics.
A good, experienced Forensics Team will quickly and effectively dispatch a number of cases with a minimum of rigor and
formal reporting. But a more inexperienced team will probably require the additional support that the formal documentation
process provides.
This, like so many other issues, falls under the topic of practices, not standards. For this reason, we defer further discussion to
those forums.
The following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards
Document and ratified by the membership January 2009.
1. Data Flow Diagrams – Standard I/T technique for the tracking of data flow
through systems/operations.
2. Entity-Relationship Diagrams – Standard DBA technique for the capture and
documentation of the relationships between data elements.
3. Normalization – Standard technique for the documentation and clarification
of the relationship of data elements.
4. Systems Flowcharts – Technique for the mapping and diagramming of the
interrelationships between programmatic and hardware components.
5. Network Topology Diagrams – Standard diagrams utilized to show the
physical and logical organization of the network.
6. Network Technical Diagrams – Any of a vast assortment of network
diagrammatic techniques.
v. Statistical and Numerical Analysis – The utilization of advanced business
intelligence and statistical analysis techniques to assist in the understanding,
diagnosis and evaluation of revenue risk situations.
1. Risk Analysis – Employment of risk assessment techniques to assist in the
quantification of risk after in depth analysis.
2. Root cause analysis – utilization of statistical methods to determine the
source reasons for revenue risk
3. Early Detection – utilization of statistical techniques to be pre-emptive in the
determination of where risk will occur
4. Forecasting – providing management with a clear forecast of potential future
loss given current conditions.
5. Sampling – statistical technique that allows the analyst to examine a small
number of records and infer the true nature of risk for the entire population
6. Cluster Analysis – statistical technique that allows the analyst to identify
patterns and possible root causes based upon the natural “clustering” of
cases or conditions
7. CART/CHAID – graphical techniques that provides accurate and effective
forecasts or many different risk conditions
8. Neural Networks – tools that provide for forecasting and prediction using
modern statistical methods
9. Distribution Analysis – utilization of graphical distribution charts to help
the analyst spot patterns, trends and disparities that can indicate loss risk
scenarios
10. Analysis of Central Tendency – utilization of average, mean and mode to
provide analysis of large populations of data
11. Regression Analysis – traditional statistical technique for prediction and root
cause analysis of revenue at risk scenarios
vi. Coverage Plan Development
1. Rationalization
a. Quantification of Risk (Determine “Revenue at Risk”)
b. Annualization (Forecast 12 month loss)
c. Alternative approach development
2. Solution Development
a. Root cause analysis
b. Identification of “Key Control Points”
3. Feasibility and Estimation of Each Solution
4. SWOT-CB (Strength, Weakness, Opportunity, Threat, Cost, Benefit) for
each alternative
5. Recommendation of best alternative
Chapter 8
Upon completion of the Forensics Process, the Revenue Assurance Team is ready to proceed with the rest of the Revenue
Assurance lifecycle.
RA Lifecycle
Cases (Alerts/Alarms)
Management
F C
Internal
o M
Audit o
Cases
Recommended
Correction m a
Customer
r Corrections
n
Complaints e p
a
Internal n l g
Incidents
s i e
External i a m
Incidents Domains n e
c Coverage
Operational Controls c n
Monitoring
s Plan
e t
Cases (Alerts/Alarms)
Management Decision-Making
You should recall that, after the Forensics Findings Report is created, the next step is for management to review the report and
to make some decisions about how to proceed.
Review and
Recommended
Modifications and
Comments
Management
Of Funding
Decisions
Remedy Decisions
Review and
Recommended
Modifications and
Comments
Management
Of Funding
Decisions
Remedy Decisions
Before we get into an in-depth discussion about the implementation and activation of corrections and controls, it is important
that we consider the management decision-making process in more detail.
After the Forensics Team has developed its best assessment of the case or domain in question, the team members might decide
that they understand the situation well enough to make the decision about the control/corrections on their own.
While this may be true in many cases, the situation is usually not that simple. To be effective, the control or correction in ques-
tion must be implemented and agreed upon by top management and the involved operational area. Revenue Assurance typically
does not set out to override the authority and responsibility of Operational Teams, only to supplement and assist them.
This means that the Forensics Team should, in most cases, review its findings with the operational area in question before sub-
mitting it to management for approval. There are several reasons for this:
1. It is possible that the Operational Manager will agree with the findings and recommendations and decide to implement
them immediately. This will make the entire implementation process much easier.
2. If the Operational Manager has concerns or disputes the findings, it is best to listen and attempt to resolve them before
involving top management in unnecessary controversy. The Operational Manager may not always agree with the findings,
but it shows respect for the role and position when you consult this manager and solicit opinions.
3. Based on the feedback provided by the Operational Manager, improvements to the recommendations can probably be
made.
Once the Operational Team involved in the area under review is consulted, the Forensics Analyst can submit the final report to
management for review.
Remedy Selection
The first decision to be made is determining which remedy should be implemented. If the Forensic Team did a good job of
exploring the problem and presenting different alternatives, the management job should be relatively simple and straightfor-
ward. The risk/cost tradeoffs associated with each remedy should be clearly spelled out in the Forensic Findings Report. If they
are, then the top managers can focus on their part of the process, which is to set their tolerance for risk, and to decide how much
they are willing to spend in exchange for the level of risk that the remedy assures.
Implementation – Who will be responsible for designing and building the new control or correction? Will it be IT, the Opera-
tional Management Team, or contractors? The construction of a control or correction can be a major implementation, ranging
in cost from a few dollars (to make a minor modification to a program) to millions of dollars (for implementation of a new
system or major operational change).
Administration – After the control/correction has been implemented, the next, and most critical question is, “Who will be
responsible for running it?”
This is where many organizations lose the benefit of their Revenue Assurance investments. Organizations spend a great deal
of time defining and building controls and corrections, but can be woefully lacking in decision-making about who is going to
actually run the control.
The assignment of responsibility is critical to the person who will monitor the control and ensure that appropriate responses are
made to conditions that arise, whether that is to the Operational Team, the Revenue Assurance Team or someone else.
Compliance Requirements and Responsibilities – It is also important that management, the Revenue Assurance Team and
the Operational Management Team agree upon the compliance associated with a particular control.
It is one thing to create a control, another to monitor it, and yet another to ensure that the monitoring is happening. In addition,
the alarms and alerts must be escalated appropriately, and management must be assured that everything is functioning the way
that it was specified. These negotiations can be especially sensitive since they often involve assurances that operational person-
nel report information to the Revenue Assurance Compliance and Reporting Team.
Once these decisions have been made, the team is ready to begin the Controls Development Lifecycle.
This development process is simple and straightforward at this very high level. But it will vary greatly in complexity based on
the extent of the correction or control involved.
Understanding Controls
Creation and administration of controls is a major part of most Revenue Assurance Departments’ activities. As with all of the
other disciplines, it involves an assortment of varying approaches and levels of expertise.
Definition of a Control
The first step in understanding Revenue Assurance controls is to determine what exactly is meant by the term. The term “con-
trol” in this case is borrowed from Finance and refers to the same things as an accounting control (as specified by auditors and
management accountants).
One of the most common definitions of accounting controls is that they are “procedures used to assure accuracy in the record
keeping function. Controls exist to ensure source data placed in the system are proper and correct.” In short, a control is a
procedure that double-checks some aspect of an operation or system.
There are several types of controls, and many different ways to categorize them. These include categorization by:
1. Level of Automation – Manual, semi-automatic and fully-automated controls
2. Continuity – Continuous (ongoing), periodic (regular schedule) and sporadic (random sample based)
3. Frequency – hourly, daily, weekly, monthly, annual
4. Triggering Mechanism – time, calendar, event, condition
5. Control Type – Audit, change control, threshold response
6. Mechanism – Operational Report review, overlay system or function
While the review of these different aspects and mechanisms is as much a part of Controls Design (a Forensic Process) as Con-
trols Implementation, we have included the complete discussion at this point for the sake of continuity.
Audits
The term “audit” in the context of a Revenue Assurance control is not the same as a typical audit done by an internal auditor.
Within our context, an audit is a predefined, manually executed series of tests that allow the auditor to verify that the system or
operation under review is working as specified.
In this context, an audit can be done every day or many times a day if required.
The most commonly practiced and easily understood example of an audit of this type is the typical postpaid billing system
invoice audit. In most cases, the people running postpaid billing systems will extract a sample of bills from each billing cycle,
and manually verify that the charges and calculations are executed correctly, before releasing the cycle for printing.
For many organizations the audit is one of the most commonly applied controls because the cost to imple-
ment them is low when the check does not need to be done often. As the frequency, volume of information
and level of risk increases, the appropriateness of the audit decreases.
By formally identifying and designating existing (or commissioned) reports being generated as a normal part of the operational
activities in the area as “controls,” the Forensic Analyst provides optimum coverage for minimum cost.
In a surprisingly large number of cases, the information required by the Revenue Assurance organization to monitor the level
of risk associated with a particular area is already being captured and reported by operational systems. In fact, this is quite
logical. How can an operational system run effectively if critical information about the integrity of revenue related operations
is not being checked?
The process of establishing these kinds of controls is easy if the Forensic Analyst understands the system being assured.
The first step is for the analyst to identify the “standard controls” associated with that particular function or system.
The GRAPA Practices and Training Classes provide an in-depth review of standard controls for all areas of Telco operations
identified as part of the Body of Knowledge.
The analyst then reviews the existing operational environment and attempts to identify the specific reports that generate the
information.
A large number of Revenue Assurance Departments run the majority of their operations utilizing spreadsheets, which identify
each of these types of controls and the other required information that must be checked in order to make them effective.
Test Plans
A test plan is a predefined set of procedures that allow the analyst to determine whether a particular function is working cor-
rectly or not. The difference between a test plan and an audit is that a test plan is more simplistic and single threaded in design,
while an audit will typically involve several steps and checks.
The most common practice test plan is a “Test Call Discipline.” Under a Test Call Discipline, the person running the control
schedules a predetermined number of calls to be made at certain times to certain places. The date, time, destination and dura-
tion of the calls are logged, and the analyst then reviews the IN, VMS, Mediation or Billing System to verify that the call was
routed and billed as intended.
Test plans can be run manually, semi-automatically or automatically and are a crucial control for many aspects of operational
review.
Synchronization Mechanisms
Synchronization is the process of making sure that two or more sources of data that are supposed to have the same information,
are in fact in alignment. Management of revenue in the Telco involves the synchronization of hundreds of pieces of information
across dozens of systems. In a great number of cases, the effective synchronization of out-of-synch systems can save Telcos
millions of dollars of jeopardized revenues.
The most commonly implemented synchronization activity in the wireless business is the synchronization of the HLR with
Billing. Failure to synchronize these two data sources can result in serious revenue loss due to the mishandling of revenue
transaction information.
In general, activation, provisioning, routing table, rating data, and other information repositories are potentially useful synchro-
nization points.
Auto-Adjustment Mechanisms
There is one special version of a control called an auto-adjustment mechanism. In the default case, controls generate alarms and
alerts, which are to be responded to as part of the Forensic Process.
When the domain of the control is tightly defined, it can be common practice to create a standardized response to certain levels
of alert. In these cases, the Forensic Team does not need to be involved in the “escalation.” The person running the control, or
another person in the operational area such as a manager, or a system, can make the adjustment to the operation to compensate
for the perceived risk.
For example, when a Bill Cycle Auditor discovers problems with billing system ratings, the next step is typically for that analyst
to go through a verification sequence. This involves checking the accuracy of the rating tables, verifying synchronization with
the HLR, checking the CDRs, and other manual checks. The analyst will be authorized to make adjustments as needed, giving
a set of parameters when the identified variance requires escalation to a higher authority.
Auto-adjustment mechanisms are powerful and useful, but also difficult to manage; so care must be taken when implementing
them.
Understanding Corrections
While the topic of corrections could fill volumes all by itself, for the purposes of this standards exploration we will simply
review the high level points that are pertinent to Corrections activity.
As with controls, the Revenue Assurance Team may or may not be involved in the implementation of a correction. This depends
on the Operational Team’s capability and management’s decisions. It is certainly not common for Revenue Assurance to over-
see the implementation of new operations or major systems.
