You are on page 1of 70

Revenue Assurance

Guidebook

GB941

Version 1.0 November 2006


TeleManagement Forum 2006
GB941 Revenue Assurance Guide Book

Notice

No recipient of this document shall in any way interpret this document


as representing a position or agreement of TM Forum or its members.
This document is a draft working document of TM Forum and is
provided solely for comments and evaluation. It is not a Forum
Approved Document and is solely circulated for the purposes of
assisting TM Forum in the preparation of a final document in
furtherance of the aims and mission of TM Forum.

Although it is a copyrighted document of TM Forum:

Members of TM Forum are only granted the limited copyright


waiver to distribute this document within their companies and
may not make paper or electronic copies for distribution
outside of their companies.

Non-members of the TM Forum are not permitted to make


copies (paper or electronic) of this draft document other than
for their internal use for the sole purpose of making comments
thereon directly to TM Forum.

If this document forms part of a supply of information in


support of an Industry Group Liaison relationship, the
document may only be used as part of the work identified in
the Liaison and may not be used or further distributed for any
other purposes

Any use of this document by the recipient, other than as set forth
specifically herein, is at its own risk, and under no circumstances will
TM Forum be liable for direct or indirect damages or any costs or
losses resulting from the use of this document by the recipient.

This document is governed by all of the terms and conditions of the


Agreement on Intellectual Property Rights between TMForum and its
members, and may involve a claim of patent rights by one or more
TMForum members or by non-members of TMForum.
Direct inquiries to the TM Forum office:
240 Headquarters Plaza,
East Tower 10th Floor,
Morristown, NJ 07960 USA
Tel No. +1 973 944 5100
Fax No. +1 973 944 5110
TM Forum Web Page: www.tmforum.org

GB941 - Version 1.0 TeleManagement Forum 2006 Page 2 of 70


GB941 Revenue Assurance Guide Book

Table of Contents

Notice ..................................................................................................................................................................2
Table of Contents ..............................................................................................................................................3
List of Figures ....................................................................................................................................................5
Executive Summary ..........................................................................................................................................6
Background ........................................................................................................................................................8
1.1 Dimensions to the RA problem ........................................................................................................9
1.2 Economical Perspective...................................................................................................................9
1.3 Different Approaches to RA .......................................................................................................... 10
1.3.1 Reactive, Active, and Proactive RA ...................................................................................... 10
1.3.2 Data Quality & Data Integrity vs. Process Improvement ..................................................... 11
1.4 Best Practices ................................................................................................................................ 11
1.5 RA Maturity Model ......................................................................................................................... 12
2 RA NGOSS, eTOM and SID .................................................................................................................... 16
2.1 NGOSS .......................................................................................................................................... 17
2.2 The eTOM...................................................................................................................................... 18
2.3 The SID .......................................................................................................................................... 18
2.4 The proposal .................................................................................................................................. 19
3 Revenue Assurance and Fraud ................................................................................................................ 22
3.1 Introduction .................................................................................................................................... 22
3.2 Revenue Leakage Differentiating Fraud and Revenue Assurance Issues ............................. 22
3.2.1 Case 1 .................................................................................................................................... 23
3.2.2 Case 2 .................................................................................................................................... 24
3.2.3 Case 3 .................................................................................................................................... 24
3.2.4 Case 4 .................................................................................................................................... 24
3.3 Relationship between Fraud and Revenue Assurance............................................................... 24
3.3.1 Collaboration for multi-dimensional leakage: ....................................................................... 25
3.4 Recommendations for a Collaborative Approach ........................................................................ 26
3.4.1 Collaboration Components ................................................................................................... 26
3.4.2 Key Benefits of a collaborative approach ............................................................................. 28
4 Revenue Assurance and Regulation ....................................................................................................... 29
4.1 Sarbanes Oxley ............................................................................................................................. 29
4.1.1 Relevant Sections of SOX .................................................................................................... 29
4.1.2 Interplay between SOX and Revenue Assurance ............................................................... 30
4.1.3 Linkage between SOX and eTOM processes ..................................................................... 32
4.1.4 Key Requirements for Revenue Assurance Activities to Enable SOX Compliance .......... 32
4.1.5 Illustrations of Interplay between SOX and Revenue Assurance ....................................... 34
4.1.6 Benefits for SOX Compliance Derived from Revenue Assurance ..................................... 34
4.2 Europe & UK specific linkages...................................................................................................... 34
4.2.1 Introduction: ........................................................................................................................... 34
4.2.2 Implementation of the new European regulatory framework .............................................. 35
4.2.3 Scope, Aims and Definitions ................................................................................................. 35
4.2.4 Structure - National Regulatory Authorities .......................................................................... 36
4.2.5 Obligations and Tasks of National Regulatory Authorities .................................................. 36

GB941 - Version 1.0 TeleManagement Forum 2006 Page 3 of 70


GB941 Revenue Assurance Guide Book

4.2.6 Maturity Status of National Regulatory Authorities .............................................................. 37


4.2.7 Regulatory Requirements v/s Revenue Assurance............................................................. 37
5 Revenue Assurance for Content and Advanced Services................................................................... 39
5.1 Challenges ..................................................................................................................................... 39
5.1.1 Challenge #1: CSPs and the multi-party value chain .......................................................... 39
5.1.2 Challenge #2: More complex Rating and Billing processing ............................................... 41
5.1.3 Challenge #3: Economic impact of errors ............................................................................ 41
5.1.4 Challenge #4: Complex payment arrangements and revenue stream bypass .................. 42
5.2 Recommended Strategies ............................................................................................................ 42
5.2.1 Key Strategies ........................................................................................................................ 42
6 Revenue Assurance Scenarios ................................................................................................................ 44
6.1 Introduction..................................................................................................................................... 44
6.2 Perceived Root Causes................................................................................................................. 44
6.3 Revenue Leakage Points .............................................................................................................. 46
6.4 Revenue Assurance Classifications ............................................................................................. 52
7 Appendix A: Introduction to Telecom Frauds ........................................................................................ 63
Fraud - Unnoticed? .................................................................................................................................. 63
How does fraud happen? ........................................................................................................................ 64
8 Administrative Appendix ........................................................................................................................... 66
8.1 About this document ...................................................................................................................... 66
8.2 Document Life Cycle ..................................................................................................................... 66
8.3 Document History .......................................................................................................................... 67
8.3.1 Version History ....................................................................................................................... 67
8.3.2 Release History...................................................................................................................... 67
8.4 Company Contact Details ............................................................................................................. 67
8.5 Acknowledgments ......................................................................................................................... 68
8.6 About TeleManagement Forum .................................................................................................... 69

GB941 - Version 1.0 TeleManagement Forum 2006 Page 4 of 70


GB941 Revenue Assurance Guide Book

List of Figures

Figure 1: Leakage and Drip Trays 10


Figure 2: Outline Revenue Assurance Maturity Model 13
Figure 3: The NGOSS Model 17
Figure 4: Revenue Assurance ABEs 19
Figure 5: RA eTOM processes 21
Figure 6: Categories of revenue leakages 23
Figure 7: Interplay between SOX, RA and other Risk Management Functions 31
Figure 8: SOX related eTOM processes 32
Figure 9: COSO Internal Control Framework 33
Figure 10: Old Value Chain 39
Figure 11: New Value Chain 40
Figure 12: Perceived Causes 45

GB941 - Version 1.0 TeleManagement Forum 2006 Page 5 of 70


GB941 Revenue Assurance Guide Book

Executive Summary

Revenue leakage is often considered a hidden and uncontrolled cost of doing


business in the telecom industry. In addition to fraud, reasons for revenue loss include
network provisioning, mediation and CDR errors, billing and interconnect
inconsistencies, loss of data and corrupted files, fragmented support systems,
incoherent databases, and manual or ill defined business processes. According to
various Revenue Assurance (RA) research reports, the degree of exposure lies in the
range of 3% to 15% of the Communications Service Providers (CSP) gross revenue
depending on factors such as networks and services type, geography, carrier type,
and Revenue Assurance maturity level.

In the context of Revenue Assurance - the main question for any business is how
much leakage is acceptable and how to improve the operations and systems that will
minimize those leakages. An effective RA process must ensure the integrity and
synchronization of both data and processes across all the disparate systems and the
network itself, in order to sustain operational and financial efficiency. RA provides
analysis of the relationship between network resources, services, customers, and
generated revenue, and enables the CSP not only to detect revenue leakage (e.g.
un-billed customers, mis-billed customers), stranded assets, and operational
inefficiencies, but also to understand the reasons for these undesired occurrences.

This Guidebook originates from TMF Revenue Assurance Technical Report 131, a
technical report on RA issued by TMF in 2004, and leads the reader through different
facets of RA, collecting the experiences of various professionals.

In its evolution from a technical report to a guidebook, the Guidebook aims at


broadening the target audience from the original group of RA technical practitioners to
a broader set of business stakeholders including other contributing, influencing or
benefiting organizations in a CSP. Additional topics have been investigated; others
that were only outlined in TR131 have been further expanded.

In particular, the Guidebook deals with the following topics, each one covered in a
separate chapter:

SID and eTOM models support for RA, according to the recent proposal of
TMF Modeling team to integrate RA into the SID and eTOM

View at Regulatory Compliance through the prism of RA, addressing


Sarbanes-Oxley (SOX) and regulation in general.

Linkages between Fraud Management and RA, a section in which several


options of how to effectively address RA issues are recommended to CSPs.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 6 of 70


GB941 Revenue Assurance Guide Book

RA for Content Services, giving recommendations and highlighting some of


the new challenges currently posed to CSPs by the delivery of new advanced
content-based services.

Business Scenarios in which RA becomes significant, providing an insight of


perceived root causes and a classification of main areas affecting RA

In conclusion, a technical Appendix introduces the reader to the Telecom Fraud topic,
ending with taxonomy of possible frauds.

A background section follows, to briefly highlight some the key aspects of TMF
TR131 which may be considered a starting point for this work: Traditional RA
approaches, drip tray model, RA maturity model, and RA best practices.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 7 of 70


GB941 Revenue Assurance Guide Book

Background

In 2004 the TeleManagement Forum undertook an initiative to better define and


standardize the issue of revenue assurance for CSPs. The findings were published in
the technical report named TMF Revenue Assurance Technical Report 131
(TR131), publicly available on TeleManagement Forums web site since April 2005.
TR131 is based on the accumulated experience of many operators, vendors, and
system Integrators (SIs). TR131 report lays out the de facto standard by which CSPs
can benchmark their maturity in the RA process.

Revenue Assurance is a well-known challenge in the Telecommunications sector,


mainly rooted in the Telephony world as a set of techniques and methodologies to
identify and fix revenue leakages and/or prevent or detect errors resulting in unbilled
or uncollected revenues of the CSP. Todays accelerated growth in the data, IP and
real-time services market introduces additional complexity and exposure for RA due
to dynamically evolving technologies, continuous demand for new services, more
complex business processes, new value chains, additional external partnerships, new
business models and an every increasing and more complicated operational and
business systems infrastructure.