However, Revenue Assurance does need to be involved in these processes. Most critically, the Revenue Assurance Team should
be assigned responsibility to ensure that all the required controls and compliance for the new operations are implemented cor-
rectly, and as part of the design and build process.
When a correction is complete, it should be considered as simply another control to be managed and monitored by the Revenue
Assurance Team as part of the Controls discipline.
As in many other cases we have discussed, the ultimate decision about what Compliance to enforce and the methods for struc-
turing and reporting it are an issue of practices more than standards. From a standards perspective we can only identify the
different types and levels of Compliance Reporting. We leave it for practitioners to determine which Compliance elements to
include and how to manage them.
There are several objectives for the Revenue Assurance Team. The first set is associated with management needs. Major man-
agement concerns include:
1. Assurance that all areas of Revenue Risk that have been included within the domain of Revenue Assurance are being
monitored as specified. In other words, to assure management that the Revenue Risk exposure is at the level set or
lower.
2. Transparency regarding whether there are some areas where the current level of controls is too high. Can I reduce the
level of control and monitoring without exposing myself to a significantly greater risk?
3. Understanding how much loss or risk of loss is actually occurring (Alarm and Alert summaries).
4. Providing a clear set of measures that make it easy to understand how well the Revenue Assurance function is being
managed.
To create a meaningful set of Compliance Reports and procedures without taking on a huge and disproportionate report expense
or flooding management with too much data is a challenging job.
As we have stated earlier, the real work associated with Compliance Reporting is done at the point when the controls and cor-
rections are negotiated and approved by management. It is at that point that the Revenue Assurance Team needs to be sure that
the proper Compliance infrastructure and rules are implemented.
Conclusion
This concludes our discussion of the four Revenue Assurance disciplines and their application in the real world. In the follow-
ing chapter we will investigate the next component of the Revenue Assurance standards, the Objectives (or Levels) of Revenue
Assurance.
he following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards
Document and ratified by the membership January 2009.
Chapter 9
Objectives of
Revenue Assurance Activity
The first dimension in the process of developing our comprehensive definition of the Revenue Assurance operation was to
define the Revenue Assurance lifecycle and the four main disciplines that it includes.
The next challenge is to develop a consistent and inclusive definition of the objectives for the Revenue Assurance process. As
we have stated, it is easy to find highly-generalized statements regarding what the goal of a Revenue Assurance operations
should be, such as the protection of revenue streams or to champion the integrity of processes. It is also easy to find anecdotal
references such as “The goal of Revenue Assurance is to reduce leakage.”
The problem with these definitions is that they fail to provide us with a clear and quantifiable understanding of what is (and
what is not) included in the Revenue Assurance charter.
In the same way, setting the objective of Revenue Assurance to be “the protection of revenues” or “the management of risk”
leaves us with far too much scope to manage.
One might say that the biggest reason for the ambiguity and dissatisfaction with the activities of Revenue Assurance teams is
that no one has clearly defined what needs to be accomplished.
Problems arise when attempting to define a meaningful and comprehensive definition for the goals of Revenue Assurance. The
domain of most Revenue Assurance groups is vast, and the majority of their actions have a clear impact on the assurance of the
companies’ revenues.
However, due to the broad range of areas and disciplines involved, it can be extremely difficult to categorize and standardize.
Remediation is the process of taking action and fixing a Revenue Assurance or Fraud situation that has been discovered. The
Revenue Assurance lifecycle clearly identifies corrections, and the initiation of new controls. Both are clear examples of how
Revenue Assurance delivers remediation to the business.
Detection involves the determination of where problems are and the items that require remediation. The Forensic process as
previously defined is dedicated to the discovery, prioritization and escalation of issues that need to be addressed.
Deterrence, although we have implied it, has not been specifically cited in our discussions so far. It is the process of preventing
the revenue loss from occurring from the start.
We have not specified a different function for Deterrence because it can be accomplished using the existing structures. Correc-
tions and controls are not only for Detection but also for Deterrence.
The single biggest form of Deterrence is the establishment of a specific response to different alerts and alarms (Detection).
For example, SIMBox Fraud Deterrence is accomplished by establishing a SIMBox activity detection mechanism (a Fraud
Management system), and then establishing a policy that provides for escalation of alarms. This is intended to elicit a deci-
sion about cutting off the account (normal escalation of alarm), or establishing an automated process for handling alarms (auto
feedback mechanism).
The establishment of a Change Management procedure (control) to prevent loss when a new interconnect partner is added, is a
straightforward example of Deterrence activity.
For example, when a leakage is found in the Mediation System, should part of the remediation process be to repair the code
involved and then reprimand the programmers involved?
Or should the remediation be limited to making note of the situation without making any change at all?
Where should Detection be performed and how much time and effort should be spent on it?
When should Deterrence be priority and how much time and effort should it involve?
These are questions that should be answered as part of the Forensic Analysis process, and prioritized based on management’s
tolerance for risk. Management’s decision about how the revenue at risk should be handled and overall risk exposure should
be effectively ameliorated.
It is necessary to take note that all three aspects (RDD) need to be considered for each domain or case under review. This is a
matter of practices. This is not the time for setting up rules about how to assign responsibilities or priorities.
What Kinds of Cases Should be Included in the Charter for Revenue Assurance?
In other words, what exactly does Revenue Assurance assure against?
The RDD dimensions provide us with only one way of looking at what Revenue Assurance is supposed to achieve, (the Reme-
diation, Detection and Deterrence of revenue loss). There are many ways to look at revenue loss, and we need to develop a
clear understanding of which aspects of revenue loss are to be considered in scope for Revenue Assurance, and which are
excluded.
In one sense, everything is related to revenues one way or another. For example, by saying that Fraud Management is a part of
Revenue Assurance, we open the door to the argument that employees stealing pencils is a Revenue Assurance issue.
In the same manner, indicating that the security of network assets, such as login/password integrity, or protection against tap-in,
and the physical violation of assets is a Revenue Assurance concern, opens the possibility of making the physical security of
assets and site security as being “in scope” for Revenue Assurance as well.
Clearly, we need a decision of where to draw the line when it comes to defining what aspects of revenue are valid targets for
Revenue Assurance activity.
The point of these standards is to provide us with a solid starting point for discussion. As long as the dialog continues, as profes-
sionals, we can make refinements as we determine what works.
In the following text I attempt to organize this disparate and eclectic list of Revenue Assurance objectives in a consistent and
understandable manner.
One way to look at this eclectic basket of Revenue Assurance objectives would be to say that Revenue Assurance has become
a “revenue related dumping ground” for CFOs. In effect, if it is revenue related and you don’t have anyone else to assign it to,
then give it to the Revenue Assurance person.
On the other hand, I believe this trend toward isolating and entrusting Revenue Assurance professionals with such a diverse
range of issues is an incredible vote of confidence for the ability these people have. It takes a great amount of mental agility and
focus to take on such a broad range of issues, and then to convert the initial chaos into an ordered and assured environment.
It is clear that management has a serious need for someone to address the diverse set of revenue risks. The Revenue Assurance
professional appears to be the best person available to handle the job.
From my observations, the only interpretation that makes sense is that, when an organization has an alternative department that
is capable of handling any of these areas, then that department is employed. But if there is no one available when a crisis arises,
it becomes a de facto Revenue Assurance issue.
Only time will tell whether this pattern will continue. How many more issues and domains will be added to the Revenue Assur-
ance requirements? How will boundaries, expectations and controls around the process be set?
That is exactly what the GRAPA organization and this process is all about.
The objectives and domains listed here are provided as a reference, and as a starting point for the continuation of the standards
development effort, and not as a final answer. This document is not a statement about what Revenue Assurance objectives
should be, but what they currently appear to be as a cross section of activities across the world.
Each of the categories, summarized in the table below, is characterized by starting with the prefix “mis.” This prefix is defined
in dictionaries as “to do badly or wrong.” So these categories indicate something done poorly or in the wrong way.
Leakage Management
By far the area of assurance most readily associated with Revenue Assurance is the management of leakage. But, for the non-
Telecommunications professional, and even for many who have Telecommunications experience, there is a lack of clarity about
how leakage is defined.
In its simplest form, leakage is the loss of revenue due to a mishandling of the revenue transaction information by systems,
people or processes. There is a significant body of knowledge and writing about leakage, including its causes and effects. This
includes how bad it is, and how easy and/or how difficult it is to detect, deter and remediate.
In the final analysis, Revenue Assurance (in no small way) is still about leakage. The key to leakage management, as in all areas
of Revenue Assurance, is to develop an understanding of the following:
1. How the revenue loss occurs (root cause analysis)
2. Estimating the extent and future value of that loss (quantification of revenue at risk)
3. Determining alternative methods to protect against the risk
4. Deploying corrections and controls to make that happen
5. Monitoring and continuous review of controls to keep the risk in line
There is no one who will argue that leakage management does not belong in this list. In fact, the only controversy surrounding
this particular aspect of Revenue Assurance is whether it should be the only aspect.
The measure of the effectiveness of the leakage containment activity must ultimately include:
1. Remediation Activity – Corrections KPIs
How many cases of leakage were uncovered and resolved as a result of the corrections activities? What was the
value of the revenue at risk associated with the leakage, and what was the net benefit to the Telco as a result of that
correction? This is based on the Revenue at Risk reported in the Forensics Findings Report and the cost of the cor-
rections activity that eliminated or reduced the risk.
2. Detection Activity – Forensics and Controls KPIs
How much revenue at risk was discovered through the combined activities of forensics analysis and alarms as far as
the number of leakage cases reported? This value can be derived from the sum total of the revenue at risk and alarm
levels reported.
3. Deterrence Activity – Controls and Compliance KPIs
How much revenue loss was prevented due to the Revenue Assurance activities implemented? This can be derived
from a combination of forecasts of loss provided by the revenue at risk value and the compliance report, which veri-
fies that the control or correction has been effective.
Fraud Management
The second area of consideration is Fraud Management. While leakage management is undeniably within the purview of Rev-
enue Assurance there is dispute regarding Fraud Management.
There are three strong cases to be made for placing a large portion of Fraud Management under the Revenue Assurance
umbrella.
1. It is an established fact that the majority of fraud cases are discovered by organizations that understand and make use of
standard revenue protection controls. In other words, good Revenue Assurance controls are the best Fraud Management
controls. Statistics show that standard revenue protection controls are the number one revealer of fraud, much higher than
the fraud cases uncovered by audit, and slightly greater than the cases revealed by whistle-blowers and outside reports.
The logic is clear.
2. GRAPA benchmark surveys have revealed that over sixty-percent of Telcos worldwide place the Fraud Management
group, or at least a major part of it, under the Revenue Assurance department. Another thirty-percent place Revenue Assur-
ance and Fraud Management as peer organizations under the CFO, a Risk Management group, or some other related risk
oversight organization. In short, we include fraud as a part of Revenue Assurance because most carriers treat it that way.
3. The Revenue Assurance lifecycle specified here and the different disciplines involved are as applicable to the organiza-
tion of a Fraud Management operation as they are to that of a Revenue Assurance group. In summary, there is significant
economy of scale and efficiency to be gained by strategically blending Revenue Assurance and Fraud activities.
For example, the majority of controls that a Fraud Management team requires for the review of internal fraud are exactly
the same controls that the Revenue Assurance group needs to assure revenues. Why build the controls twice, or double up
on the compliance activity?
Integration of Fraud and Revenue Assurance activities is greatly simplified with a good understanding of the Revenue Assur-
ance lifecycle. What does it mean to integrate Fraud and Revenue Assurance?
Who will handle Forensics? More importantly, what are the forensics associated with Fraud and how are they different from
those required for Revenue Assurance? Can you easily train a Forensics Analyst to assess both leakage and fraud risk, or do you
require a completely separate set of skills?
When managing controls, do you need a separate person setting up controls for each? Who is monitoring those controls? How
can one person be utilized to double the efficiency of the operation?
There are fraud controls that require a specialized Fraud team to manage the Fraud Management systems. The physical net-
work element security and other areas require specialists. And the operational leverage from integration is very high and is an
important consideration.
Part of the beauty of this consolidated view is that management and the Revenue Assurance team are able to do a side-by-side
equivalent measure of the effectiveness delivered by both the fraud and leakage containment efforts.