The above factors, coupled with the tumultuous economic climate that started with
the slowdown in 2001 and the revitalization in 2004-5 and the current regulatory
environment, provide evidence and compelling need for RA in more and more CSPs.
This need, in turn, together with the acknowledgement of the strategic significance of
RA for CSPs, resulted in the formation of organizational units to ensure the accuracy
of financial reporting and revenue recognition. Given increased regulatory and
competitive pressure and in order to remain competitive and profitable, CSPs are
continuingly restructuring their organizations according to new business targets and
priorities. These structural change and the response to market conditions suggest the
benefits of the acceptance of a holistic RA process to optimize the business process,
the usage of existing assets, the data integrity and as a result - maximizing revenues
and in parallel - reducing costs and increase profitability.

Up to 2004 no CSP emerged as credible industry leader, nor was a unique definition
available to comfortably align RA practitioners from different business domains. This
situation may be understood since RA evolved from several organizational units
(Finance Control, Network Operations, Fraud Management, Billing Operations, etc.)
each of which has a different perspective, approach to RA and own priorities.

Moreover, RA is an over-used buzzword. It often reflects the financial needs as well


as objectives related to a business problem. These needs and objectives tend to be
defined differently by different stakeholders, hence the confusion associated with the
term of RA.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 8 of 70


GB941 Revenue Assurance Guide Book

1.1 Dimensions to the RA problem

For the revenue stream in the usage-based billing environment (i.e. billing that is
based upon data volume, duration of sessions, etc.), a comprehensive analysis of the
entire process from capturing and recording a billable event through billing, cash
collection, accounting and revenue recognition is required. One example of an
approach used by a CSP offering voice telephony services is to compare the
networks CDRs (Call Detail Records) to SS#7 events to verify the proper ratio of
CDRs to SS#7 events. An alternative technique uses test calls that are generated
either manually or automatically, to compare the generated CDRs to the record of the
event from the subscribers perspective.

The subscription-based charging model (recurring or one-time fees) requires an


inspection of the data pertaining to the servicing network elements and comparing it
to the subscribers billing data. However, order management, asset/inventory
management and provisioning systems should also be part of this assessment
because data discrepancies may result in the billing process not being aligned with
the number of orders, order details or services actually provisioned within the
network. Additionally, stranded assets in the network inventory (assets shown in use
by the operational support systems but no service actually utilizing the asset) can
result with excessive CapEx due to discrepancies in network capacity and orders or
allocated resources.

For event-based charges (SMS, MMS, etc.) the tariff structure could be regarded as
even simpler and requiring only reconciliation. Some providers tend to tie such
charges to those of content delivery service (video, music, etc.), which include quality
of service related attributes; this requires much stricter controls to be performed.

There are other dimensions to the problem such as pre-paid and post-paid issues,
wholesale and retail differences, and so on. Each one requires particular care and
may even require a distinct approach, since the type of service or targeted customer
segment influences choice of methods and priorities for the CSPs RA program.

1.2 Economical Perspective

Assessing costs and benefits is a required first step prior to introducing new often-
complex projects within a business. This is also the case for an RA initiative. To
address this issue, TR131 includes a detailed discussion of the outcomes of a real life
example of a cost-benefit analysis performed by an operator.

The analysis uses a drip tray model; a common metaphor used in describing the
affect of errors in processing charges, a term commonly referred to as leakage. The
metaphor is appropriate as the loss of water from a pipe exhibits similar properties to
the loss or corruption of data as it is processed from one system to the next.

The amount of water lost by the pipe could be measured by comparing the amount
that goes into one end of the pipe against the amount that comes out of the other end

GB941 - Version 1.0 TeleManagement Forum 2006 Page 9 of 70


GB941 Revenue Assurance Guide Book

of it. Though simplistic, the comparison of ins and outs lies at the heart of activities
intended to monitor, diagnose, prevent and measure the extent of error.

In Out

error not error captured error captured


captured not resolved and resolved

Figure 1: Leakage and Drip Trays

Some drip trays will lead to the capture of errors, some will lead to their capture and
resolution. Capturing errors without resolution means that errors are measured but
still take place. Capturing and resolving errors means measurement of errors that
would have gone unresolved without the drip tray. A drip tray that captures errors
without leading to resolution has a cost, but no clear attributable economic benefit.

The analysis indicates the benefits of an effective and on-going RA strategy greatly
outweigh the costs associated with the project and the operation.

1.3 Different Approaches to RA

1.3.1 Reactive, Active, and Proactive RA

Using the following definitions for different styles of revenue assurance initiatives
Reactive doing something as a response to existing leakages, for example a project to
identify and resolve the causes of actual revenue loss;
Active doing something to address problems as they occur, for example by monitoring
of problems in real-time. This approach is designed to initiate corrective responses
prior to any revenue loss takes place;
Proactive - acting in anticipation, by implementing controls and other measures to prevent
problems from occurring
In general, the reduction in time required to respond to a problem is the basis for the
shift from reactive to active RA. The goal is to anticipate what can go wrong and
prevent it. This pre-emptive approach is the basis for proactive RA.

The Reactive, Active and Proactive approaches to RA are complementary


approaches. A good RA practice must always include Reactive controls, to identify
leakages and create the case for the Active and Proactive controls. Active controls
are required to discover problems in near-real time, and to correct their outcomes
before they cause a real damage. Proactive controls are the ultimate goal. These

GB941 - Version 1.0 TeleManagement Forum 2006 Page 10 of 70


GB941 Revenue Assurance Guide Book

controls help preventing the problems from occurring in advance and normally do so
by being addressed in the design and deployment phases. That said, it is a bad
practice to rely only on Proactive controls since, as a result of the significant
complexity of the operations and business systems and processes of a CSP, some
problems may not be able to be detected proactively

1.3.2 Data Quality & Data Integrity vs. Process Improvement

An approach pursuing Data Quality & Data Integrity focuses on improving the quality
of data to ensure accuracy of revenue. This normally involves the extraction of data,
from one or a number of systems and/or the consistency validation of the data when
moving from network to billing.

Process Improvement is normally undertaken by a review of the business processes


supporting the generation and management of revenue generating events (e.g.,
Order to Cash processes). The aim is to ensure that processes are designed properly
and performed as expected.

In this type of audit style approach, RA tends to identify where potential areas of risk
exposure might exist: within system functionality, handoff between systems, as well
as supporting business processes and interaction between the processes and
systems.

Both approaches are complementary and we recommend combining them. There are
RA problems that will be detected only by one of the previously mentioned
techniques. For example, an automated provisioning process that generates many
errors and needs human intervention, may end with successful provisioning and
complete data integrity, but cause revenue leakages (the customer will start to use
the product later) and subsequently increase the CSPs costs (the cost of the human
intervention). This problem will be detected only by using Process Improvement
techniques and not by Data Integrity techniques.

1.4 Best Practices

Best practices have been constituted to ensure that comprehensive strategies include
network element configuration data, OSS service activation data, usage data,
mediation rules, and customer account data from order entry, billing and CRM.

Best practice in RA represents a dynamic striving for optimization rather than the
static delivery of a particular series of methods, controls and tools. RA best practice
itself shall be subject to perpetual review and shall not be considered as a static
process.

For an RA strategy to be considered effective it is mandatory to include all of the


following components: technology, people and processes.

Technology component includes identifying data discrepancies and prioritizing the


correction efforts, which is a daunting task, and needs the support of software to be

GB941 - Version 1.0 TeleManagement Forum 2006 Page 11 of 70


GB941 Revenue Assurance Guide Book

carried out. eTOM and SID, to some degree inherently provide for improved benefits
of technology integration that reduce some, but not all of the potential fallout
associated with technology components that do not interface without a global
standards adoption.

People component includes the necessary quick investigation of suspicious data by


RA analysts and subject matter experts, intended to determine the validity of
threshold violations when abnormalities occur.

Process component refers to the solid understanding of the complex


interdependencies among network infrastructure, B/OSS environment and business
processes in CSPs operations that the expert should have. eTOM Layer 0 2
processes establish some of the interdependencies and cooperation across business
units, departmental approaches and various company objectives.

RA systems should be designed to support data acquisition from network elements,


provisioning systems, mediation platforms, billing systems, order management
systems, asset management systems, intercarrier exchanges, partner relationship
management, etc., according to the specific business scenario. Beyond data access
capabilities, RA systems should also implement key functional features to perform
appropriate detection techniques (monitoring, reconciling, correlation and so on) and
include reporting tools such as dashboards, tracking and correction panels, case
management tools and enterprise controls visibility across all business functions,
especially given the new financial regulatory environment such as Sarbanes-Oxley.

1.5 RA Maturity Model

TMF Revenue Assurance Technical Report 131 (TR131) also sets forth five
successive stages that characterize the RA level of maturity within a CSP. Not only
does this scale give CSPs a benchmark to measure their progress against other
CSPs, but it also lays out a road map for other RA operations.

Five steps of maturity have been identified, with the fifth step an ideal to be reached.
Initial, when no RA process has been established and only arbitrary ad hoc reactions to
circumstances;
Repeatable, when RA processes are developed at the level of individual projects,
products and implementations. Flaws are identified and remedial action is taken.
Defined, when RA processes are developed for the whole organization. Organizational
priorities for revenue assurance are understood and guide proactive deployment of
resources.
Managed, when RA processes provide consistent quantitative measures. Measures
drive planning and control.
Optimized, when the measures, planning and controls implemented in order to improve
the business themselves become the subject of continual improvement.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 12 of 70


GB941 Revenue Assurance Guide Book

5. Continuous improvement via


feedback. Decentralized ownership,
central control.

4. Leakage quantitatively understood


and controlled.

3. Standardized approach developed.


Designing-in control commences.

2. Basic project/process management.


Repeatable tasks.

1. Ad-hoc, chaotic. Dependant on


individual heroics.

Figure 2: Outline Revenue Assurance Maturity Model

Five distinct aspects have been identified to help assess the RA maturity level of a
business:
Organization aspect of RA responsibilities reflects how well the objectives of individual
staff and of the business as a whole are aligned with the goals of revenue assurance.
People that are dedicated only to revenue assurance or provide secondary support.
The influence of RA knowledge over the company refers to the ability to proactively
instigate, manage and deliver change.
The effectiveness of design and implementation, the synergy use of different tools to
meet multiple business objectives.
The improvement of company processes, including RA, which is itself a process that
should be improved over time.
The economic benefits of following a defined RA process gradually take shape as a
company moves up the maturity ladder. In the first few stages of maturity, there is low
hanging fruit - economic benefits that are easy to identify and provide an immediate
return. These benefits are realized by finding discrepancies in data that directly
impact billable and collectable revenues. Although the benefits from resolution of
these problems continue to exist, CSPs can see significant economic improvements
when they focus on process improvement. At this level, usually in the managed stage
and above, a CSP can prevent a less than optimal business process from evolving
and thus take its revenue assurance activity to the higher level of maturity, producing
more profound, long term results.

The level of economic benefit that a CSP can realize goes hand in hand with its RA
maturity as defined by TR131. There are no shortcuts in this process. An organization

GB941 - Version 1.0 TeleManagement Forum 2006 Page 13 of 70


GB941 Revenue Assurance Guide Book

must go through these stages to build the required level of trust that will allow it to
maximize the benefits of a full and effective revenue assurance process.