Since all of the measures are being turned into a common unit (Revenue at Risk for a specified / forecasted period of time),
management has the ability to clearly compare the effectiveness of each effort. This will include:
1. Remediation Activity – Corrections KPIs
How many cases of fraud were addressed and resolved and what value was delivered to the business as a result?
2. Detection Activity – Forensics and Controls KPIs
How much revenue at risk of fraud and actual fraud was discovered through the combined activities of Forensics Analy-
sis?
3. Deterrence Activity – Controls and Compliance KPIs
How much fraud loss was prevented due to the activities implemented?
The first and most common application of Revenue Assurance to margins has appeared in the Interconnect area. In Intercon-
nect, the number of different rate plans, the complexity of the cost models, and the volatility of the operational environment
have left many Telcos with a range of interconnect service offerings that generate a negative cash flow. In other words, for every
dollar of interconnect service they sell, they actually lose money.
The Forensics involved with this kind of revenue loss can be complex. This is because the cost of an interconnect minute will
include the wholesale rate paid to the partner and the cost of the trunk group or other mechanism that connects the two carri-
ers.
As in most cases, the reason that Revenue Assurance is assigned the task is because:
1. It is complicated, requiring a knowledge of network topology and architecture, complex contractual arrangements, and
multi-organizational operational process issues
2. It involves revenue and a potential loss of revenues
3. There is nobody else qualified to take it on
As in the case of Fraud, the management and measurement of this activity is consistent with the overall Revenue Assurance
lifecycle and measures defined.
In some cases of suspected revenue loss due to an interconnect margin problem, it is assigned to the Forensic Analyst for
review. In other cases, where management suspects there may be a problem, the entire domain will be assigned to Revenue
Assurance.
In either case, the Forensic Analyst will investigate the situation utilizing risk, exchange, process, and systems analysis. Once
the situation and environment is fully understood, the analyst will perform a numerical analysis to determine if there is a prob-
lem.
It is clear is that these types of outputs fit the structure of the Leakage and Fraud Domain Management approaches exactly.
Once the momentum started, it became clear that there was an even greater risk to revenue that many Telcos had to confront.
This was the risk associated with the viability and profitability of rate plans.
Although the issues associated with Rate Plan Assurance are different from those associated with margin assurance, there are
many assumptions and conditions that are the same.
Under a typical rate plan risk scenario, Marketing Teams make recommendations for rate structures based on a set of conditions
that may (or may not) prove to be value. Since there is no Finance/Revenue Assurance based framework for assuring that rate
plans are proposed and computed in a consistent and effective way, Telcos can end up with rate plans that ultimately cost them
money.
There are several different kinds of risk/loss scenarios associated with rate plan risk, as described in the following sections.
Indeed, subsidy programs like this have proven to be very successful in the past.
Unfortunately, consumers do not always react in a way that pleases marketers. In these cases, while the basic assumptions
associated with the offering might have been sound, the fact that consumer response is different than anticipated could mean
that the company would lose money on each sale.
For example, one carrier I know of gave away a $400 handset, based on the assumption of an ARPU of $40 a month and a return
period of 10 months. When the carrier launched, however, the customers spent less than $10 a month, meaning that the pay back
period was several years and the net effect of the program in the short term was a substantial loss.
The question is, who is in charge of tracking these situations and assuring management that bundles and subsidies are calcu-
lated accurately? Who makes sure that the actual sales are tracked against the marketing forecast to verify that the program is
delivering as promised?
The answer for many organizations has been to assign this responsibility to the Revenue Assurance group.
Cannibalism
“Cannibalism” is another tricky and often damaging consequence of unexpected consumer behavior. When marketers propose
rate plans and programs, they usually create their forecast of the value of the offering based upon the “net adds,” that is, the
number of new customers that will be attracted to the program. What is often not considered is the fact that new rate plans are
usually available to existing subscribers as well as new customers.
An attractive program launched to generate one million new customers may actually attract no new customers, but instead
converts one million existing customers to the lower plan. The result is a money loser, not a revenue generator.
Again, a consistent, independent monitoring of the rate plan forecasts and actual results is critical to genuine success.
Usually, implementation of Rate Plan Assurance for the first time includes:
1. Development of controls that most often are a set of reports, tracking how well the rate plan author’s forecast is hold-
ing up, and the difference in revenue due to that variance
2. Development of a change of process associated with the way that rate plans are rationalized
3. Creation of a change management procedure that requires rate plan developers to submit their cases to Revenue Assur-
ance for verification and alignment
The expansion of the scope of Revenue Assurance to include rate plan and margin assurance is significant for several reasons.
1. It signals a new level of trust and sophistication in the role of Revenue Assurance.
2. It represents a more complex framework for implementation.
3. It moves Revenue Assurance into domains where the Revenue Assurance delivered can be significant and expands scope
into the Marketing and Forecast of Revenues areas.
4. It provides for a much more proactive and high value positioning for the group.
As in the previous cases, the assurance of new products is a complex, multi-disciplinary job where no one else seems to have
the appropriate skills and tools to do an effective job. The assurance of new product development is actually an easy and logical
fit for Revenue Assurance.
Assurance of new product development requires that the person doing the assurance understands:
1. Network technology and topology
2. Billing architectures (prepaid and postpaid) and how they work
3. Revenue streams and their management
4. Pricing and Sales Forecast Assurance
With the inclusion of margins and rate plans in the Revenue Assurance charter, we have a team that is perfectly positioned and
equipped to take on the responsibility.
It was not long ago that Revenue Assurance teams were fighting to get themselves included in the product development process.
With the rapid implementation of more and more technologies, business models, marketing schemes, and operational innova-
tions, Telco managers have learned the hard way that, without a qualified revenue management specialist involved in the final
signoff on the rollout, the chances of losing money because of misalignment of the many different aspects of the process are
very high.
Products that are designed without the requisite “hooks” into the Telco’s existing revenue streams (both prepaid and postpaid)
might be very popular with customers, but extremely difficult to bill and manage.
The history of Telco Revenue Assurance is loaded with examples of carriers who have deployed products too quickly, and
without enough Revenue Management scrutiny. This resulted in deployment disasters when the product was released.
First, a Forensic Analyst must become involved in order to develop an understanding of how things are going to work. Risk,
Exchange, Process and Systems Analysis are required to develop a clear, well-rounded picture of the new product deploy-
ment.
Also critical to the success of any new product deployment is the effective generation and tracking of the rate plan and pricing
models. Many anticipated new product roll-out “success stories” turned into financial disasters when the market reactions were
measured.
In most organizations where Revenue Assurance has become a standard part of the new product development team, the Rev-
enue Assurance group develops a Change Management procedure associated with each product proposal.
This procedure may involve standard forms and checkpoints that the new Product Development Team must meet in order to
get the product approved for release.
In some aggressive environments, the Revenue Assurance Team has developed a complete set of what are in effect the “User
Acceptance Testing” criteria for the product’s function.
This again pushes the boundaries of what we might consider to be in scope for Revenue Assurance, but I have spoken with
several Revenue Assurance Managers who have taken on this responsibility.
The best rationalization I can apply to this is -- to test the product features and functions to ensure they are being billed correctly.
This is a Change Management and Assurance Operation. As with many Revenue Assurance issues, it turns into a discussion
about “Who should do it?” rather than “Should it be done?
Again, this is an issue we address in the Operational and Organizational Principles portion of the standards.
As is true with all the other objectives we have discussed, the inclusion of Market Assurance (or Churn) retains this operational
consistency.
Including Churn Management as a valid objective for Revenue Assurance generated the biggest pushback, from me and from a
number of other members. However, there are a number of Revenue Assurance departments that have provided at least partial
responsibility for Churn. Since the membership has overwhelmingly voted to include it along with the rest of the standards, we
are including it here. We are also striving to integrate it into the Operational model.
The rationale for including Churn Management in the charter of Revenue Assurance must be viewed at the highest level first.
The scenario that I envision is described in the following paragraphs.
A company spends months or years, and millions of dollars in developing and “earning” a market and that market’s share. The
competitive environment suddenly changes. New carriers arrive. New services are presented. Now the revenue stream of the
company is threatened.
There is no doubt that Churn represents a significant source of revenue loss. Indeed, Churn is probably the biggest source of
revenue loss that a company can suffer.
Since we are in the business of assuring revenue, it is important for the Revenue Assurance Team to examine and assure this
area.
When looking at the continuum presented by margin, rate plan and new product development, we see a clear pattern that points
to the ultimate revenue loss situation.
We have established a clear methodology and structure from a Revenue Assurance point of view. We also need to look at the
Churn problem in terms of the following:
1. Revenue loss or the risk of revenue loss
2. Addressing the Remediation, Detection and Deterrence of that loss
3. Addressing the forecast of the ultimate ‘revenue at risk” involved in the situation
4. Developing corrections and/or controls to help ameliorate that risk
We will now consider each of these in more detail from a Revenue Assurance perspective.
The easiest way to determine the loss associated with Churn would be to view the reports written by the Marketing, CRM or
Data Warehouse/Business Intelligence group that track the churn numbers for the firm. If such reports exist and are accurate,
then the Forensic job is simple. It would involve looking at the current history of loss, noting the trend, creating a quick 12
month forecast, and reviewing the annualized revenue at risk number. If this number is larger than any of the other Revenue
Assurance cases currently under review, then including Churn in the portfolio of domains is justified.
Unfortunately, there are many “if statements” in that last sentence. What if there is no report about Churn available, or what if
the report has results that are highly suspect?
In such cases, the Forensic Analyst will need to perform the Process, Exchange and Systems Analysis to obtain the real num-
bers.
Churn management and Churn reporting is a complex and highly sophisticated activity. But then again so is the assurance of a
billing system or a switch. The Forensic Analyst will require a special set of skills and knowledge, but that is always true.
In many cases, the only way to generate a truly meaningful forecast of Churn (in order to report the annualized revenue at
risk) is through employment of sophisticated statistical methods. These methods are already included as part of our Forensic
Methodology.
Assuming that the Churn situation is serious, the Forensic Specialist needs to go about the process of defining the appropriate
remedies. A common set of controls and corrections associated with churn management includes the following:
1. Creation of an application or data warehouse, which reports to management the history and forecasted loss due to
Churn for a 12 month backward and forward period. This report is a foundational control and becomes the main con-
trol for other activities.
2. Establishment of a procedure for the review of all Churn Management proposals by Marketing or CRM. This Change
Management procedure is similar to the ones initiated for Rate Plan Assurance and New Product Development Assur-
ance. They typically consist of a checklist of issues and aspects that must be considered with any Churn-based initiative.
This requires that the initiative be traceable to an Impact Forecast, which is then measured.
3. Ongoing tracking of the risk of Churn, the losses due to Churn, ongoing recommendation of remedies (changes in
operations, policies and procedures), and controls.
Revenue Assurance groups that have taken responsibility for Churn have been very successful for the most part. I believe this
is due to their revenue-based view of the problem, rather than a marketing-based view (emphasizing headcount and short term
sales) or a CRM-based view (emphasizing customer satisfaction versus revenue actually delivered).
The Revenue Assurance Team can add value to the business in the management of churn, but this currently represents the lead-
ing edge of frontiers that Revenue Assurance is addressing.
Asset Utilization assurance is the process of ensuring that all revenue producing assets are being deployed for the maximum
revenue impact. This can include positive measures -- changing of asset location or pricing in order to generate more revenue
for the firm, or negative impacts -- tracking how much revenue is being lost due to failed assets and developing strategies to
minimize those losses.
At this time, the majority of the excursions into these areas focus on network elements (switches and/or BTSs), but there is no
reason to assume that it needs to be limited to these areas. This discipline is applicable any place that an asset is critical to the
generation of revenue.
he following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards
Document and ratified by the membership January 2009.
Chapter 10
With the definition of the disciplines and objectives of Revenue Assurance we have almost completed our exploration of exactly
what Revenue Assurance is. In this chapter, we will examine the remaining component, which is the Domains and Scope Man-
agement.
As we have seen, Revenue Assurance practitioners need to take a multi-disciplinary approach to the various revenue risk situa-
tions they are asked to address. They may have to cross many different organizational and operational boundaries to determine
the nature of the situation and the best way to address the problem.
With so many different areas, disciplines and issues involved, it can become difficult to know what is in scope for Revenue
Assurance and what is out of scope. There are several risks associated with this situation.