Current RA Trends

The process of RA maturation within an individual service provider is a response not only to the
growth of internal RA experience and expertise, but also reflects the influence of a number of
external macro- and micro-development factors on the perceived RA needs of the business
and the prioritization of RA activities. These external drivers also evolve over time. The primary
categories are as follows:

Macro-economic: the overall state of local and global economies and their impact on
business confidence.
Commercial: the need to increase revenues/margins and lower costs; competitive
pressures.
Industry Regulation: the development of industry-specific regulatory initiatives, ranging
from the general, such as liberalization and privatization in developing markets, to the
specific, such as OFCOMs OTR003 in the UK which requires service providers to
demonstrate metering and billing accuracy with potentially stringent penalties for non-
compliance.
Corporate Governance & Fiscal Legislation: most notably the Sarbanes- Oxley Act in the
US and the EUs 8th Directive, introduced to restore public faith and transparency in
the governance, internal controls and audited financial statements of public
companies. (See section 5 ff)
The initial surge of interest in RA coincided with the worsening economic conditions in
developed markets experienced by the high technology sector including the
telecoms industry at the start of the century. Cyclical economic factors are now
improving and causing a concomitant change in the corporate mindset from
accountancy-led back to entrepreneurial-led. There is now some evidence that the
role of mature RA is being asked to change in response, and the Maturity Model
(see section 1.7) may need to be amended to accommodate this.

Some of the noted responses are as follows:


Responsibility for and ownership of the maintenance of primary quality assurance
replacing revenue assurance and being returned to business and operational units. In
mature RA environments where RA culture has become embedded across the
business this trend is not unexpected, and it potentially allows for cost reductions
through personnel reductions and may encourage immediacy at the point of origin for
some but not all - revenue leakage scenarios. However, there is as yet no clear
trend in the relationship between the core RA team and the departmental QA owners.
As above, RA core teams are being downsized as the more immediate firefighting
aspects of RA have been taken in hand and the opportunities for obvious and quick
wins have lessened.
Core RA teams are being refocused with priority give to compliance and governance
related activities. RA has provided much of the knowledge and operational enactment
of SOC programs in conjunction with Internal Audit. As some recent surveys have

GB941 - Version 1.0 TeleManagement Forum 2006 Page 14 of 70


GB941 Revenue Assurance Guide Book

highlighted the fact that compliance is now a bigger driver for IT initiatives than ROI,
this reprioritization is, again, not unexpected. However, there are some key
differences between RA and Internal Audit drivers. Whilst demonstrating the accuracy
and completeness of financial reporting is of high relevance to RA, the primary goal
has historically been to satisfy commercial imperatives increasing revenues and
margins whilst reducing costs and these are not key compliance targets.
RA is maintaining input into planning processes, but primarily with a focus on cost
management slant. Typically in such cases, RA expertise in being targeted at tactical
than strategic objectives.
These changes are not necessarily in the best interests of either the evolution of
effective RA or for the broader benefit of service providers looking to ensure cost
effective operations for new generation services.

As RA has increased its influence, and through the necessary efforts of groups such
as the TM Forums RA Working Group and Catalyst projects, the knowledge and
expertise of the RA practitioners is beginning to be standardized into a core RA
process methodology that can be applied across all business units to uncover,
recover and inhibit revenue leakages from a wide variety of different systems,
processes and circumstances. This is critical for the benefit of the entire telecoms
industry, and can provide a critical bridging of operational and business (financial)
processes. However, the business value of RA is engendered in people whether in
an internal RA team or external consultants and not solely in formularized process.

Service Providers in newly competitive, high growth/low penetration markets where


RA is typically less mature are largely unaffected by this trend at present, and may
even benefit from the inbound relocation of experienced RA practitioners. However,
as the technological and legislative drivers they face become increasingly similar to
those in developed markets, it may only be a matter of time before the commercial
drivers fall into line as well.

The global RA community is now facing up to the challenges of new generation


infrastructure and services those based primarily on IP and designed to exploit
convergent service opportunities. In parallel, complex 3rd party commercial
relationships are evolving. A balance between the maintenance of strong process-
driven RA derived from the traditional PSTN world and the evolution of a new
generation of RA skills evolved from an IP mindset will be required to guide the
transition and ensure that we learn from past mistakes rather than repeat them.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 15 of 70


GB941 Revenue Assurance Guide Book

2 RA NGOSS, eTOM and SID

Revenue Assurance is not yet part of the NGOSS eTOM (enhanced Telecom
Operations Map) and SID (Shared Information and Data) paradigms. The
TeleManagement Forums Revenue Assurance modeling team submitted a proposal
about the integration of RA with the SID and eTOM. This proposal is under review,
and our expectation is that it will be accepted with minor changes in the next few
months. In this document, we present the highlights of the proposition.

The eTOM Business Process Framework serves as the blueprint for process
direction and the starting point for development and integration of Business and
Operations Support Systems (BSS and OSS respectively). The SID, as the NGOSS
information model, provides an information/data reference model and a common
information/data vocabulary from a business as well as a systems perspective. Using
the SID in combination with the eTOM business process and activity descriptions, it
becomes possible to create a bridge between the business and Information
Technology groups within an organization, providing definitions that are
understandable by the business, but are also rigorous enough to be used for software
development. The integration of RA into the eTOM and SID will greatly impact the
standardization of RA, permitting service providers, system integrators, and vendors,
to implement RA in a canonical way, reducing costs, and ensuring interoperability
between systems and processes.

For the sake of the RA practitioners who may not be familiar with the NGOSS, eTOM
and SID framework, we first provide a short introduction to NGOSS, eTOM and SID.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 16 of 70


GB941 Revenue Assurance Guide Book

2.1 NGOSS

Figure 3: The NGOSS Model

NGOSS is a comprehensive, integrated framework for developing, procuring and


deploying operational and business support systems and software.
NGOSS is the TeleManagement Forum initiative to drive efficiency in and cost out of the
operation of telecom networks. NGOSS enables service providers to change the way
they think about their business and operations.
NGOSS is a comprehensive, integrated framework for developing, procuring and
deploying operational and business support systems and software. It is available as a
toolkit of industry-agreed specifications and guidelines that cover key business and
technical areas.
Through an integrated system of business and technical elements, NGOSS allows
OSS/BSS systems to become as interoperable as they have been never before.
NGOSS positions Service Providers with a repeatable process for automation of complex
operational tasks and positions vendors with the most effective open interfaces in the
industry today.
Business Process Automation delivered in the enhanced Telecom Operations Map
(eTOM)
Systems Analysis & Design delivered in the Shared Information/Data Model (SID)
Solution Design & Integration delivered in the Contract Interface and Technology Neutral
Architecture (TNA)
Conformance Testing delivered in the NGOSS Compliance Tests

GB941 - Version 1.0 TeleManagement Forum 2006 Page 17 of 70


GB941 Revenue Assurance Guide Book

Procurement & Implementation delivered in ROI Model, RFI Template, and


Implementation Guide documents
This approach enables all players in the OSS/BSS supply chain to use the elements
appropriate for their business but with the confidence that these elements all fit
together with a reduced level of integration tax.

NGOSS-based solutions use mainstream IT concepts and technologies to deliver a


more productive development environment and efficient management infrastructure.
NGOSS is prescriptive for only those few cardinal points where interoperability is key
while enabling ease of customization across a wide range of functionality. This allows
NGOSS-based systems to be tailored to provide a competitive advantage while also
working with legacy systems.

2.2 The eTOM

The Enhanced Telecom Operations Map (eTOM) is the ongoing TM Forum initiative
to deliver a business process model or framework for use by service providers and
others within the telecommunications industry. The TM Forum eTOM describes all
the enterprise processes required by a service provider and analyzes them to
different levels of detail according to their significance and priority for the business.
For companies adopting eTOM, it serves as the blueprint for process direction and
provides a neutral reference point for internal process reengineering needs,
partnerships, alliances, and general working agreements with other providers. For
suppliers, eTOM outlines potential boundaries of software components to align with
the customers' needs and highlights the required functions, inputs, and outputs that
must be supported by products.

2.3 The SID

The SID, as the NGOSS information model, provides an information/data reference


model and a common information/data vocabulary from a business as well as a
systems perspective. The SID uses UML to formalize the expression of the needs of
a particular view.

The SID provides the common language for communicating the concerns of the four
major groups of constituents represented by the four NGOSS Views: Business,
System, Implementation and Deployment, defined in the NGOSS Lifecycle. Used in
combination with the eTOM business process and activity descriptions, SID makes it
possible to create a bridge between the business and Information Technology groups
within an organization, providing definitions that are understandable by the business,
but are also rigorous enough to be used for software development.

In order to integrate Revenue Assurance into the NGOSS framework, and to gain all
the benefits of this framework, RA must be integrated at least into the Enhanced
Telecom Operations Map (eTOM), which defines the business processes in the

GB941 - Version 1.0 TeleManagement Forum 2006 Page 18 of 70


GB941 Revenue Assurance Guide Book

telecommunications industry, and into the Shared Information/Data Model (SID). The
integration of RA into the eTOM permits telecommunications operators to have a
better understanding of the function of RA at the operational level and to comprehend
the interactions between RA and other processes. The integration into the SID allows
identifying the common data/information model that should be followed by RA
solutions, permitting structured and easy integration between RA solutions, and
between RA solutions and other entities in the telecommunications operational map

2.4 The proposal

The TMF RA modeling team made a detailed proposal of integration of RA into the
SID and eTOM. Below is a high-level description of this proposal. The reader should
keep in mind that this description is neither detailed nor exhaustive, and that
exactitude was sacrificed for simplicity.

We identified 7 RA Aggregate Business Entities (ABEs) that should be incorporated


into the SID
Revenue Assurance controls,
Revenue Assurance violations,
Revenue Assurance key performance indicators (KPIs),
Revenue Assurance objectives
Revenue Assurance rules that map revenue assurance KPIs and
threshold violations to revenue assurance trouble tickets.
Revenue Assurance actions/responses
Revenue Assurance assessments
Figure RA.4 depicts the Revenue Assurance Aggregate Business Entities (ABEs)
within the SID Framework.

Enterprise (Under Construction)

Revenue Assurance
RA Control RA Trouble Ticket RA Assessment

RA KPI RA Action_Response

RA Objective
RA Violation

Figure 4: Revenue Assurance ABEs

GB941 - Version 1.0 TeleManagement Forum 2006 Page 19 of 70


GB941 Revenue Assurance Guide Book

The Revenue Assurance Control ABE defines policy-based rules that represent the
logical definition of comparisons performed on entities to identify Revenue
Assurance Violations. For example a Revenue Assurance Control may compare
pre mediation and post mediation call details records (CDRs) to identify improperly
dropped CDRs, i.e. Revenue Assurance Violations

Revenue Assurance KPIs are defined on Revenue Assurance Violations and on


other revenue assurance related entities, such as bills and CDRs. For example a RA
KPI may count the number of Revenue Assurance Violations found by the
Revenue Assurance Control that compared the pre and post mediation CDRs.

Revenue Assurance Objectives are targets whose infringement may trigger the
creation of Revenue Assurance Trouble Tickets. Examples of Revenue
Assurance Objective are that the value of the Revenue Assurance KPI that
counted the number of dropped CDRs is lower than 50,000, or that the trend of this
value over a period of time is negative (the number of violations is dropping). When
one or several Revenue Assurance Objectives are violated, a Revenue
Assurance Trouble Tickets may be issued. For example if the number of dropped
CDRs is higher than 50,000 a Revenue Assurance Trouble Ticket may be issued
and assigned to someone, to check the cause of the problem, and to try to recycle
the dropped CDRs. Revenue Assurance Trouble Tickets may be created as a
result of the infringement of one or more Revenue Assurance Objectives, or as a
result of the finding one or more Revenue Assurance Violations.

Revenue Assurance actions/responses reconcile revenue assurance trouble tickets,


and Revenue Assurance Violations and may bring the Revenue Assurance Trouble
Tickets to closure by initiating and performing a series of one or more activities.
These activities may include corrective activities, e.g., correcting and recycling the
dropped CDRs, and other activities such as sending reports to all the people that
should be aware of the violation of the objective, e.g., sending a report to the CFO if
more than 50,000 dropped CDRs were found. Revenue Assurance Action/Response
ABE entities also may consist in root cause analysis.

Revenue Assurance Assessment ABE entities measure the effectiveness of


Revenue Assurance Controls, Revenue Assurance Objectives, and Revenue
Assurance KPIs. Revenue Assurance Assessment ABE entities include
recommendations of refining controls, objectives, and KPIs.

The RA ABEs proposed are based on existing SID ABEs, for example the Revenue
Assurance Trouble Tickets is defined using the already existing SID ABE of
TroubleTicket, and the Revenue Assurance actions/responses is defined using
the already existing SID ABE of Activity.

Revenue Assurance (RA) business entities support the complete RA lifecycle. These
processes range from creating RA controls, KPIs and RA objectives, identifying RA
violations and trouble tickets, resolving trouble tickets to assessing an enterprises RA
program. RA eTOM processes are shown in Figure RA.5.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 20 of 70


GB941 Revenue Assurance Guide Book

Figure 5: RA eTOM processes

GB941 - Version 1.0 TeleManagement Forum 2006 Page 21 of 70


GB941 Revenue Assurance Guide Book

3 Revenue Assurance and Fraud

3.1 Introduction

Traditionally, most CSPs identified fraud management as a priority in the early days
of operations. The early focus and implementation of systems contributed to the
development and maturity of fraud management practices and systems. Although
there is a clear relationship between fraud management and revenue assurance,
fraud management has evolved as a separate function, often under different
department and sponsorship within the organization. Industry-wide, there is
consistency in the approach and system functionalities for fraud management.

However, revenue assurance is still an immature activity for many CSPs. Revenue
assurance activities in most of the CSPs are independent of their fraud management
practices. As new issues and systems come into place, there is an increasing need to
look at both fraud management and revenue assurance together due to the nature of
the leakages and the solutions and practices to identify these.

The purpose of this section is to demonstrate the relationship between fraud


management and revenue assurance and recommend different options for CSPs to
effectively tackle revenue assurance issues.

3.2 Revenue Leakage Differentiating


Fraud and Revenue Assurance
Issues

Revenue leakage in any CSPs operations can be grouped into three categories,
namely, Fraud, Revenue Assurance and Bad Debt. Revenue Assurance problems
are mainly due to the operational inefficiency in the systems or processes. Fraud
represents the deliberate intention to avoid payment and Bad Debt is the combination
of un-intentionable and intentionable revenue loss.

An example of this segmentation is a new bundle offer from an operator may cause
leakage due to illegal use of services and network or non-payment of the dues by the
customer. Other leakages such as the customer not being billed properly as in the
case of under billing or over-billing and issues such as the order not being provisioned
are due to inefficiency in the system.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 22 of 70


GB941 Revenue Assurance Guide Book

New Bundle Offer


Multiple products & services
Multiple price plans
Special Promotions
Inter-related multi-tier discounts
Contractual Clauses

Fraud Operational Bad Debt


Inefficiency

Illegal use of services & Customer not billed correctly Customer does not pay
network Under-Billing = Lost Revenue
Customer does not pay Over-Billing = Customer Churn
Order not provisioned

Figure 6: Categories of revenue leakages

It may not be possible to have a clear segmentation and resolution for the following
reasons:
Differentiating factor is very thin: The root cause of fraud and revenue assurance can be
the same. Intent and root cause are the differentiating factors. Incorrect provisioning
of service at the switch without provisioning at the billing system causes revenue
leakage, as the service usage cannot be billed for. The root cause could be a shortfall
of the provisioning process or an intentionally performed activity. In the former case,
this is a revenue assurance problem and in the latter case, it is an internal fraud.
In case of most of the problems, since the data analyzed is the same, it would be
reflected on multiple tools and systems. This trend is likely to continue and become
more significant in case of IP and event records.

3.2.1 Case 1

Service is not provisioned for a particular subscriber in the billing system, but the
subscriber is using the service. The subscriber is provisioned in the network element.
This scenario can be interpreted in the following way:
The subscriber has been illegally provisioned in the network element
The subscriber was genuine, but because of a process error or error in provisioning
system, only network element was provisioned.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 23 of 70


GB941 Revenue Assurance Guide Book

3.2.2 Case 2

A sudden increase in the number of CDRs generated for a subscriber could be


interpreted as three different scenarios
Increased call pattern that is detected by the fraud management system as a potential
fraud;
Increased number of records that may be due to malfunctioning of switch causing
multiple records or incorrect guiding of records
Genuine increase in usage of the subscriber that could be potentially new revenue
opportunities for the service provider.

3.2.3 Case 3

A sudden increase in traffic is detected from a trunk configured for national calls from
an interconnect operator. This scenario can be interpreted as:
Incorrect trunk configuration causing other traffic (such as international traffic) to be
routed through the trunk;
A third company is illegally routing its calls through the trunk using devices such as
gateway SIMs
There is a genuine increase in traffic. This calls for a renegotiation of the existing
contracts and tariffs.

3.2.4 Case 4

As a part of new product development and testing, a CSP provisioned mobile phones
and services for field-testing. This testing included quality of service and network
coverage testing.

At the end of the testing period, the majority of the phones were not
returned but services on them were left activated due to a process error.

After the launch of the new service, fraudsters gained access to these test
phones and used them for illegal call selling, causing significant losses.

3.3 Relationship between Fraud and


Revenue Assurance

The relationship between the two domains is illustrated below:


Revenue Assurance issues that may be exploited for fraud:
Certain frauds, especially internal frauds are caused when
fraudsters are able to exploit data integrity issues or process
loopholes. New systems, services, and equipments are potential
vulnerable areas that can be used by fraudsters. Test phones or a
SIMs can also be a target for such misuse. Some of the common
examples of these frauds are in the following areas:

GB941 - Version 1.0 TeleManagement Forum 2006 Page 24 of 70


GB941 Revenue Assurance Guide Book

New product development;


System configurations;
Test configurations and equipment.
Fraud scenarios that can cause revenue leakage
Certain fraud scenarios result in revenue loss for subscribers not
related to the fraud. This loss is usually data integrity issues caused
by the fraud. Identification of such issues is critical for recovery of
revenue from non-fraud subscribers. An example of such case is an
internal fraud by illegal configuration in the system such as
suppression of records for fraudsters causing revenue leakage for
other subscribers.
Revenue leakages that may be detected by fraud analysis and vise versa.
Due to the nature of fraud and revenue assurance issues, it would be
possible to find indications on either system. This is important in case
of new frauds and systems. Use of such information is critical in
solving the issues within the shortest possible time to reduce the
impact. An example that was detected by a revenue assurance
system is Interconnect fraud, which is done by modification of some
parameters such as source or origin of calls to apply different rates.
. Fraud management systems real-time processing capability for
detecting integrity issues will significantly improve the RA teams
resolution/correction response time.

3.3.1 Collaboration for multi-dimensional leakage:

As illustrated by the above cases, there is a need to look at each issue identified by
fraud management or revenue assurance systems in multiple perspectives.
It is usually possible to detect the leakage and identify the cause area. However, it is
difficult to find out the root cause (such as intent or process error) without taking a
holistic view of the issue;
It is possible that a revenue assurance problem, such as scenario defined in case 4 can
easily pave the way for fraud to be committed on the network. The revenue
assurance problem, if not corrected with a holistic view, can provide loopholes for
fraudsters to attack the network. Identification of the relationship and its effects is
critical for choosing the correct resolution and prevention methodology.
Certain internal frauds are likely to be detected by the revenue assurance system first.
Unless the exact cause and intent of the problem is identified, it may not be possible
to prevent the issue from reappearing. If treated as a revenue assurance problem
alone, it is likely to be used in a different manner by the fraudster to exploit the
loopholes. Therefore, the issue requires analysis by both revenue assurance as well
as fraud management systems.
Time for resolution of issues is critical. For faster resolution of certain problems detected
by one of the functions, it may be necessary that the information be passed on to the
other relevant function at the earliest opportunity. A collaborative approach facilitates
transfer and early action on such issues.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 25 of 70


GB941 Revenue Assurance Guide Book

3.4 Recommendations for a


Collaborative Approach

To analyze and resolve revenue leakage issues at a holistic level and in many cases
evolve revenue generation opportunities out of this effort, it is important to adopt a
collaborative approach to revenue assurance. We recommend collaboration between
Revenue Assurance and Fraud Management at three levels: the team level, the
process level, and the tool level. In many cases, such collaboration permits analysis
and resolution of revenue leakage at a holistic level that would be missed otherwise.

Nevertheless, our recommendation is for collaboration between RA and Fraud teams,


and not necessarily for having common people dealing with both.

Similarly our recommendation is to use tools and processes for RA and Fraud that
permit sharing data, KPIs, case management, dashboards and reports. However, we
do not necessarily recommend using the same tool or process for revenue assurance
and fraud (additionally, we do not necessarily recommend to use of the same tool for
all revenue assurance tasks, we recommend rather to use the best of breed). Our
recommendations are explained in the following sections.

3.4.1 Collaboration Components

3.4.1.1 Collaboration of Teams:

Collaboration of fraud management and revenue assurance teams results in more


effective dissemination and transfer of information helping in faster resolution of
issues. Some of the options for collaboration of teams are:
Co-location of the teams that allows easier communication;
Common team members and managers with clear roles and responsibilities who can
liaise between the two teams;
Common team members who analyze both fraud and revenue assurance issues.
3.4.1.1.1 Key advantages of collaboration between teams are:

Cross-fertilization of information;
Faster communication of issues and detected discrepancies;
Faster handover of issues between the teams;
Faster identification of key issues and information
3.4.1.1.2 Challenges in collaboration between revenue assurance and fraud
management teams are:

In many CSPs, Fraud and Revenue Assurance teams exist as different departments and
may even have different executive sponsors. There may be a need to change
existing organizational structures or define structures that allow effective exchange of
information.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 26 of 70


GB941 Revenue Assurance Guide Book

Prioritization of issues Fraud is usually given high importance since it is considered an


unwelcome attack from outside. It may be necessary for organizations to define new
priorities.
Political considerations on the role, responsibilities and authority of members of
collaborative team.
Security issues: Access to information from the fraud management team can be restricted
in some CSPs due to regulatory issues. Hence it may be necessary to address such
restrictions;
Mission Differences The Fraud team typically tries to stop the fraud without sharing
information with the whole organization (to prevent others from doing a similar fraud).
On the other hand the RA mission is to divulge the information found throughout the
whole organization, both to help entities prevent similar RA issues in the future, and to
gain future collaboration.
Skill-sets: Collaborative team members may need to acquire additional skill-sets to
handle issues related to both domains.