1. There is a risk that management (either implicitly and or explicitly) will assign vague and broadly-defined revenue risk
responsibilities to the Revenue Assurance group without considering the possible consequences.
2. It becomes exceedingly difficult to draw the operational and responsibility boundaries between the Revenue Assurance
group and the operational groups they serve, as well as the delineation of responsibility between Revenue Assurance
and the other risk management groups, such as Internal Audit.
3. The lack of clear boundaries makes planning, capacity forecasting and management extremely difficult for the Rev-
enue Assurance Team.
Most Revenue Assurance groups find it difficult to define clear lines of responsibility. The GRAPA Standards establish a set of
principles around the actual declaration and acceptance of responsibility for an area, along with standard methods for establish-
ing the boundaries.
Equally important is clarity about who is responsible for attaining the objectives of the activity, including leakage, fraud, mar-
gin, new product, asset utilization, and market assurance.
Assigning responsibility to an area by function and objective can provide a definite “assist,” it is not enough. Revenue Assur-
ance issues are so broad, and the Telecommunications operational model is so interdependent and complex that you could
almost take any issue to justify assurance of the entire organization.
Under the ETOM model, all operations of the Telco fall under these two dimensions.
Under the GRAPA Standards, there are then two ways to declare a domain for Revenue Assurance, vertically and horizon-
tally.
Vertical Domains are systems or operations that are involved in revenue management and through which several different rev-
enue streams can flow. For example, mediation, a postpaid billing system, a prepaid billing system, sales channels and customer
service are Vertical Domains and these Vertical Domains define one way to set domain boundaries.
Declaring a Vertical Domain to be in scope for a Revenue Assurance effort means that we will take responsibility for assuring
that the revenue loss or risk of loss is known and analyzed for all revenue streams that go through that system. We will also
assure that it is subject to appropriate controls for the various objectives set by management.
By standardizing the definition of Vertical Domains, the Revenue Assurance professional is able to establish standardized
approaches for defining, assuring and managing that domain.
Declaring clear boundaries around the Vertical Domains also makes it easy for organizations to draw up the lines of responsibil-
ity for different functions. This greatly assists with inter-organizational challenges.
Vertical Domains can be well recognized OSS or BSS applications or components, but they can also be operational areas.
Vertical Domains
The GRAPA Standards recognize the major categories of Vertical Domains listed below. The inventory of Vertical Domains
includes systems, BSS or OSS components, operational areas, or departments. Under the GRAPA Standards, each of these
domains can be broken down into sub-domains based upon various criteria, as described in the following sections.
Network Domain
The network domain includes all elements in the network environment that are directly associated with revenue generation and
or capture. For example, a circuit switch that generates CDRs will be included; a transit switch usually will not.
Breakdown of the network domain by these sub-domains makes the definition and organization of Revenue Assurance activi-
ties easier and more consistent in how they can be applied.
Many Telcos have one or at most two applications of the same type in their BSS environment. For some, however, the architec-
ture can become much more complex. When that happens, the number of systems may expand drastically and the sub-domains
are then typically defined via:
• Brand/Model/Age of software
• Alignment of systems with network sub-domains
• Geography
• Line of Business
Operational Areas
Systems are not the only kinds of Vertical Domains to be considered. We can also include operational groups (departments or
sub-departments), based on their revenue management role. An area is a candidate for Vertical Domain status if it meets either
of the following criteria:
• Its primary function is a critical aspect of revenue management
• It manages more than one product or service
These disciplines and controls, and the dozens of others like them can be applied to almost any vertical domain. This helps to
standardize the assurance of the areas, and the creation of standard controls that are consistently defined across the organiza-
tion.
Horizontal Domains
The other way to divide up the Revenue Assurance responsibility is by the Horizontal Domains.
A Horizontal Domain consists of all transactions involved in the capture and processing of revenue information for a particular
subset of revenue transactions in the organization. The smallest possible Horizontal Domain would be one phone call, or one
data transport. In other words, a single billable transaction is the most granular example of a horizontal domain.
Horizontal Domains are typically organized in a way that makes sense for management in an operational and economic context.
The most common are segregation by product/business or by customer/market.
Ultimately, any horizontal definition of domain is a way to identify a specific stream of revenue, and to provide assurance for
that entire stream as it flows through the different vertical systems and operations that help in the management of its revenue.
Some examples are included in the following sections.
The novice Revenue Assurance practitioners soon realize that each product line has a unique set of conditions, constraints
and operational components. These force the professionals to develop mechanisms that isolate each product line and assure it
independent of the others.
In larger Telcos, this delineation might actual break down to the point of assuring customer segments differently. Certainly,
when we begin looking at issues like churn, then market segment-based domain definition will make a lot of sense.
o Prepaid
Voice
VAS
Data
SMS
MMS
IPTV
GPRS
Revenue Mapping
One of the most useful and most often utilized of the GRAPA standard practices is a technique known as Revenue Mapping.
Revenue Mapping is the process of determining exactly which systems and operations (vertical components) are involved in
the management of revenue for a specific revenue stream (horizontal component), and then creating a physical map that allows
Revenue Assurance professionals to develop a much better understanding of the following points:
• Exactly where and how revenue flows through the organization
• Where the biggest risks to revenue are, on a horizontal and vertical basis
If the wireless and wireline businesses share the same mediation, billing and interconnect operational environments, then the
case could be made for creating a very large Master Map. In most cases, however, different lines of business share few if any
components, making the separation by line of business an easy and logical one.
For example, “prepaid local voice” is a different stream than “postpaid local voice” because management of the transactions is
handled by different billing systems. Therefore, a different Revenue Management stream must be considered. In the same way,
interconnect, roaming, SMS, and data are all separate revenue streams.
There are overlaps and, hopefully, a large degree of shared infrastructure, but for Revenue Mapping we must understand each
stream separately.
Confusion about where revenues flow creates a great deal of the complexity and error proneness of Telecommunication rev-
enue streams. Many people simply assume that all Telco revenues flow the same way, when in fact each revenue stream can
be unique.
One of the main objectives of Revenue Mapping is to clarify the reality of the company’s Revenue Management topology.
These revenue numbers are utilized to assign actual values to the map components.
However, for SMS, that point is usually at the SMSC. As Telcos move into a 3G/UMTS environment the point of transaction
(RNC) will be far removed from the point of transaction capture (the Media Gateway).
One cannot simply assume that transaction capture and service delivery happen in the same place. Understanding that and
including it in the revenue map is critical.
However, when it comes to Telecoms, nothing can be assumed. Some Telcos have more than one mediation system, distributed
by geography or function. Some have different billing systems for various geographical regions.
Exploring, discovering and mapping out these components is the real work of Revenue Mapping.
For example, when you are mapping postpaid local voice revenues, you begin by assigning revenues to each
of the switches that manage the local voice business. Let’s say that the Telco has five switches (named Eric1,
Eric2, Hua1, Hua2, and Nor1) and local voice traffic amounts to $500,000. If we assume that each switch
carries the same volume of traffic, then we would allocate $100,000 to each switch. Then, let’s also assume
that there are two mediation systems (mediation-north and mediation-east – organized geographically), we
would allocate $300,000 and $200,000 to each respectively.
Ultimately, the postpaid billing system would be credited with the full $500,000 since all postpaid local voice
is billed by that single system.
The diagram below illustrates our previous example. The map provides us with a clear diagrammatic view of
the revenue stream. This is a very simple diagram, but as the number of mapped revenue streams increases,
the map tends to become much more complicated.
Eric2 Mediation-North
$100,000 $200,000
Postpaid Billing
Hua1 $500,000
$100,000
Mediation-East
Hua2 $300,000
$100,000
Nor1
$100,000
Switches
After successfully mapping the postpaid voice business, the analyst might decide to map postpaid Intercon-
nect (outbound) next. The outbound Interconnect business is much more complicated than local. This is
because all Interconnect transactions include an accounts receivable (customer pays you) and an accounts
payable (you pay partner).
We will also need to include the Interconnect Billing System. We might also need to map an additional
switch, the POI (Point of Interconnect), which carries traffic to interconnect partners.
Assuming that we have $250,000 of outbound Interconnect postpaid traffic each month, we could begin by assigning $50,000
per month to each switch. We can then determine the margin associated with Interconnect. If we assume that it is 50%, then for
each $2 of Interconnect business billed to customers, $1 will be paid out to a business partner.
The next step will be to identify our POI and allocate $125,000 to it as well. This is 50% of the $250,000 as an Accounts Pay-
able item.
We can then assign our value of $250,000 to the Postpaid Billing System (our Accounts Receivable) and the $125,000 to the
Interconnect Billing System (our Accounts Payable).
Eric1
PostPaid Outbound
$50,000
Interconnect
Eric2
$50,000
Mediation-North
Hua1
$100,000
$50,000
Postpaid Billing
Hua2 $250,000
$50,000
Mediation-East
Nor1 $150,000
$50,000
Interconnect
Billing
POI1 $125,000
$125,000
Switches
When all revenue streams have been mapped, collapse the maps and generate the overall revenue and payment map for the
entire organization
The final step in the mapping process is to collapse all of the maps that have been generated and into one master map. Collaps-
ing the map allows the analyst to determine which vertical components are responsible for managing what proportion of the
company’s overall revenues. Many times, systems and areas assumed to be trivial turn out to be critical, high risk areas.
In our previous example, we can collapse the Postpaid Local Voice and Outbound Interconnect into the following consolidated
revenue map.
Eric1
PostPaid Combined
$150,000
Revenue Map
Eric2
$150,000
Mediation-North
Hua1
$300,000
$150,000
Postpaid Billing
Hua2 $750,000
$150,000
Mediation-East
Nor1 $450,000
$150,000
Interconnect
Billing
POI1 $125,000
$125,000
Switches
As indicated in the above diagram, our Postpaid Billing System is the most valuable vertical component with a net value of
$750,000 per month. The second most critical is the Mediation-East System valued at $450,000.
Local
Switching Retail
Billing
40M
2M
Wholesale Collections
National Billing
POI’s Mediation
Mediation 35M 40M
12.5M
Calling Card
76.75M Billing Dunning
3M
1M
Interconnect
Int’l Settlement
Billing
POI’s
24.25M 36.75 36.75
As the number of revenue streams increases, the nature and distribution of revenue across the organization becomes clearer.
The process for developing a payment map is similar to developing a revenue map.
1. Identify the point of sale for activation/provisioning (for postpaid) or for payment (for prepaid or postpaid collections).
2. Trace the activation/provisioning or payment from the point of sale to the point where it is credited to the customer and
recognized in the general ledger.
3. Assign collections/payment values to each component along the payment stream.
4. When all payment streams have been mapped, collapse the maps and generate the overall payment map for the entire
organization.
Horizontal Forensics
The concepts of Horizontal Assurance and Revenue Mapping are exciting and powerful tools to contain revenue risks at a
reasonable cost. Most Revenue Assurance practitioners believed that it is a purely vertically oriented operation. By focusing
only on the vertical aspects of assurance, however, there are many benefits and opportunities to leverage tools, techniques and
approaches that are not readily apparent.
Risk Maps
After creating of the Revenue Maps, there is much that the Forensic Analyst can do with them. The first might be to perform an
assessment of the risks to revenues one vertical component at a time.
By reviewing the risk to the organization along a single revenue stream, and factoring in the economic risk that each vertical
component represents, the analyst can generate a revenue risk map that gives management a clear understanding of just where
the risks to revenue are. In addition, the map will indicate how much actual revenue at risk each vertical component repre-
sents.
Inability to gauge the risk to revenues across the organization has been one of the major handicaps. With risk maps, everyone
can now see where the risk exists and, more importantly, how great the risk is.
To perform risk mapping, we begin with a consolidated revenue map (shown below), illustrating all systems and their relation-
ships.
Inter-carrier Inter-carrier
Settlement
Collections Negotiation
Network Mediation
We then enhance this map by assigning the level of risk to revenue that has been defined. This is done by utilizing Forensic
Risk Assessment techniques.
Roaming Roaming
Roaming Roaming
Reconciliation Collections Negotiation
Inter-carrier Inter-carrier
Settlement
Collections Negotiation
Network Mediation
Development of risk maps represents a big step forward for Revenue Assurance as a profession. The Revenue Map/Risk
Mapping discipline is a starting point for creating a true enterprise Revenue Risk Strategy. It also provides a powerful and
easy-to-understand tool for documenting and disseminating information about the scope of Revenue Assurance and the levels
of coverage provided to each area.