3.4.1.2 Process

Integration of the fraud management and revenue assurance processes helps


streamline information flow and improve issue resolution. Integration of processes
encompasses setting common objectives and KPIs, integrated resolution
methodology and procedures, transfer of information and cases, inter-department
communication and other related areas. Depending on the nature of the business,
scope and ability to affect changes in the existing structure, integration can be
adopted in all the processes or specific areas. For example, integration can be
adopted only for prevention activities and not for operations.

3.4.1.2.1 Advantages of collaboration of process:

Streamlined activities that facilitate faster resolution of issues, especially for cross-
functional issues;
Reduce redundant processes.
3.4.1.2.2 Challenges brought about by process integration are:

Risk of increasing complexity;


Most of the operators have established working processes and procedures to fight fraud
and operational inefficiency. There may be resistance to modify these;
Political considerations in treating processes from both domains.

3.4.1.3 Tools

Fraud Management and Revenue Assurance tools can be integrated at two levels
Data Management layer and Business layer.
At the data management layer, the systems use the same data processing and storage
for the interfaces that are commonly used by both. Integration of tools can provide in
significant operational expenditure and infrastructure savings for the CSP.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 27 of 70


GB941 Revenue Assurance Guide Book

At the business layer, the integration involves common alarms, workflow, reporting and
presentation. This allows users to share and collaborate effectively. Automation helps
in faster issue communication and resolution, provided appropriate processes are set
up and issues are summarized correctly.
3.4.1.3.1 Advantages of integration of tools:

Integrated view of the revenue assurance and fraud management issues;


Ease in impact analysis of enterprise wide issues at a management level
Holistic problem resolution and workflow.
3.4.1.3.2 Challenges:

Integrated platform that can address both revenue assurance and fraud management
issues;
Modes of operation of fraud management tool and revenue assurance tools are typically
different. Due to the nature of the problem, its perceived impact on the business and
economic considerations, fraud management tools are typically real-time systems
whereas RA tools generally work in a batch-processing mode.
Standard interfaces for tools to collaborate.

3.4.2 Key Benefits of a collaborative approach

Key benefits of a collaborative approach are:


Faster issue resolution: A collaborative approach facilitates easy transfer of information
from one system and team to another. This enables faster resolution of issues.
Increased productivity through eliminated repetitive processes: A collaborative approach
calls for tighter processes that are common to the different activities. It eliminates
processes that are redundant and streamlines the activities.
Resource optimization through shared infrastructure: Eliminate separate systems to
address fraud and revenue assurance results. A collaborative platform can help in
reduction of infrastructure.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 28 of 70


GB941 Revenue Assurance Guide Book

4 Revenue Assurance and Regulation

The discipline of Revenue Assurance by its nature addresses a number of topics that
are subject to a variety of international and statutory regulations.

Diverse regulations, each having its unique focus, can be aligned into two major
groups of industry-neutral, and industry-specific regulations. Examples of the former
include European Unions 8th Directive and the Sarbanes-Oxley Act (SOX), which is
often considered the most significant and illustrative regulation with respect to its
rigorous compliance rules. Examples of the latter group, with regard to
telecommunication industry, include a wide range of guidelines and standards,
covering billing accuracy, network and service availability, settlements between
CSPs, customer relationship management, privacy of customer data, revenue
booking and recognition and many other telecom issues.

The objective of this chapter is to provide an overview and guidance on some of the
regulatory requirements that could be partly or fully addressed by a comprehensive
Revenue Assurance function.

4.1 Sarbanes Oxley

The Sarbanes Oxley Act of 2002 was enacted largely in response to a number of
major corporate and accounting scandals involving some of the most prominent
companies in the Unites States. These scandals have resulted in loss of public trust
in reporting practices and corporate accounting. The objective of the SOX Act is to
restore investor confidence in public markets and enhance penalties for corporate
wrongdoing. The SOX Act has entitled the PCAOB (Public Company Accounting
Oversight Board) to oversee compliance with relevant provisions of the Act.

4.1.1 Relevant Sections of SOX

While SOX is an extensive regulation encompassing all transactions related to


financial reporting for Organizations, from a regulatory compliance perspective
telecom CSPs need to focus primarily on the Acts following most important sections:

Section 302 Accuracy of Financial Statements

The signatories to the Financial Statements are responsible for


Designing, Establishing & Maintaining the Disclosure Controls
Evaluating the effectiveness of Disclosure Controls

GB941 - Version 1.0 TeleManagement Forum 2006 Page 29 of 70


GB941 Revenue Assurance Guide Book

Presenting Conclusions
Fraud, Deficiencies & Significant changes in the Disclosure Controls should be disclosed
Section 404 Internal Controls
Management accepts responsibility for establishing & maintaining Internal Controls
Management is responsible for assessing the effectiveness of Internal Controls
External Auditor attests managements assessment of Internal Control

4.1.2 Interplay between SOX and Revenue Assurance

Revenue Assurance is essentially a set of activities involving detailed data monitoring,


analysis and control, aimed primarily at minimization of financial losses. It holistically
encompasses the Operators entire workflow from service provisioning to billing, to
payment allocations, and beyond. RA should perform a thorough evaluation of
Operators every domain to ensure there are no leakages at a process as well as
technology level. Revenue Assurance is also about risk assessment and risk
management with respect to processes that support revenue management chain and
collateral areas.

Evidence resulting from in-depth Revenue Assurance activities in the form of


monitoring reports, investigation results, reconciliation, and synchronization
procedures helps responsible management to gain assurance of data completeness
and accuracy, as well as to assess the internal control environment over respective
processes. Integration of SOX compliance initiatives into Revenue Assurance
function creates a functional tool in the hands of financial and operational
departments to properly monitor as well as control a great number of risks that are
subject to financial reporting compliance. In absence of a comprehensive Revenue
Assurance function, the financial institutions would have to delve into the intricacies of
individual functions to analyze specific risks. SOX compliance requirements can
serve not only as one of the key drivers, but also as the point of alignment, for many
different risk management initiatives undertaken within organization.

Key elements of NGOSS framework, namely eTOM and SID, referred to in the
Chapter 2 of this Guidebook, could be successfully used as an efficient basis for the
development of diverse risk management functions, including Revenue Assurance,
Regulatory Compliance and others. This idea is illustrated by the below diagram:

GB941 - Version 1.0 TeleManagement Forum 2006 Page 30 of 70


GB941 Revenue Assurance Guide Book

Revenue
Assurance

IT
Governance
Regulation
Compliance

Internal
Business Audit
Risk
Management

Figure 7: Interplay between SOX, RA and other Risk Management Functions


The objectives and focus areas of each of the above risk management functions are
different:

Revenue Assurance: data quality and process improvement aimed at prevention and
management of revenue leakages or instances of fraud, caused by subscriber,
external party or a Companys employee.
SOX Compliance: maintenance and enhancement of an adequate system of internal
controls over financial reporting through the period of compliance.
Internal Audit: independent assurance of compliance with Companys internal policies
and procedures.
Business Risk Management: alignment of risk management with strategy, people,
business processes and related technology.
IT Governance: alignment of IT processes with business requirements to meet
organizational objectives.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 31 of 70


GB941 Revenue Assurance Guide Book

4.1.3 Linkage between SOX and eTOM processes

Linkage between Revenue Assurance and SOX can be realized at Level 2 of eTOM.
Figure 8 below represents processes in Operations area that are subject to SOX
compliance in terms of internal control for financial reporting that could be considered
part of Enterprise Risk Management or Stakeholders & External Relations
Management at Level 2 within Enterprise Management area.

Figure 8: SOX related eTOM processes

4.1.4 Key Requirements for Revenue Assurance Activities to Enable SOX Compliance

From SOX perspective, any Control Framework developed within the Company
should explicitly show the following sections:
Monitoring
Information and Communication
Control Activities
Risk Assessment
Control Environment
The above layers are defined by COSO (The Committee of Sponsoring Organizations of the
Treadway Commission) integrated control framework that is adopted by PCAOB (Public
Company Accounting Oversight Board) as the most relevant for use from compliance
perspective. COSO is a voluntary private sector organization dedicated to the improvement of
the quality of financial reporting through business ethics, effective internal controls, and
corporate governance. COSO was originally formed in 1985 to sponsor the National
Commission on Fraudulent Financial Reporting, an independent private sector initiative that

GB941 - Version 1.0 TeleManagement Forum 2006 Page 32 of 70


GB941 Revenue Assurance Guide Book

studied the causal factors that can lead to fraudulent financial reporting, and developed
recommendations for public companies and their independent auditors, for the SEC and
other regulators, and for educational institutions.

Figure 9: COSO Internal Control Framework

Control Environment encompasses the tone of an organization, and sets the basis for how
risk is viewed and addressed by an entitys people. This includes risk management
philosophy and risk appetite, integrity and ethical values, and the environment in which they
operate.

Risk Assessment includes risk analysis, assessment of a risks likelihood and potential
impact, as a basis for determination how those risks should be managed. Risks are assessed
on an inherent and a residual basis.

Control Activities represent policies and procedures that, when established and implemented,
help to ensure that responses to risks are effectively carried out.

Information and Communication ensures that relevant information is identified, captured, and
communicated in a form and timeframe that enable people to carry out their responsibilities.
Effective communication also occurs in a broader sense, flowing down, across, and up the
entity.

Monitoring ensures that internal controls are monitored and modified as necessary.
Monitoring is accomplished through ongoing management activities, separate evaluations, or
both.

Control activities have to be properly documented to enable regular assessment of their


design and operational effectiveness. The usefulness of the above framework is in that
internal control system, designed according to the definitions of the framework layers, could
be successfully used for different risk management objectives, e.g. the ones formulated in the
areas of operational efficiency, compliance or financial reporting.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 33 of 70


GB941 Revenue Assurance Guide Book

4.1.5 Illustrations of Interplay between SOX and Revenue Assurance

An integrated Revenue Assurance function could provide facilitation for the following sample
list of control objectives mandated for telecom operators by the Sarbanes Oxley legislation:
Ensure that all collected events are processed according to established filtering rules.
Ensure that duplicated records are identified, labeled and analyzed.
Ensure that Customer information items stored in different internal data sources are
synchronized or regularly reconciled.
Ensure that all payments made and received for telecom services are properly allocated
to Customer or Service Partner accounts within proper period.
Ensure that external Customer information is regularly verified against internal customer
information.
Ensure that usage records are obtained from each Service Partner and reconciled with
internal records whenever applicable to verify accuracy of Service Partner invoice.
Ensure that all billable usage records from Service Partner are processed and billed
according to the billing rules consistent with existing contracts.
Ensure accuracy of service fees and charges classification to enable proper matching of
revenues and expenses.