Risk Mapping, though useful, still leaves the Revenue Assurance group with a methodology that relies heavily on subjective
interpretation rather than objective and quantifiable risk. It is for this reason that the Noise Analysis Methodology was cre-
ated.
Noise Analysis is a technique used to convert the relative and subjective judgments of a risk map into a more objective and
quantifiable method for estimating the risk of revenue loss embedded in each vertical component of a Revenue Map.
Reconciliation
+ Too Expensive to Recover
Collections
+ Too Expensive to Recover
Negotiation
+ Too Expensive to Recover
Unrecoverable
Unrecoverable Network Activity
Unrecoverable
Unrecoverable Network Activity
Unrecoverable
Unrecoverable Network Activity
Network
Leakage + Unrecoverable
+ Too Expensive to Recover Mediation
Leakage + Unrecoverable
+ Too Expensive to Recover
Unrecoverable
Unrecoverable Network Activity
Unrecoverable
Unrecoverable Network Activity
Unrecoverable
Unrecoverable Network Activity
Unrecoverable
Unrecoverable Network Activity
Unrecoverable
Unrecoverable Network Activity
Reconciliation
+ Too Expensive to Recover
Management
+ Too Expensive to Recover
Dunning
+ Too Expensive to Recover
Unrecoverable
Unrecoverable Network Activity
Unrecoverable
Unrecoverable Network Activity
Unrecoverable
Unrecoverable Network Activity
The specific details behind the concept of Noise Analysis are really a “practice” rather than a standards issue, but it is important
to mention that this methodology exists. We also should note how it provides for a more quantitative approach to the overall
problem of enterprise Revenue Risk Planning and Management.
Horizontal Controls
Just as there are a number of controls that lend themselves well to assuring Vertical Domains, there are also controls that make
assurance of Horizontal Domains easier. Among the horizontal controls most often utilized are:
1. Test Calls and Test Plans – For end to end assurance of any domain
2. Change Management Procedures – Ensuring that all Vertical Domains involved in a particular revenue stream are
included in the changes being managed
3. Synchronization – Synchronization of data across Vertical Domains for a particular Horizontal Domain
In addition to these few obvious examples, many of the control mechanisms employed are effective for both Horizontal and
Vertical Domains.
Ultimately, the Revenue Assurance professional, and more specifically top management and the Revenue Assurance manage-
ment team, now have the ability to approach assurance from several perspectives and to define an optimal Revenue Assurance
strategy.
Many organizations are finding that a Revenue Assurance strategy that combines optimum applications of Horizontal Assur-
ance and Vertical Assurance across the enterprise is based upon an analytical consideration of the amount of revenue involved,
the relative degree of risk experienced, and the ease of applying either a vertical or horizontal approach. This creates a cross-
checked coverage strategy that can provide them with maximum impact at minimum cost.
he following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards
Document and ratified by the membership January 2009.
Chapter 11
Organizational Principles
The final section of the GRAPA Standards is concerned with the principles of Revenue Assurance. The other sections are
focused on the designation of what Revenue Assurance actually is. This includes the tasks and structures associated with the
mechanics of performing the Revenue Assurance job.
The principles, on the other hand, provide the practitioner with a structure regarding assignment of responsibilities for various
jobs, and integrating those jobs into the context of the larger Telco organization.
We have divided the principles into two sections for this discussion. The first section, Organizational Principles, focuses on how
to fit Revenue Assurance into the organization. Here, we consider how the Revenue Assurance professional should interact with
various departments and personnel. Organizational principles are also concerned with KPIs and measuring the effectiveness of
Revenue Assurance.
In the second section, Operational Principles, we address the ethics and standards of performance issues. (What are the prin-
ciples that should guide the Revenue Assurance professional’s activities? And what are the benchmarks to their participation
in the corporate world?)
This problem is exacerbated by the fact that most Telcos have different approaches to how they organize themselves. Some
Telcos have a large, well staffed, and highly involved Internal Audit group that does much of the work that is outlined in these
standards. Others have a small, internal audit staff with time for only a miniscule subset of revenue related tasks.
The diversity of Telco organizational structures is a study in variety. In some organizations, the Revenue Assurance team may
be asked to take on all the domains listed in these standards, whereas in others the team will be relegated to only the smallest
subset.
The challenge for GRAPA and for Revenue Assurance professionals around the world is to determine how to fit Revenue Assur-
ance into each of these unique contexts. This must be done in a way that creates minimum disruption and maximum impact.
And it must maintain enough of the integrity of the Revenue Assurance job itself to gain the leverage delivered by economies
of scale, standardization, and a shared body of knowledge.
The first foundational concept is that the Revenue Assurance job, as outlined here, needs to be done by someone. Establishing
and implementing a function that provides the values and structure defined by these standards is a requirement for the financial
health of most Telco organizations no matter who does the actual work.
So while some Telcos may employ external consultants to run their Revenue Assurance activities, others may call this risk
management and include it under that organizational structure, while still others may designate the Revenue Assurance Depart-
ment as the organization responsible. In all cases, it is still the process of Revenue Assurance and the actual work that needs to
be done and the approach that should be taken does not change.
Remember that we have dozens or hundreds of domains (vertical and horizontal) and four major disciplines (Forensics, Cor-
rection, Controls Management, and Compliance) that need to be scattered across an organization where any number of those
domains is already adequately covered for the four functions.
In most Telcos there are Internal Audit, Sarbanes-Oxley, Risk Management, and other “overlap” and “oversight” departments
that are each handling some of the Revenue Assurance functions in a unique combination of domains.
There are also many departments (vertical domain areas) where the operational management team is competent and the Rev-
enue Assurance issues are being managed as a matter of course. In other words, they do a good job and part of that is the
assurance of revenues in their area.
On the other hand, there will be domains where no assurance activity is happening and, worst of all, the majority of areas that
are partially covered to an unknown extent.
How do we organize the practice of Revenue Assurance to ensure we get coverage where it is needed (from domain and disci-
pline perspectives) and accomplish this at a reasonable cost?
There are several reasons why the Super-Revenue Assurance Department is not practical in most cases.
First of all, it is inefficient. The Super-Revenue Assurance Department will, by definition, overlap and duplicate work done by
other departments or groups.
This overlap of territory is likely to spark a round of territorial wars. Conflict will be generated as people debate the roles of
Revenue Assurance and Internal Audit, etc. This causes the organization to expend energy on politics rather than revenue risk
protection.
It is necessary to take a stand regarding responsibility for operational integrity. The more operational managers are relieved
from their responsibility for the integrity of their actions, the less they care about it. An aggressive and inclusive Revenue
Assurance group can easily promote more operational inefficiency-- if the responsibility for the ultimate integrity of those
operations does not stay with the operational group. There is one exception to this scenario: creation of a Revenue Management
Department (which we will discuss later in this chapter).
If operational managers are ultimately responsible for their departments, then we cannot create overlapping responsibilities.
This confusion and conflict can only lead to overall chaos. This is an exceptionally difficult issue and one where we have
invested much time and energy.
The navigation of these very real and valid conflicts and issues is the reason for the way in which the GRAPA Standards are
organized. It is not appropriate for a standards document to attempt to dictate to organizations how they should organize their
operations; that is a practices issue. The job of the standards and our proposed structure is the following.
1. Clearly define the issues and trade-offs so that people can understand what they are getting into when they make these
decisions
2. Define a set of “rules of engagement” and rules for how to structure, negotiate and manage these conflicting and overlap-
ping responsibility issues when they arise
We do not insist that you act a specific way. Instead, we forewarn you of the reality of the situation, namely that you will run
into these conflicts on a regular basis. It is intrinsic in the nature of the Revenue Assurance job. Therefore, our standards are
designed to label, structure and provide guidelines for how to best navigate these situations.
When it comes to organizational alignment and assignment, there is no right way. There is only the best fit for your organiza-
tion, environment and situation.
The final step would be to map each organization against the needs of the Revenue Assurance function, and assign them one task
and one domain at a time. Under this mapping strategy, the definition of “best fit” would take different factors into account.
• How well does the operational group currently cover the Revenue Assurance problem areas?
• Which organization has the personnel, skills and tools that best qualify them to do the job?
• Which organization is best positioned to manage the nature of the jobs to be completed and the workload involved?
This, of course, represents an idealized approach to the problem. In reality, the time, trouble and energy it would take to do all
of this best-fit-mapping, and the administration of the resultant chaos, would make it cost prohibitive and impractical.
This perspective views Revenue Assurance as a collection of unrelated discrete tasks. Under this model, the Revenue Assurance
Department competes with other groups (Operational Managers, Auditors, Business Process Engineers, etc.) for the “right” and
“responsibility” to perform those functions.
Revenue Assurance should not be viewed as one of a dozen groups that compete for individual task responsibility. In this case,
the formally defined Revenue Assurance Department can be perceived as supplementing and supporting the efforts of all the
groups involved, instead of as a competitor. Under this model, the primary responsibility of Revenue Assurance is to ensure
that it (Revenue Assurance) is conducted according to guidelines set by management, and to participate only when necessary.
Some of the tasks can include:
1. Set the strategy for a balanced application of Revenue Assurance across the organization.
2. Make sure that the best resources are performing the appropriate level of Forensics, Corrections, Controls Management,
and Compliance) in each situation across the organization.
3. Provide tactical and operational support to supplement those organizations that need the help in order to meet their Rev-
enue Assurance objectives.
4. Perform as the organization with the primary responsibility for Forensic, Control, Correction, and Compliance for domains
and disciplines that management decides are appropriate.
5. Take on an overriding Compliance Management responsibility, keeping management informed as to the current level of
risk and the current location of risks to revenues on an enterprise basis.
Adopting this model for the responsibilities of the Revenue Assurance Department, as opposed to viewing Revenue Assurance
as an unrelated collection of discrete assurance tasks, offers value to the Telco, management, operational managers, and other
support teams. This value is provided with very little reason for conflict.
A Revenue Assurance group that is organized and positioned this way provides the organization with a flexible, cost effective
unit, whose main role is the optimization of coverage for revenue risk. This is in response to the ever changing demands of the
business and the various operational areas.
As we have stated, the entire decision-making process about Revenue Assurance must be based, more than anything else, on a
basic assumption and belief regarding responsibility for the operational integrity of a domain.
If we assume that an operational management team is not responsible for the integrity of the revenue transactions that flow
through its area, then what is its responsibility?
Clearly, one of the basic assumptions of GRAPA and this Standards document is that everyone is responsible for assuring their
portion of the Revenue Management process, and the Revenue Assurance team’s role is to help them do their job.
This may seem like a strong position, but as stated earlier in this chapter, it is the only position that can stand up to the tests of
time, organizational change, and reality.
Now that we have made that statement, there are two exceptions to consider. The first one is an extreme example. We will con-
sider the second, more moderate view in the next section.
In the most extreme, a case can be made for re-institution of the old BOM (Billing Operations Management) function. Earlier in
this book, we discussed the BOM and how it previously functioned. There are some aggressive CFOs and CEOs who decided
that the ultimate solution to the Revenue Risk Management issue is to return to the previous way of doing things, i.e. create a
Revenue Management Department.
A Revenue Management Department, unlike a Revenue Assurance Department, is a team of people who have full operational
responsibility and accountability for the integrity and execution of all operations associated with a revenue stream.
Like the BOM of “old,” the Revenue Management Department would be fully responsible for running each of the systems
associated with the capture, transportation and processing of revenue transaction data. Since this group is operational, not staff,
and has responsibility for revenues, it is possible to quickly short circuit problems and assure management that revenue streams
are well run and well managed.
Several Telcos are experimenting with this model with varied levels of success.
GRAPA does not take a position on this. However, there are a number of people who have proposed that this extreme form (full
responsibility for revenue management) should be considered as the ultimate goal of Revenue Assurance. As the industry and
the discipline matures this may happen.
At this time however, the membership has voted to exclude it from the scope of Revenue Assurance.
For all the reasons mentioned, and based upon the principles that we have discussed, the position of the current Revenue Assur-
ance standards is that Revenue Assurance is a shared responsibility. We assume that each organization will need to make its
own, customized allocation of Forensic, Correction, Control, and Compliance assignments across the landscape of Horizontal
and Vertical Domains.
The decision to choose this model is not an easy one. The flaws and problems that it represents are obvious. However, if the
standards are going to be practical, i.e. if they are going to help Revenue Assurance professionals do their jobs, then we must
provide them with guidelines and insights about how best to manage it.
Unfortunately, any attempt to dictate a structure that can be imposed on this wide range of organizations and environments is
doomed to fail, at least in the short term. As Revenue Assurance matures, there may be an opportunity for a movement in this
direction, but we must deal with the current reality.
The Shared Responsibility Model means that each Telco will be forced into crafting a unique, tailored implementation by
blending and optimizing the many factors.
Ultimately, we believe that the model that prevails will be “Revenue Assurance as the Administrator of Strategy and Practice”
and allocation of different organizations to different tasks based on the situation and the demand.
The first organizational principle of the GRAPA Standards is that Revenue Assurance exists to support and aid operational
managers in the accomplishment of Revenue Management integrity in their areas.
Revenue Assurance does not override or supersede the decisions of the Operational Management team.
In other words, the general policy and assumption is that the operational team is fully responsible for revenue integrity, but if
management so directs, then the Revenue Assurance team will accept a level of responsibility.
When such a conflict occurs, there must be a policy or guideline in place to address and help rectify the conflict.
In such cases, the GRAPA Standards state that the decision regarding which group should be assigned responsibility must be
based on which group:
1. Is most qualified
2. Can provide the best return on investment
This is covered by the operational principle that states that the overriding objective of Revenue Assurance is to accomplish the
best coverage for the lowest cost.
We have touched on many aspects of the nature of this relationship throughout the book, let us now summarize the basic prin-
ciples again.
The Revenue Assurance group’s primary responsibility to top management (and to the overall organization) is as follows.
A. Assess the risk of revenue loss, find and report revenue at risk, using the Forensics (tactical and strategic) disci-
plines.
B. Define appropriate remedies and develop coverage plans that recommend cost effective Controls, Corrections and
Compliance.
C. Implement the Controls, Corrections and Compliance specified by management, based on management’s risk toler-
ance.
D. Perform these functions in all areas designated by management as in scope for the Revenue Assurance Department.
These four statements embed the critical aspects of what we consider the overall mission of the Revenue Assurance team. Let
us consider each in more detail.
This is appropriate as long as management does not add more and more groups to the resources commissioned to perform the
different aspects of Revenue Assurance. When this occurs, management will quickly find that they:
1. Are unable to keep track of all of the activity going on
2. Cannot pull all the different threads of activity to the same level of understanding
3. Will not be able to compare “apples to apples” since each group uses different criteria for evaluation
In other words, without the benefit of one group that unifies and standardizes the approach and the reporting and guarantees the
quality and impartiality of the effort, management receives a level of assurance that is not at all cost-effective.
In order for management to be confident that the full range of revenue risks are understood and handled appropriately, there
must be one agency responsible for establishment and reporting of that exposure.
This is not to say that the Revenue Assurance group has to perform the Forensic Analysis in all cases, only that it needs to
provide an assessment of that risk. It is perfectly acceptable for Internal Audit, Fraud Control, or an operational area to do their
own Revenue Risk Assessment, as long as the Revenue Assurance group reviews the findings and applies a standard template
to the analysis and reporting.
We are not implying that the findings and conclusions drawn by other groups are to be considered in error or suspect in any way.
However, these different analyses and conclusions must be standardized if management is to have a clear understanding of the
exposure. The Revenue Assurance Group is best qualified to provide this service.
In other words, the ultimate value of Revenue Assurance, when managed as a comprehensive effort, is far greater than the sum
of the discreet activities involved in the assurance process.
The first and simplest case is for the Revenue Assurance team to take responsibility for formulating alternative remedies as a
natural conclusion of the Forensics process. If Revenue Assurance was initially assigned the responsibility for the Forensics,
then it is logical that it should drive the recommended remedies.
This does not mean that the group should not be taking input, suggestions and even instructions from the other groups involved.
The operational team should certainly have much to say about any control or correction, and Internal Audit, external consultants
and other groups also have reasons to provide direction.
Another consideration is the role of the Revenue Assurance team when another group has done the Forensics. This is a bit
trickier.
Supposing an operational group does its own review and determines that a correction is required to assure revenue integrity.
Should Revenue Assurance be involved?
In general, the answer should be “yes.” In the spirit of supporting operational managers and providing an independent view of
the problem and the solution, it makes sense. Revenue Assurance should provide quality assurance and a “sanity check” for all
major implementations of revenue-related activities.
If the Revenue Assurance group does not perform this function, then management will have the same risk assessment issue. If
the Revenue Assurance group does not provide the quality assurance check on these kinds of changes, there is a risk of omis-
sions, or cases where an additional risk is embedded into a supposed “solution” to the problem. Creating a situation where one
risk is simply traded for another ).
Equally important is the additional benefit gained when the design of this correction is engineered consistent with the overall
Revenue Management strategy of the firm, and when that design includes a seamless interface for compliance and reporting.
No matter who is doing the Forensics, and who will implement the solution, the Revenue Assurance Team should play a role in
the evolution and evaluation of all corrections, controls and compliance activity that is related to revenues.
This principle states that the decision about which remedy to implement, whether it is a control, a correction, or a compliance
solution or report, must be approved by management.
There are several situations that could arise, and we will consider each of them in the text that follows.
Any of these conditions require that top management be called upon to make the final determination.
For example, a decision to implement a $1 Million Revenue Assurance Controls and Analysis System requires that top manage-
ment be directly involved.
For example, if the recommendation of a new set of controls fits within the Mediation Systems manager’s operational respon-
sibilities, then that manager can approve the controls.
For example, a Revenue Assurance practitioner assigned to running a billing and rating audit can be authorized to “release” lost
revenues (due to the mismanagement of CDRs) up to a specified level. This level might be 100 CDRs or less, as long as the
practitioner has performed all required checks and tests.
It is not necessary for top management to be involved in every decision. However, the approval levels, thresholds and criteria
for decision making must be established by management.
Many people become fixated on the subject of establishing criteria for the correct level of assurance. The bottom line question
is, “What is the proper level of coverage to set for an identified risk to revenue, and who should set that level?
In other words, when presented with a revenue risk situation, there are a large number of potential solutions.
1. You can to a first class job, correct all of the root causes, and ensure that there will never again be any revenue losses
of this kind. We refer to this as the “zero tolerance for risk” scenario.
2. You can implement a “control” that allows for the risk of something to go wrong, but provides you with a gauge and
an alarm that will notify you when it happens.
3. You can decide that the risk is low and do nothing.
How do you decide which is the appropriate response? Under the principle of “appetite for risk,” management makes the deci-
sion in the following manner:
1. The actual amount of risk (the 12-month forecast of losses that could occur if nothing is done) and the degree of risk
(the likelihood that this will occur) provide an understanding of the revenue at risk.
2. The Forensic team provides management with a number of options, including:
a. The cost to implement the option
b. The impact that the option will have on the degree of risk
c. The impact that the option will have on the amount of risk
3. Management considers the degree of risk, amount of risk, and cost of the remedy and decides which one is preferred.
This may seem arbitrary at first glance, but the approach is actually quite logical. Let’s consider a situation.
It is discovered that a switch is delivering fifty percent of its CDRs in error. What should you do?
Replace the switch?
Repair the switch?
Create a control around the loss of CDRs?
The questions that need to be asked before a decision can be made include:
1. How much revenue is actually at stake in this situation?
2. How much will it cost to repair or replace the switch?
3. What is the network maintenance plan for this switch?
4. Is it scheduled for replacement? If so, when?
Based on the answers, someone will have to make a rational decision. This decision will need to account for all factors and
consider how much risk management is willing to accept.
The concept of “appetite for risk,” like that of the measurement of “revenue at risk” is a foundational concept that drives the
GRAPA Standards framework for decision-making.
The explicit declaration of scope, and the fastidious analysis and remedy of risks in those domains is the entire point of Revenue
Assurance, and it is critical that the Revenue Assurance Manager, Operational Managers, related areas and the top management
team are aware of how large the scope of Revenue Assurance is, and the related significance.
he following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards
Document and ratified by the membership January 2009.
Chapter 12
This is the final chapter about the Revenue Assurance standards; in it we will discuss the principles and ethics that should guide
the practice of Revenue Assurance.
Again, there was considerable discussion within the GRAPA organization about whether a Principles and Ethics section should
be included in the standards. However, when you consider the mission of GRAPA, which is to promote the professionalization
of the practice of Revenue Assurance, you realize, as we did, that the inclusion of principles is crucial.
If management and operational managers do not have a strong level of trust in the work performed by the Revenue Assurance
professionals, how can anyone expect to take their findings seriously?
Consensus
It is the primary objective of the Revenue Assurance team to promote cooperation between the operational teams involved
in each aspect of Revenue Management, Accounting and Delivery. Revenue Assurance should primarily be a vehicle for col-
laboration. The goal of Revenue Assurance is to create a solution that involves the consensus of all parties involved. Revenue
Assurance is not an internal audit or policing function; it is a problem-solving function and most problem-solving requires the
cooperation of all parties involved in the problem.
This concept of consensus aligns perfectly with many of the other issues and principles we have discussed. The Revenue Assur-
ance professional must always be aware and concerned about the effect of actions on other groups.
Integrity
All Revenue Assurance activities should have a primary focus on the integrity of the activities performed. This integrity applies
to relations with managers, to how the job is conducted, and to the findings and reports.
One might say that integrity is an obvious principle and does not require listing. However, the practice of Revenue Assurance
has unfortunately been plagued by a lack of integrity in execution.
If Revenue Assurance intends to gain recognition as a reputable and meaningful profession, establishment of integrity will be
the key.
Rationalization
All Revenue Assurance activities should be based on the principle of Rationalization of Investment. Any investment of com-
pany time, money, and effort in pursuit of Revenue Assurance objectives must be balanced against the anticipated benefits in
risk reduction, revenue retention, or revenue maximization. The Revenue Assurance practitioner is responsible for understand-
ing, documenting and assuring the rationalization of all investments and decisions.
Every Revenue Assurance decision requires a balance between the degree of risk mitigated and the associated cost. The Rev-
enue Assurance team must be aware of this tradeoff and develop the rationale and criteria for making those decisions clear.
Our concepts of revenue at risk and management’s appetite for risk are intrinsic to consistently enact this principle.
Rationalization is critical, but it must be remembered that, when rationalization is promoted without an underlying discipline,
rigor and confidence, it is worse than doing nothing at all.
Ethical Principles
Ethical principles provide professionals with an understanding of the expectations associated with their task performance. As
with other principles, the decisions and structures created to enforce them is related to practices rather than standards. The
GRAPA organization clearly expects members to adhere to these principles as well as the others.
Corporate Responsibility
It is the responsibility of the Revenue Assurance practitioner to stay alert and aware of all risks to the revenues and assets of the
firm. The Revenue Assurance practitioner will always, without fail, report any serious risk of loss to the appropriate agencies
or authorities ̶. even if it is not within the scope of the Revenue Assurance practitioner’s responsibilities.
Corporate responsibility is an important part of the Telecommunication employee’s role, but the Revenue Assurance profes-
sional has a special status. As a person responsible for assurance of revenues, the professional is in a position of trust. The
Revenue Assurance practitioner may be responsible for detecting and addressing fraud (both external and internal), be respon-
sible for millions of dollars in revenues, and involved in cash and financial management and assurance. For these reasons the
Revenue Assurance professional is expected to maintain the highest level of honesty and trustworthiness.
Another critical aspect of corporate responsibility is the professional’s responsibility to the company’s customers, partners, and
governmental and regulatory agencies. Corporate responsibility reaches out to these agents as well. If the Revenue Assurance
professional discovers any impropriety, even if that impropriety financially benefits the firm in the short run, it is the profes-
sional’s responsibility to bring the case to management.
Allowing known illegal or questionable business practices to continue exposes the firm to increased risk over time. As in all
situations, it is the responsibility of management to assess the level of risk and to make the decision to act. However, failure to
note and report such cases is a violation of the Revenue Assurance professional’s ethical responsibility.