4.1.6 Benefits for SOX Compliance Derived from Revenue Assurance


RA enables risk assessment across revenue management chain and collateral
processes
RA ensures data integrity for financial reporting purposes
RA detects leakages at system integration points
RA provides evidence for internal control evaluation and documentation
In sum, Revenue Assurance and SOX Compliance are two tightly inter-mingled
functions that not only have a number of overlapping business critical objectives, but
also have a strong dependence upon each other.

4.2 Europe & UK specific linkages

4.2.1 Introduction:

This section is aimed at providing a broader view of European telecom regulation,


which is structured around the concept of Promoting competition to the
maximum benefit of users, contribute to the development of the internal market
and promote the interests of EU citizens.

It should be noted at the onset that within Europe the European Parliament and
Council provide directions and guidelines around the Regulatory Framework. The

GB941 - Version 1.0 TeleManagement Forum 2006 Page 34 of 70


GB941 Revenue Assurance Guide Book

implementation of this is left to the NRAs (National Regulatory Authorities). As a


result there is a vast disparity on the maturity, implementation and monitoring of the
Regulatory requirements within EU members.

4.2.2 Implementation of the new European regulatory framework

The European Parliament and Council set a legal deadline of 24 July 2003 for the
transposition of the main provisions of a new framework.

The "Framework Directive" forms part of the "Telecommunications Package designed


to recast the existing regulatory framework for telecommunications in order to make
the electronic communications sector more competitive. This new regulatory
framework consists of this Directive plus four specific Directives, namely the:
Directive on the authorization of electronic communications networks and services (the "
Authorization Directive");
Directive on access to, and interconnection of, electronic communications networks and
associated facilities (the Access Directive");
Directive on the universal service (the "Universal Service Directive");
Directive concerning the processing of personal data (the "Directive on Privacy and
Electronic Communication).
As of 1 November 2003, only eight countries had taken action to incorporate these
into national law. These countries are: Denmark, Spain, Ireland, Italy, Austria,
Finland, Sweden and the United Kingdom.

In some cases, secondary legislation is still required to ensure full transposition.


Of those Member States that have not yet notified the Commission of transposition
measures, there is particular concern that the passage of drafts through the legislative
process is likely to be lengthy (Germany, France); that political uncertainties are
causing delays (Belgium); or simply that despite the existence of drafts the legislative
process has not yet been completed (Greece, Luxembourg, the Netherlands,
Portugal).

4.2.3 Scope, Aims and Definitions

The objective of this Directive is to establish a harmonized framework for the


regulation of electronic communications networks and services. It lays the foundation
in the form of horizontal provisions serving the other measures: the scope and
general principles, basic definitions, general provisions on the national regulatory
authorities, the new concept of significant market power, and rules for granting certain
indispensable resources such as radio frequencies, numbers or rights of way.

In response to convergence of technologies and the need for horizontal regulation of


all infrastructure elements, the new framework is no longer limited to
telecommunications networks and services but covers all electronic communications
networks and services. This includes, for example, fixed and mobile
telecommunications networks, cable or satellite television networks and electricity
networks, where they are used for electronic communications services. On the other

GB941 - Version 1.0 TeleManagement Forum 2006 Page 35 of 70


GB941 Revenue Assurance Guide Book

hand, the content of services delivered over electronic communications networks,


such as broadcasting content or financial services, is excluded, as is
telecommunications terminal equipment.

The Directive defines a series of terms related to electronic communications,


including:
"Electronic communications networks" means transmission systems which permit the
conveyance of signals by wire, by radio, by optical or by other electromagnetic
means, including satellite networks, fixed and mobile terrestrial networks, networks
used for radio and television broadcasting and cable television networks;
"Electronic communications service" means a service, normally provided for
remuneration, which consists in the conveyance of signals on electronic
communications networks. Services providing, or exercising editorial control over,
content transmitted using electronic communications networks and services are
excluded;
"Associated facilities" means the facilities associated with an electronic communications
network or service which enable the provision of this service via that network or
service. This includes conditional access systems - any technical measure whereby
access to a protected radio or television service is made conditional upon
subscription or other form of prior authorisation - and electronic programme guides.

4.2.4 Structure - National Regulatory Authorities

4.2.4.1 Independence

Member States must guarantee the independence of national regulatory authorities


by ensuring that NRAs are legally distinct from and functionally independent of all
organizations providing electronic communications networks, equipment or services.

4.2.4.2 Right of Appeal

At national level effective mechanisms must allow any user or undertaking providing
electronic communications networks or services the right of appeal to an independent
appeal body in the event of any disputes with a national regulatory authority.

4.2.4.3 Impartiality and transparency

Member States must ensure that national regulatory authorities exercise their powers
impartially and transparently. They must also ensure that the national regulatory
authorities make arrangements for consultation of the interested parties if they intend
to take measures, which could have a significant impact on the market.

4.2.5 Obligations and Tasks of National Regulatory Authorities

To promote competition in the provision of electronic communications networks and


services, the primary tasks for the national regulatory authorities are:

GB941 - Version 1.0 TeleManagement Forum 2006 Page 36 of 70


GB941 Revenue Assurance Guide Book

Ensuring that users derive maximum benefit in terms of choice, price and quality;
Encouraging investment in infrastructure and promoting innovation;
Encouraging efficient use and management of radio frequencies and numbering
resources.
The national regulatory authorities must also contribute to development of the internal
market by, inter alia:
Encouraging the establishment and development of trans-European networks and the
interoperability of pan-European services;
Ensuring that there is no discrimination in the treatment of undertakings providing
electronic communications networks and services;
Cooperating with each other and with the European Commission to ensure the
development of consistent regulatory practice and consistent application of the new
regulatory framework for the telecommunications sector.
The final task of the national regulatory authorities is to promote the interests of the
citizens of Europe by, inter alia:
Ensuring that all citizens have access to a universal service, as specified in Directive;
Ensuring the availability of simple and inexpensive dispute resolution procedures;
Contributing to ensuring a high level of protection of personal data and privacy (Directive
on Privacy and Electronic Communications.)

4.2.6 Maturity Status of National Regulatory Authorities

It is quite apparent that the maturity status of regulatory requirements varies


according to the maturity of the countrys NRA and this could vary significantly as is
apparent in above.

Taking this fact into consideration there is a need to map an Organizations Revenue
Assurance functions to its obligations towards the Telecom Regulatory Requirements.

4.2.7 Regulatory Requirements v/s Revenue Assurance

One of the major constraints on revenue assurance evolution is the need to


overcome senior management skepticism about its benefits. Skepticism about the
merits of revenue assurance is due to:
Doubt over the magnitude of benefits that can be earned from implementing fixes and
improvements that arguably could and should have been made unnecessary had
systems and processes been initially implemented correctly;
The difficulty of quantifying the unknown (the iceberg paradox); and
The immaturity of revenue assurance as professional discipline.
But when regulatory requirements come into play, the scenario is changing.
Depending on the regulatory requirements some form of Revenue Assurance
functions may need to be addressed. And if, whilst doing this, benefits to both the

GB941 - Version 1.0 TeleManagement Forum 2006 Page 37 of 70


GB941 Revenue Assurance Guide Book

Business and customer perceptions are realized, management skepticism, to a


certain extent can be mitigated.

The issues at this stage are two-fold:


Regulatory requirements imposed by NRA on Business can be costly to address and
provide only minimum benefit from the business standpoint (An example of this
includes an instance in which an operator was required by NRA to set up test call
generators for all of the operators switches,);
The Business could get complacent about effectiveness of its Revenue Assurance
function by assuming that meeting the Regulatory requirements is sufficient for
Revenue Assurance needs.
It can hence be stated that compliance with regulatory requirements should not be
deemed to address the completeness of Revenue Assurance. On the other hand a
mature Revenue Assurance function should be able to address the Regulatory
Requirements.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 38 of 70


GB941 Revenue Assurance Guide Book

5 Revenue Assurance for Content and Advanced


Services

With voice services becoming increasingly commoditized, CSPs are turning to


content and advanced services, e.g., gaming services, to boost falling revenues.
These services have attracted a large market and are boosting network traffic with the
promise of increasing the ARPU. This market will be the mainstay for CSPs growth
strategy. Forecast for revenues for this market provided by various industry analysts
and research firms validates that content and advanced services promise to amplify
the bottom-line for many CSPs pursuing such opportunities.

In every new market and technology, the challenges increase exponentially. Careful
attention to the impact on the operational infrastructure and processes is required for
CSPs to realize the potential profits that this market offers.

This section of the Guidebook addresses three main challenges. We offer general
strategies to overcome the challenges to realize the profits that this new breed of
services can bring in for the CPSs.

5.1 Challenges

5.1.1 Challenge #1: CSPs and the multi-party value chain


Old Value Chain

Figure 10: Old Value Chain

GB941 - Version 1.0 TeleManagement Forum 2006 Page 39 of 70


GB941 Revenue Assurance Guide Book

Under the old value chain, CSPs owned the network, OSS/BSS systems and owned the
bilateral relationship with the customers. Consequently, network operators had
complete control of services offered to the customers. Figure 4 describes
schematically the old value chain for network operators. As long as network operators
effectively controlled their infrastructure (OSS/BSS) from process and data integrity
perspective, they were covered from a revenue assurance perspective.

New Value Chain

Game G Content Content Service Bearer


Application Payment Customers
Developers aContent
Providers
Aggregators Distributors Handlers Operators Providers
m
e
s
G
a

Figure 11: New Value Chain


Figure 11 illustrates the new value chain. Under this new environment, new roles are
formed. This new value chain is more complex as each link has a discrete part to play
in providing a service to the customer, from the application developers dreaming up
new products to the providers of this content to aggregators to distributors, along with
the payment handlers and service operators to the bearer or incumbent providers.
The traditional role of Network operators is no longer owning network, OSS/BSS and
controlling services. CSPs may choose any or all of the new roles, from playing a role
in distributing content, aggregating content, developing content, handling multi-party
settlement and managing the new, more complex relationship with end user. Or the
CSP might find itself focusing on smaller portion of the value chain, while others take
over the traditional roles of the operator, such as network operations, and even
handling the relationship with the customers, as it is in the case of Mobile Virtual
Network Operators (MVNOs). In place of the familiar bilateral relationship between
customer and network operator, operators now have to deal with a multi-party value
chain.
Management of new value chain relationships puts forward many challenges for operators.

One of the challenges that become evident with this value chain is the emergence
of new business model called the revenue-sharing arrangement. Based on the
role and responsibilities a CSP takes, and on who else is involved in the value
chain, the CSP has to develop a robust settlement process to accurately bill and
settle with the various parties in the value chain including the end user.

Another challenge with this new value chain is the level of control that the CSP
can exercise over the content and advanced services and over the customer
experience for the service. By level of control we mean control over service setup,
sales, provisioning, and fulfillment processes that now involve many parties, as
well as effective control and availability of accurate data from those involved
parties.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 40 of 70


GB941 Revenue Assurance Guide Book

The other challenge is that the new value chain relies on multiple parties
to provide critical information to enable the CSP to formulate the event
record. The CSP faces the daunting task of assembling information from
all these parties, a task that poses a great source of process and data
integrity challenges.