An example of a personal impairment would be an outside financial relationship, and an external impairment would be unrea-
sonable restrictions on the time required to complete an assurance activity.
To achieve organizational independence, Revenue Assurance organizations and compliance professionals should report the
results of their assessments and compliance findings, and be accountable to the head of the organization. In addition, they
should be organizationally located outside the staff or line function that is being reviewed. This helps ensure that the staff avoids
political repercussions. Assessment and Compliance reporting should be performed separately from the operational unit. Rev-
enue Assurance teams may also perform operational reporting, as long as they do not report to the operational team.
According to GRAPA benchmarks, the majority of Revenue Assurance departments report to the CFO. As the CFO is typically
not responsible for any operational areas, it appears that in most Telcos this requirement is being met.
Principles of Practice
Finally, we have our principles regarding how Revenue Assurance is to be practiced, in general reinforcing and re-instating
existing principles.
Competency Requirement
Revenue Assurance functions should be staffed with those who collectively have the knowledge and skills necessary to conduct
Revenue Assurance activities. Outside consultants with requisite knowledge may need to be hired to complement the internal
staff. GRAPA recommends that staff receive a minimum number of hours of continuing education each year and maintain a
record of that training. The Revenue Assurance practitioner is responsible for conducting activities with competence.
The competency requirement is essentially a restatement and focusing of the integrity requirement. The Revenue Assurance
group must accept responsibility for attaining the appropriate level of competency within their organization. This is a seri-
ous problem for many departments, and one of the reasons that the GRAPA training and certification programs have been
launched.
Transparency Requirement
All Revenue Assurance activities are to be conducted in a straightforward and transparent manner. All processes and activities
are to be documented and published for review of the appropriate persons involved. Forensic Analysis techniques, assessment
reports, quantification findings, and correction and control recommendations should be clearly documented and published in a
manner that makes the process, intention and results clear to all parties involved.
The practice and maintenance of a posture of transparency assures operational managers and teams that the work of Revenue
Assurance is straightforward and geared towards helping them in accomplishing their objectives. It also reassures them that
Revenue Assurance is not acting as an auditor or trying to make them appear incompetent or criminal.
Transparency combined with a dedication to integrity of operations is the key to a successful Revenue Assurance team.
The principle has application in dozens of different aspects in the day to day world of the practice of Revenue Assurance.
Among the more critical are situations where there are conflicting bids from organizations addressing who should take the
Forensic, Control, Correction or Compliance responsibilities. Ultimately, that decision should be made based on the determina-
tion of which group can do the best job for the lowest overall cost. Decisions about alternative remedies are also subject to this
rule.
he following table provides the reader with an excerpted view of the GRAPA standards as formally defined in the Standards
Document and ratified by the membership Jan. 2009.
Conclusion
Early in this book, we considered some of the alternative definitions of Revenue Assurance. We saw that it is easy to come
up with a high-level, well intentioned definition, but that it is too broad to communicate any real meaning, or so narrow that
the definition can only be applied to an individual company or situation. Conversely, creating a definition that communicates
widely applicable and substantive information is quite challenging.
Broad, ideal-sounding definitions often turn out to be non-definitions. Such definitions claim to work, but it only appears this
way because people fill in the blanks with their own interpretations. Such broad definitions are worse than no definition at all
because they foster miscommunication, confusion and ineffectiveness.
“Making sure that the processes associated with Revenue Management occur without error” is a definition that is so broad
that almost anything can be included in its scope. An overly narrow definition fails in the same way as it again leaves it to the
individual’s imagination to “project” what may be the other facets of the discipline. A more specific definition such as “The
process of assuring that all CDRs are managed by the billing system in an accurate and timely manner” excludes so many areas
of Revenue Assurance that it can actually be viewed as an untrue statement.
It is my hope that through the last 100 or so pages we have proven that neither type of definition is sufficient or necessary.
While I will agree that this definition is far from eloquent, it certainly provides a clear understanding of the processes, scope,
mission, and constraints associated with the practice of professional Revenue Assurance as of January 2009.
Next Steps
With the ratification and acceptance of these standards by the GRAPA Membership, the organization is now ready to proceed
with the next step in the process of professionalization.
GRAPA is a professional association, not a services company. You, as a member, will only get as much out of it as you put
into it. The more courses you attend, the more committees you chair, the more town hall meetings you participate in, the better
informed, better motivated, and better positioned you are as a Revenue Assurance professional.
Appendix A
With the formal ratification of the GRAPA standards, the GRAPA organization has undertaken to immediately provide the
Revenue Assurance community with a credible, extensive certification program. This program will allow Revenue Assurance
professionals to attain recognition for their knowledge and skill, gain access to a shared pool of expertise for the expansion of
their knowledge base, and begin the process of separating the professionals from the “amateurs” and “tourists.”
The creation and administration of certification is now the primary focus of the GRAPA organization.
As of February 2009, a limited pilot program, which offers certification programs for Revenue Assurance Managers, Fraud
Specialists, Internal Auditors, Forensics Specialists, Generalists, and Apprentices (Novices), is being launched.
This initial program will offer certification to members based on their successful completion of:
2. Successful completion of a battery of tests, which assure that their level of knowledge and mastery of the body of knowl-
edge is sufficient
3. Demonstration of a suitable level of real-world experience, varying with the certification they pursue
Benefits of Certification
In addition to the many personal and professional benefits, the certified Revenue Assurance professional will gain recognition
in several ways:
1. Information about career, accomplishments, and certification status will be posted on the GRAPA website.
2. Upon receipt of certification, the member’s new status will be communicated to the entire GRAPA community via email
announcements.
3. The member will receive a certificate and frame for display in their office.
4. Certified members will qualify to teach, run conferences and town hall meetings, chair committees, and other GRAPA
responsibilities and honorarium.
As each new generation of computer˗, telecommunications-, and operational technology was invented, the telecommunications
industry has been the first to step up and tackle the hard job of making that new technology useful, dependable and accessible
to billions of people around the world in a very short amount of time.
In Telecommunications, the only thing that is absolutely certain is that the telcos will aggressively and successfully deploy
new technologies in a timeframe that would appear to be completely unrealistic to any “reasonable person” who considered the
many factors involved.
Although the industry has done an almost supernatural job with integration and commercialization of this wide range of techno-
logical innovations, that capability is delivered at a cost. This cost is paid by the employees of the phone companies who must
change, adapt, and re-invent themselves continuously and relentlessly.
One of the major side effects of this incredibly rapid rate of operational and procedural change is that the operational systems
and disciplines that drive the telco and make it work are constantly under stress. New products, new systems, new business
models, and new customer expectations require that telcos continuously modify the network elements, architectural configura-
tions, and operational processes that hold the business together.
When you change things this often and this frenetically, then you can be sure that the operational systems themselves are going
to have some “lapses.” Mistakes will be made. Oversights will occur. And in some cases, money will be lost.
So when those who come from one of these industries are introduced to a typical Telecommunications environment, they are
shocked to learn that a large percentage of the systems and operations that the telco runs are managed with a much looser set of
controls. This apparent “laxness” in the maintenance of controls over operations may seem “sloppy” and “unprofessional,” but
anyone who has spent a few weeks trying to keep up with the rate of change in a typical telco environment will quickly come
to appreciate why it happens.
Telcos are extremely large, complex organizations. That complexity comes from the wide range of different business models,
sales channels, products, services, and technologies that they support. Each unique combination of market, product, service,
technology, billing model, service level agreement, and line of business represents a unique “revenue chain” and managing this
enormous collection of revenue chains is a daunting job.
For the typical telco, revenue loss is no surprise. The nature of the business makes accounting for all expenses at an individual
transaction level almost impossible. Many product lines are tested without much consideration for profitability until the nature
of the market and technology is fully known.
For the telco, varying levels of revenue “leakage” are considered acceptable at different times in the life of the company and in
the maturity of the technology. The core nature of the telco is to focus on new technology deployment and market expansion
first, and to worry about operational discipline and precision later. This means that, for most telcos, there are some areas where
help will be required from someone who understands the workings of the business models, operational process, systems, and
technologies. This is a professional “clean up person” who can keep the operational playing field cleared and the revenue flow-
ing as much as possible.
New Revenue Assurance departments are springing up in almost every telco in the world. Most of these departments are less
that two years old, and most are staffed with people with little or no experience in Revenue Assurance.
GRAPA research shows that approximately one third of the people doing Revenue Assurance come from a finance background,
one third are from operational areas, and another third are from IT or Network areas.
We currently have an industry that is hiring hundreds of people to do jobs that are not well understood, attempting to accom-
plish objectives that are not well thought out, and using language and procedures that are poorly understood by most of the
people involved.
Most of the people in Revenue Assurance are doing an excellent job of making sense of the chaos into which they are dropped.
However, there are clearly a number of ways to make this process better, more efficient, effective and comfortable for everyone
involved if we were to leverage each other’s experience and create a standard body of knowledge about how the job should be
done.
Benefits of Professionalization
Amazingly, there is a great deal of “professionalization” that occurs in the creation of the Revenue Assurance discipline without
a conscious effort on anyone’s part. Standard approaches, logical conclusions and common sense have pointed many companies
in the same general direction without intrusion from outside forces.
We are not saying that people in Revenue Assurance today are not professional or competent. We are saying that Revenue
Assurance is naturally professionalizing itself.
While this natural move towards professionalization is good, we believe that the process can become more effective and effi-
cient for everyone. To do this, we need to overcome many of the operational, geographical and organizational blockages and
participate in the conscious process of professionalizing.
This process includes establishing acceptable qualifications, creating a professional body or association to oversee the conduct
of members of the profession, and recognizing the demarcation between qualified professionals and unqualified amateurs.
This creates a hierarchical divide between the knowledge-authorities in the professions and a deferential citizenry. This demarca-
tion is often termed “occupational closure,” which means that the profession becomes closed to entry from outsiders, amateurs,
and the unqualified: a stratified occupation “defined by professional demarcation and grade.”
The origin of this process is said to have been with guilds during the Middle Ages, when they fought for exclusive rights to
practice their trades as journeymen and to engage unpaid apprentices.
1. Creation of a code of conduct that defines how the professional behaves, focused heavily on issues of ethics and integrity
2. Establishment and maintenance of a Body of Knowledge that clearly defines the knowledge requirements for a profes-
sional
3. Development of a method for establishing the credentials of a person as having mastered that Body of Knowledge and its
application
4. Recognition of those who have attained and exhibited the practice of that discipline, separating them from the unqualified
and the amateurs.
For the individual professional practitioner the benefits are obvious. The attainment of professional status that is recognized by
management, co-workers and the industry translates into power, prestige and higher income. Why? Because management can
assume a level of competence that is recognized as professional.
In an area as technically and operationally complex as Revenue Assurance, it is not typical for a top manager (CEO, CFO) to
be intimately familiar with all the details and procedures required to perform the Revenue Assurance job. The manager will
want to “defer to the expertise of the professional” when it comes to issues of strategy, next steps and alternative solutions.
This “trust” in the expertise of the professional is integral to the relationship of professional and client and is the goal of most
Revenue Assurance practitioners.
The Revenue Assurance professionals are specialists who work hard for several years to master their craft. In the current envi-
ronment, there is a good chance that this mastery will never be recognized, simply because the managers have no yardstick to
fairly assess those capabilities. Professionalization allows practitioners to leverage appropriate value for investment in their
craft.
At the same time, the definition of a standard body of knowledge allows the Revenue Assurance practitioners to understand how
to better manage their careers. What do they still need to learn? How should they channel their energies? Professionalization
provides a career roadmap.
The development of such a Body of Knowledge requires that practitioners from around the world agree to collaborate on the
process. There is no way for one person or one company to assemble it. In the traditional educational model, universities com-
pile and disseminate this knowledge. However, for a number of reasons, the educational institutions simply cannot keep up.
The professional association, like the guilds and trade associations of the Middle Ages, provide professionals with a community
where these issues can be worked out dynamically, quickly, and appropriately with minimum cost and fuss.
There a many benefits that an authoritative Body of Knowledge can deliver. These include:
Vocabulary
One of the first challenges participants in Revenue Assurance face is that people use different terms to describe the same
things; CDR and Interconnect for example. Very basic words and concepts carry a wide range of meanings from one
telco to the next. A consistently applied vocabulary speeds up communication, simplifies the problem solving process,
and increases our ability to share knowledge quickly.
Consistency
A standard body of knowledge will provide everyone involved with a consistency in the application, measurement and
assessment of Revenue Assurance activities. Today, there are thousands of different, conflicting and confusing versions
of what Revenue Assurance is, how to set KPIs for Revenue Assurance, and many other aspects of the practice.
Measurable Results
Professionalization of the discipline will establish clear criteria for measuring the professional effectiveness. How do
you know if your Revenue Assurance team is producing value? How do you know the KPIs to which you are responding
are correct?
Transference of Skills
Establishment of a core body of knowledge makes training, assessing and assigning people to different tasks infinitely
easier. A standard body of knowledge is the foundation for the utilization of Revenue Assurance practitioners for maxi-
mum benefit.
Establishment of this body of knowledge will help professionals to share experience and practices and develop a ‘best
of breed” culture across the world.
All of these benefits translate into several things for the manager:
2. Clarification of the role that Revenue Assurance is to play in the operational framework
1. Standards – which define how things are done professionally, and the rationalization for why they are done that way.
These are the basic core values of the professional.
2. Practices – which are the body of knowledge that the professional needs to know, and how this knowledge is applied.
3. Operational Frameworks – which define how the professional works within the greater context of the telco organization
and the Telecommunications industry.
4. Subscription – which defines how the practitioner agrees to subscribe to these standards, principles, and operational frame-
works. The manager must be able rely on the professional’s ability to understand and subscribe to what is presented.
Standards
The foundation for establishing any profession is a set of standards that the members of that profession subscribe to. For doc-
tors, there is the Hippocratic Oath, “Do no harm.” For auditors, it is a code of ethics around dependability, impartiality and
integrity.
The integrity of the professional assures a manager or a co-worker that this professional can be trusted to deal with problems
and issues in a productive manner and with integrity.
Industry specific ethics provide professionals with guidelines for their responsibilities in any given situation. These ethics
are a yardstick for the assessing what is right and wrong in work situations. The practice of these ethics assures associates
that the Revenue Assurance professional can be trusted with sensitive information. Revenue Assurance professionals are
often given access to information that can be potentially harmful to individuals or the company, and it is imperative that
they are viewed as trustworthy.
While ethics define right and wrong, principles define why things are done in a certain manner. More specifically, prin-
ciples provide the Revenue Assurance professional with objectives and the important characteristics of an activity.
The methods describe “how people do things,” including the technique used to define the scope of the activity and the
definition of the disciplines (roles and responsibilities) associated with its conduct.
Practices
Standards define a set of principles and values, and provide a taxonomy for the definition of scope, objectives and approaches.
Practices, on the other hand, define the actual details of how those standards are applied “in the real world.”
Practices define what you need to know to do the job and include:
3. Tools (Knowledge of software, hardware and other devices that assist in the carrying out of the job.
For GRAPA and Revenue Assurance, the Subject Matter Knowledge is best identified via:
1. Domains – An understanding of the workings, vocabulary and issues associated with the different horizontal and vertical
domains (network, billing, mediation, etc.)
2. Objectives – An understanding of the issues and approaches required to do a competent job of analyzing and making
recommendations for a specified level of assurance (leakage containment, risk containment, margin assurance, revenue
stream assurance, or fraud prevention)
Techniques
Techniques specify how different levels of assurance are attained for domains. Practitioners must understand how the
domain works and how the assurance level is accomplished before they can actually understand and apply specific tech-
niques.
Techniques include:
Tools
The Revenue Assurance practitioner must also be aware of the various tools available to do a job. Tools can include:
3. Network probes
A professional understands how to work with management, what the managers want, and how to give it to them in a form
they expect.
The definition of the profession includes a clear understanding, body of knowledge, and shared expertise in establishing
industry standard KPIs, techniques for managing expectations (on the part of management, other operational managers,
and the Revenue Assurance team itself), developing a sense of appropriate accountability, and the identification of a set of
standardized deliverables.
Professionals define themselves, not only in the context of management and the job they perform, but also in how they
work with peers. The key here is development of an operational model of cooperation.
Subscription
Professionalization will take place when the people practicing the profession identify themselves as professionals and publicly
declare their subscription to the policies, principles and objectives of the professional body to which they subscribe.
What is Certification?
Professional certification is a designation or classification earned by a person to assure that this individual is qualified to per-
form a job or task. Certifications are earned from a professional association and, in general, must be renewed periodically.
The certification process varies from one industry and trade to the next but usually includes:
For individual companies, the acceptance of a certification body allows them to establish an independent source of employee
validation, verification, certification, training, and testing without the expense and overhead associated with doing that job for
themselves.
A valid, accurate and meaningful certification makes a hiring manager and HR department’s job many times easier because the
burden and responsibility for the development of the employee becomes the responsibility of:
1. The employee
Certification creates a pool of qualified resources from which the hiring company can choose with a greatly reduced risk of
hiring a person who is not competent, while at the same time greatly increasing the chances of getting a person who can serve
as an “expert” in the area under consideration.
In addition to this benefit, pursuit of certification by an employee indicates a willingness to learn and a drive to excel that can
help the manager better evaluate the relative merit of candidates.
For the Revenue Assurance professional, certification offers the opportunity to enhance the person’s body of knowledge, mas-
tery of subjects, and recognition of that mastery in a controlled, measurable and quantifiable way.
Certification gives the Revenue Assurance professional a competitive advantage in the work place, both through the knowledge
it imparts with the status and assumption of competence it communicates.
Why Is It Required?
Why is certification for Revenue Assurance a requirement? We have identified several reasons.
A loosely defined set of certification criteria and a mostly informal program can offer some value, but will be lacking in several
of the areas where an effective program must be strong. Most importantly, the funding model implemented must offer a good
return on the cost to the professional.
Cost to Administer
The cost to administer the program will obviously reflect greatly on the quality of the program. This will include:
2. The cost to market and “sell” the program to the industry (to get enough industry backing to make the funding model
work)
3. The cost to create training classes and other body of knowledge references (mechanism for the knowledge transfer to
members)
7. The cost to keep track of the individual’s professional status (who has met which criteria)
8. The cost to advertise and promote the professional’s career after certification has been reached
Credibility
The success of the program will dependent greatly on the credibility that the industry, the telcos, and the individual profession-
als assign to it. It is not enough to say, “This is the certification you should have.” There must be substance (credible facts and
information) and reference (prove of validity of the claims).
Ease of Attainment
The certification process must be designed so that it accomplishes its primary objective, which is the separation of the expert
from the amateur. However, the criteria must not be set so high that only a privileged few can attend. This requirement impacts
both the funding model and the depth and breadth of the body of knowledge to be managed.
Industry Acceptance
To provide value, the program must be accepted by a large percentage of the participants in the industry (telcos, vendors and
consultants). Without a sound industry acceptance, the value of the program is weakened. This means that the program must be
marketed and sold to ensure that value is attained.
Proof of Value
Part of the administration of the program must include testimonials or other proof of value. Otherwise is no objective assess-
ment of its merit.
B. Classes (Training)
Based on this curriculum, a body of training materials must be prepared. The training material must be designed to do the best
job possible of documenting and explaining each of the subject matter, technique, tool, operational, political and organization
intelligence areas specified by the curriculum.
C. Testing
The fact that a person attended a class does not especially mean that this individual has learned the subject matter. A combination
of training and testing is the best way to assure that the practitioner has actually mastered the required body of knowledge.
D. Experience Verification
As with most professional certification programs, it is important that certified professionals can prove that they can do the job,
and not just “talk a good story.” Therefore, an experience verification component is critical.
The GRAPA certification program was developed with these guidelines and principles in mind. For the latest information
about the program, please see the GRAPA website at www.grapatel.com
Appendix B
The following outline provides the reader with an overview of the various areas, domains and skills that have been defined as
the current Body of Knowledge for the Revenue Assurance profession. Now that the GRAPA Standards have been ratified and
published, the GRAPA organization will formalize and refine this Body of Knowledge and begin the systematic publication and
verification of standard industry practices while continuing to refine the standards themselves.
The GRAPA Body of Knowledge for Revenue Assurance has been divided into the following major categories of knowledge:
1. Vertical Domain Knowledge – The key information necessary to understand how each of the major vertical domains
(systems and functions) works. A person with vertical domain knowledge understands the major processes, operations,
policies, systems, and decisions involved in running that domain. This person can explain the major functions of the
domain and how the area manages revenues.
2. Horizontal Domain Knowledge – The key information necessary to understand how each of the major horizontal domains
(lines of business, product lines, service categories, rate plans etc.) works. A person with horizontal domain knowledge
understands the major processes, operations, policies, systems, and decisions involved in tracing and processing revenue
transactions across the entire domain (end-to-end). This person can explain the major functions of the domain and which
departments, areas and systems are responsible for managing each part.
3. Payment Channels Domain Knowledge – The key information necessary to understand each of the payment channels
that support the business operates. A person with payment channel domain knowledge understands how each payment
channel works and the major processes, operations, policies, systems, and decisions involved in running that domain. This
person can explain how these channels work and the common areas of revenue risk.
4. Activation and Provisioning Domain Knowledge – The key information necessary to understand how each of the acti-
vation and provisioning processes that support the business operate. A person with activation and provisioning domain
knowledge understands how each provisioning process works and the major processes, operations, policies, systems, and
decisions involved in running that domain. This person can explain how activation and provisioning works and the com-
mon areas of revenue risk.
5. New Product Development Domain Knowledge – The key information necessary to understand how the new product
development process works. It includes an understanding of the gateway management approach to product development
and the role of billing architectures design, exchange analysis, and market assurance as they relate to product develop-
ment.
6. Fraud Management and Crime Detection Domain Knowledge – The key information necessary to understand each of
the major categories of fraud risk and fraud management processes. A person with fraud management and crime detection
domain knowledge understands the major processes, operations, policies, systems, and decisions involved in running fraud
management operations. This person can explain how fraud management works and what the common areas of revenue
risk are.
7. Techniques Knowledge – The techniques knowledge area consists of information about how to organize Revenue Assur-
ance activities, define strategy, KPIs, and specific techniques related to the planning, development and execution of
forensics, corrections, controls management, and compliance.
8. Tools Knowledge – Tools knowledge focuses on the use of Revenue Assurance applications and appliances that the Rev-
enue Assurance professional utilizes to assist with activities.
5. Broadband
a. DSL
b. Cable
c. 3G
d. WiFi
e. WiMax
6. IP
a. Internet
b. VoIP
c. IPTV
7. Wireless Transport
a. Microwave
b. MMDS/LMDS
c. Satellite
d. VLF
8. Facilities Security
9. Network-related Fraud Vulnerabilities
10. Network Operations and Controls
Standard practices and best practices associated with the selection, implementation, running, and monitoring of content
delivery and billing systems and their operational and organizational environment.
1. Content Product Architectures and Operational Models
2. Content Management Billing Models
3. Content Management Controls
4. Content Provider Controls
5. Content Management Delivery Controls
6. Content Management SLA Controls
7. Content Change Management
8. Content Management Revenue Recognition
This knowledge includes all of the major areas associated with the management of payment chains, starting with
the customers’ input of funds (cash, ATM, credit card, check) to the point where the funds are credited to the general ledger and
recognized as revenue.
3. Contractual, Regulatory and Service Level Constraints Associated with this Payment Channel
4. Typical Pricing Models and Rating Issues for this Payment Channel
5. Overall Measures and Controls for the Payment Channel
6. Profitability and Revenue Integrity Issues for the Payment Channel
7. KPIs and Objectives
8. Key Operational Components
9. Staffing, Roles and Responsibilities
10. Payment Capture, Revenue Assurance, and Other Revenue-related Aspects of the Payment Channel
Techniques Knowledge
This category of knowledge is associated with the actual practice of Revenue Assurance including the disciplines, standards,
operating principles, and methodologies.
Tools Knowledge
This category of knowledge includes information about the primary tools utilized in the support of Revenue Assurance activi-
ties.
VIII.B. Probes
1. Features, Functions and Operational Characteristics of Probes
2. Top 3 Probes Feature Review
3. Probes Specifications Options
4. Selecting Probes
5. Probes RFP Procedures
6. Staffing for Probes
7. Probes Reporting and Optimization