This new way is in sharp contrast with traditional voice service, in which a call detail
record generated by switch has been the main source of information for the rest of
downstream OSS/BSS systems.

5.1.2 Challenge #2: More complex Rating and Billing processing

To offer the content and advanced services, CSPs has to set up its billing system to use the
complex set of rules and maintain the transient data for rating, taxing and billing, data that
may have been obtained from external sources. There are new attributes for quality of service
(QoS), complete versus incomplete transactions, bandwidth used, time of the day, level of
service (e.g. silver, gold, etc.), multi-party discount and multi product discounts. Configuration
issues, data availability and compatibility, and the need to handle multiple and complex
methods for rating and billing pose data and process integrity challenges for CSPs, especially
if their systems were not designed to handle such complex processing. Billing On Behalf Of
(BOBO), revenue sharing arrangements, display of events, activities and charges accurately
on the bill are key challenges that require exceptional revenue assurance controls to
maximize the revenue from the content and advanced services.

To highlight the complexity of the new value chain, lets take a simple scenario in which a
consumer has downloaded content. This simple business transaction requires careful
process and data integrity considerations to meet the demands of the new world. The
following questions illustrate the types of processing requirements, to be taken into
consideration to avoid the process and data integrity issues with the advent of content and
advanced services.
How does a content provider get paid for download attemptseven those that werent
successful?
Is there a re-attempt time frame, perhaps a window of one to four hours?
Is the customer entitled to download one instance of content again with any re-attempts
not to be rated?
Also, if subscribers purchase content, how long do they own it? And, as subscribers
change their handsets, how do you migrate the content from one handset to another?
What are the digital rights to the content in this instance? Is the subscriber eligible to
share the content with other subscribers under the same account (family members,
for example)?

5.1.3 Challenge #3: Economic impact of errors

The significance of errors in processing of content and advanced services transactions and
sessions has magnified potential loss due to error for network operators.

In this new value chain, an event transaction or session has replaced the CDR processing. It
means that accessing a mobile content offered by trusted third party is considered totally

GB941 - Version 1.0 TeleManagement Forum 2006 Page 41 of 70


GB941 Revenue Assurance Guide Book

different from making a simple voice call. The user activities in such a transaction could
spawn a set of multiple interactions and multiple dependencies with a number of third parties
such as ring tone and device wallpaper vendors, chat rooms, music and video content and
MMS providers each of which has to be accurately billed, with a portion of each payment
being shared with the owner of the content or service.

Suddenly the CSPs find themselves vulnerable for far more than just the cost of a voice call
in the event of billing errors. Error management becomes very complex and may involve
resolution of errors by multiple parties.

5.1.4 Challenge #4: Complex payment arrangements and revenue stream bypass

As part of the content value chain (e.g. content developers, content aggregators and content
distributors) may be independent of the CSPs and thus may offer their services and products
to more than one CSP in parallel, and get to the end customer in more than one way, there
may be a situation in which the end customer pays directly to the content vendors for the
content itself. The payment for the content delivery may be done directly to the CSP by the
end customer, or through the content vendor / aggregator. This is a whole new concept for
CSPs and it actually reduces the control that the CSPs have over the revenue stream, hence
increases the risk for revenue leakages.

This new environment offers many options to all players and to the customers in selecting the
payment arrangements and settlement agreements. The CSPs, and all players in the value
chain must determine their business strategy and goals. All in the chain are interdependent
for the production and delivery of the product. For payment and settlements, each must have
arrangements with the value chain members and the customer. Scenarios might include:

CSP handles all functions for the value chain. CSPs have some expertise and offers
to handle the payment (they know the customer), be the clearing house for the value
chain settlements (they have expertise with interconnections).

The value chain uses an outsourced payment and settlements clearing houses (bank
or Credit Card Company).

This is a whole new concept for CSPs and it reduces the control that the CSPs have over the
revenue stream, hence increase the risk for revenue leakages.

5.2 Recommended Strategies

5.2.1 Key Strategies


Clearly define and address the business process, systems and integration requirements
to support the new services.
Identify the control points required in the new value chain, what controls they provide,
cost of control and time to implement.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 42 of 70


GB941 Revenue Assurance Guide Book

Define a New Services Launch Process for revenue impact assessment. This process
needs to be examined closely and testing of the launch process needs to be
evaluated from distribution of content and revenue recognition perspective.
Do not assume that legacy infrastructure would be sufficient to address the evolving value
chain. Carry out the assessment and review of the legacy infrastructure in support of
the new value chain. Identify the gaps, process and data integrity challenges.
Segregate the new value chain processes, reconciliation and accounting procedures from
the existing business processes and procedures.
Identify and partner with the vendors who can provide infrastructure with in-built
assurance framework necessary for mobile content and advanced services
Define the Clear set of rules of engagement with the value chain partners. Carefully
define the details on contract terms and conditions with partners of the value chain to
address the roles and responsibilities.
Evaluate the Settlement Challenges. Settlement requirements need close examination.
Content partners need to provide the accurate and timely data feed for settlement
information. Settlement process robustness from a business requirements
perspective and reverse settlement perspective needs to be evaluated. Configuration
of the partners within the settlement and billing system needs to be evaluated from
data accuracy and data completeness perspective
Call Centers Methods and Procedures (M&Ps) related to customer requests for credits
and adjustments for content need to be closely evaluated. Customer adjustments
need to be closely linked with the settlement process with the partners to ensure the
company can realize the adjustments from the content providers in case if they have
provided adjustments to its customers
Event data must be evaluated on a continuous basis in correlation with the common
customer problems for these services to identify data and process integrity issues.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 43 of 70


GB941 Revenue Assurance Guide Book

6 Revenue Assurance Scenarios

6.1 Introduction

Revenue Assurance is an ongoing, ever evolving process in organizations. Regardless of


which evolutionary step the RA Team is currently in, each RA Team continually evaluates
and reviews its processes and data quality. Part of this process is the recognition of different
scenarios in its methods/procedure/process that create revenue/cost loss.

The purpose of this chapter is to:


Provide some practical examples of revenue affecting issues, based on the combined
experience of the TMF working group,
Enable the reader to gain an insight in the many and varied causes of under and over
billing that are present within the industry
Provide a framework to assist the reader in classifying recurring revenue assurance
problems and provide some practical guidelines for their detection and correction
It should be noted that whilst these are real examples, no one CSP is expected to suffer from
all of the issues described here. Our goal is to provide an extensive but non-exhaustive list of
examples of events that have been observed within member organizations. Murphys Law
states that if something can go wrong, it will eventually.

As a team, our objectives are to help, share, and add to the shared knowledge of all
members. If you have other examples that would help or enlighten future readers, please
forward to Gadi Solotorevsky (email: gadi.solotorevsky@cvidya.com )

6.2 Perceived Root Causes

The following diagram shows the main perceived causes of revenue loss by the telecoms
industry, based on a survey of the industry during 2005.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 44 of 70


GB941 Revenue Assurance Guide Book

Average implied revenue loss (2005)

Other

14 Optimised call routing errors

% revenue lost to specific


Invoicing system errors
12
Rating / prepaid charging errors
10
Fraud by other operators
causes 8 Internal fraud

6 External fraud

Interconnect / partner payment errors


4
Applying new products / prices
2
Poor systems integration

0 Poor processes / systems


2003 2004 2005 Incomplete / incorrect usage data
(sample 50) (sample 100) (sample 104)
Credit management

Source: Azure/Analysys Research, 2005

Figure 12: Perceived Causes

Fraud Covers deliberate exploitation of billing weaknesses or use of


service without the intention to pay. Three classes of fraud
were identified: internal (perpetrated by an operators own
staff), other operators (perpetrated by an operators trading
partners), external (perpetrated by customers of the
operator).
Credit management Insufficient or ineffective credit management procedures
performed upon registration of a new customer, allowing
customers with bad credit ratings or scoring to get access to
services, and creating high risk of payment default on those
revenues.
Incomplete/incorrect Revenue leakage caused by inaccurate or missing usage
xDRs information and incorrect distribution of that information within
the billing environment.
Poor The desire to launch services ahead of the competition and
processes/systems the constant change to in-service products and services to
maintain competitive advantage often causes products to be
launched without full billing support and/or be supported by
manual processes. It is possible for these systems and
processes to exhibit weaknesses that result in incomplete
billing.
Poor systems Poor integration between the systems within the billing

GB941 - Version 1.0 TeleManagement Forum 2006 Page 45 of 70


GB941 Revenue Assurance Guide Book

integration streams can often cause revenue loss often a symptom of


poor systems testing prior to their release into production
environment.
Applying new The process of introducing a new product or changing an
products/prices existing product can introduce billing errors often a
symptom of poor system testing prior to release of the new
product or tariff.
Interconnect errors The interconnect settlement process can also suffer from
inaccurate charging, especially when one operator is unable
to validate an invoice received by another party.
Invoicing system Covers the errors encountered in the process of producing a
errors complete invoice, including one-off and recurring as well as
usage charges, adjustments, tax calculations, volume and
cross-product discounting, etc.
Rating system failure Inaccurate tariff implementation or product/service
classification can cause services to billed at an incorrect rate,
causing over- or under- billing.
Optimized call routing Revenue loss associated with using high cost routes when
errors cheaper alternatives are available.

6.3 Revenue Leakage Points

Leakage will occur at every weak point in all systems, whether automated or manual.
The list is not exhaustive but it provides an introduction/foundation for the detection of
leakage.

We have grouped leakage points by functional business lines followed by a list of


examples and the type of leakage. Leakage is not only lost revenue (although
significant) but can be a cost leakage. The definitions for each are:

Revenue leakage is defined as revenue not received due to missed opportunity, failure to
bill for the services provided or failure to collect the payment.
Cost leakage is defined as overpayment of costs for chargeable services to third party.

A Ordering and cancellation


Contract is incomplete or different to the customer
A.1 requirements Revenue Leakage

Capture inaccurate or insufficient customer information for


A.2 billing purposes Revenue Leakage

GB941 - Version 1.0 TeleManagement Forum 2006 Page 46 of 70


GB941 Revenue Assurance Guide Book

Order details were not entered correctly onto order entry


A.3 system Revenue Leakage

A.4 Billing ceased but service still provided Cost Leakage

Error in calculation of charges e.g. discounts calculated


A.5 incorrectly Revenue Leakage

Customer allowed to sign-up to an expired service or


A.6 promotion that can no longer be billed Revenue Leakage

A.7 Stranded assets Cost Leakage

A.8 Over provisioning of ports Cost Leakage

Briefcase time. Submission of a customer order is delayed by


a sales person; therefore revenue was not earned between the
A.9 date the order was received and the date it was submitted Revenue Leakage

Costs incurred by Operator for leasing service from a third


A.10 party whilst an order is on-hold Cost Leakage

Where costs from 3rd parties are still being incurred by


Operator after an order has been deactivated and 3rd parties
A.11 were not notified of that Cost Leakage

Delays in the submission of a customer cancellation, lead to


A.12 delay in cancellation of costs to 3rd party Cost Leakage

B Provisioning
Failure to correctly record the provisioning of a service on the
B.1 network, and subsequently do not produce a correct bill Revenue Leakage

B.2 Service activated but no billing account created Revenue Leakage

B.3 Service activated but billing account not set to bill Revenue Leakage

B.4 Billing for services not provided Revenue gain

Pre-installation cancellation where a customer has cancelled


due to the failure by Operator to provision a solution within a
B.5 reasonable timeframe Revenue Leakage

B.6 Ported in numbers not billed Revenue Leakage

Ported out numbers not de-listed from billing for which costs
B.7 are still paid to third parties Cost Leakage

B.8 Post-paid handsets activated as prepaid handsets Revenue Leakage

GB941 - Version 1.0 TeleManagement Forum 2006 Page 47 of 70


GB941 Revenue Assurance Guide Book

Product sold and provisioned for customer, but no process to


B.9 bill (could be due to inability to bill customers on new service) Revenue Leakage

Fulfil delays. Where the provisioning of a customer order is


delayed, there is a potential loss of revenue which could have
been earned between the date the order was received and the
B.10 date it was provisioned Revenue Leakage

Paying retail rates to third party suppliers for lines which should
B.11 be charged as wholesale Cost Leakage

Wrong service provided but billing as actual service requested


B.12 by the customer Cost Leakage

B.13 Number ranges already in use are assigned to new operator Revenue Leakage

Incorrect capture of physical assets provisioned to customer


B.14 and not billed Revenue Leakage

C Network management
C.1 Loss of CDRs caused by local storage failure on switch Revenue Leakage

If a route is unavailable on the Operator network, a 3rd party


C.2 network must be used, incurring costs Cost Leakage

Costs paid in excess of the cheapest route for a call (Least


C.3 Cost Routing) Cost Leakage

Loss of traffic resulting from barring countries from sending


C.4 traffic over Operator network Revenue Opportunity

C.5 Invalid customer allowed to make call Revenue Leakage

C.6 Route info set-up complete prior to rating & billing set-up Revenue Leakage

C.7 Failure to bar IMSI from roaming Revenue Leakage

Incorrect set-up of GSM gateways lead to off-net calls being


C.8 processed as on-net calls Revenue Leakage

C.9 Customer not set up on network Revenue Leakage

D Event Recording & record processing


D.1 xDR not produced Revenue Leakage

GB941 - Version 1.0 TeleManagement Forum 2006 Page 48 of 70


GB941 Revenue Assurance Guide Book

D.2 Incorrectly record the duration of a call Revenue Leakage

Trunk names incorrectly set-up leading to wrong call origination


D.3 and destination being recorded Revenue Leakage

Rounding of the calls on the switches is not set to maximize


D.4 revenue Revenue Leakage

D.5 CDR produced, but not written into file on switch Revenue Leakage

D.6 Any data lost during file transfer between switch and mediation Revenue Leakage

Any data lost during file transfer between Mediation and Billing
D.7 System Revenue Leakage

D.8 Billable xDRs incorrectly ignored Revenue Leakage

D.9 Data records incorrectly suspended and written-off Revenue Leakage

Number of calls per month which are not billed as the billing
D.10 system incorrectly identifies them as 'duplicates' Revenue Leakage

Leakage may be caused when incorrect enrichment of xDRs


D.11 occurs after they have been recorded by switches Revenue Leakage

D.12 xDRs incorrectly correlated and therefore not billed Revenue Leakage

Prepay billing system downtime prevents billable events to be


D.13 charged Revenue Leakage

D.14 Free prepaid usage during maintenance periods Revenue Leakage

D.15 xDRs too old to bill and subsequently written-off Revenue Leakage

D.16 Missing long duration call segments Revenue Leakage

D.17 Incorrect routing of usage records to end systems Revenue Leakage

D.18 Prepaid usage not triggering IN platform Revenue Leakage

TAP files from foreign operators not received from clearing


D.19 house Revenue Leakage

TAP files from network not sent to clearing house and foreign
D.20 operator Revenue Leakage

Incomplete processing of records from POS to the financial


D.21 system revenue leakage

E Rating Reference Data set-up

GB941 - Version 1.0 TeleManagement Forum 2006 Page 49 of 70


GB941 Revenue Assurance Guide Book

E.1 Non-usage charges entered incorrectly in rating/billing system Revenue Leakage

E.2 Interconnect call rates set up incorrectly in the rating system. Revenue Leakage

E.3 Retail call charges entered incorrectly in the rating system Revenue Leakage

F Rating process
F1 Misidentification of traffic type and origin incorrectly identified Revenue Leakage

F2 Incorrect charges applied to events Revenue Leakage

F3 xDRs written off due to inability to rate the event Revenue Leakage

F4 Leased lines set up incorrectly on billing system as zero-rated Revenue Leakage

F5 Incorrect international country zone assigned Revenue Leakage

F6 Premium rate numbers not linked to billing accounts Revenue Leakage

F8 Misclassification of number range sub-sets Revenue Leakage

G Pricing Structure
Call rates priced below standard cost charges, creating a
G1 negative margin. Revenue Opportunity

Costs paid by Operator to third parties are not fully passed on


to the clients. E.g. When an interconnect partner changes its
charging structure and the additional cost is not passed on to
G3 Operator customers Cost Leakage

Arbitrage; the estimated over-inflation of traffic by other


operators to capitalize on a flaw in the Operator call pricing
G4 structure for wholesale Cost Leakage

The money lost if customers are not fulfilling the usage


G7 commitment, but are still being billed at discounted rates Revenue Leakage

Low Margin Calls: Cases where Operator has set call rates
G8 significantly lower than other operators Revenue Opportunity

Inability to differentiate charges for time of day for international


traffic by Operator billing reports, and a blended rate is applied
G9 causing charging inaccuracies Revenue Leakage

G10 By Pass numbers not charged Revenue Opportunity

GB941 - Version 1.0 TeleManagement Forum 2006 Page 50 of 70


GB941 Revenue Assurance Guide Book

H Billing operations
H1 Bill not produced Revenue Leakage

H2 Bills produced do not cover the services provided Revenue Leakage

H3 VAT calculated incorrectly Revenue Leakage

H5 Print vendor does not receive all complete bills Revenue Leakage

H6 Discounts applied incorrectly Revenue Leakage

H7 Bundle allowance applied incorrectly Revenue Leakage

Failure to produce correct bills which need to be raised


manually to collate charges from various sources or internal
H8 accounts Revenue Leakage

H9 Non-usage charges calculated incorrectly Revenue Leakage

I Bill Payment, Collection and disputes


Revenue loss due to uncollected billed revenue. This is the
value of bad debt written off by Operator after the litigation
I.1 process Revenue Leakage

I.2 Goodwill credits given too readily Revenue Leakage

I.3 Overbilled for usage by 3rd party operator Cost Leakage

I.4 Care credits are applied to a customer account inappropriately Revenue Leakage

Prepay top-up payments are allocated to incorrect customer


I.5 accounts Revenue Leakage

Commissions payments paid to channel partners when not


I.6 appropriate Cost Leakage

Revenue is shared with partners inappropriately (e.g. where


I.7 content provision has failed) Revenue Leakage

I.8 Revenue share percentages are applied inaccurately Revenue Leakage

I.9 Wholesale costs are not passed on accurately to customers Revenue Leakage

Wholesale traffic is not recorded accurately and passed onto


I.10 partners for billing Revenue Leakage

GB941 - Version 1.0 TeleManagement Forum 2006 Page 51 of 70


GB941 Revenue Assurance Guide Book

I.11 Cash collection process failure Revenue Leakage

6.4 Revenue Assurance Classifications

The RA Team has collectively classified revenue assurance efforts into the following
areas. In addition, we have compiled a list of scenarios according to these
classifications for ease of reference.

Classification Source Related Description


Process
Sales Assurance To ensure products sold as intended,
including no over discounting. Make
sure sales incentive scheme in line with
business objectives.
Credit Assurance To ensure all subscribers have passed
appropriate credit checks before being
accepted as subscribers make sure
they are likely to pay for the services
they consume.
Subscription Assurance To ensure the provisioning function
accurately reflects the order that was
submitted and that billing is in line with
the services and features actually
provided within the network, that
recurring charges are correct and that
service deactivation releases all
resources for reallocation to new
subscribers.
Usage Assurance To ensure that service usage is
accurately and completely processed
from initialization point until it is reflect
on customer bills. Covers usage data
generation, rating and billing.
Fraud Assurance To ensure that loss of revenues due to
internal and external fraudulent
activities are minimized.
Collection Assurance To ensure that all revenues are
collected. Includes active
management of aged debt.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 52 of 70


GB941 Revenue Assurance Guide Book

Classification Source Related Description


Process
Quality Assurance To ensure compliance of service
performance to contractual service
level agreements, and that penalties
and rebates are minimized.
Cost Assurance To ensure operating costs are
minimized. Includes accurate
inventory management, least cost
routing, identification and release of
stranded assets.
Process Assurance To ensure systems and processes are
fit for purpose
Corporate Governance To ensure regulatory compliance, e.g.
National telecoms regulator and
Sarbanes-Oxley

GB941 - Version 1.0 TeleManagement Forum 2006 Page 53 of 70


GB941 Revenue Assurance Guide Book

6.5: Revenue Assurance Scenarios


In describing the scenarios, we are classifying as above, providing an explanatory title and
market segment before describing the problem, identified root cause of the problem, how the
leakage was detected, what was done to correct the problem and what steps were
implemented to prevent the problem from reoccurring.

Title Market segment Classification Leakage Point


Voicemail (333) Mobile (GSM) Usage Assurance D.8
Description
A European GSM mobile operator offered a voicemail service and provided a short code of 333,
enabling subscribers to access their voicemail. Voicemail retrieval was offered free of charge.
The introduction of this service caused billing to cease for a region of an international destination, but
was not detected until nine months after launch.
Root Cause
The mediation system was instructed to remove usage records representing voicemail retrieval from
the billing stream, to avoid the billing system being overloaded with unbillable records. However, the
mediation system vendor implemented this rule as a prefix match rather than an exact match.
The result being that all usage records to numbers that started with 333 were removed from the
billing stream rather than those that were just 333.
33 is the country code of France, and 3 is the Northeastern region of France, so in this case calls to
this area remained unbilled.
Detection
This problem was difficult to detect due to the fact that the mediation system did not provide a
summary of the number of usage records removed using this rule.
It was detected by accident when a programmer was looking at the code provided by the vendor for
a different purpose.
Correction
Correction to this problem was simply to change the filter to an exact match.
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Independent analysis of network usage records and comparison with billing summaries for
international traffic would have detected the anomaly
Improved testing process of new releases of mediation software

GB941 - Version 1.0 TeleManagement Forum 2006 Page 54 of 70


GB941 Revenue Assurance Guide Book

Title Market segment Classification Leakage Point


Unexpected roaming GSM (Inbound roaming) Usage Assurance Ref.
C.5
Description
Subscribers of a foreign operator were able to connect, make and received calls, within a visited
network where no inbound roaming agreement existed between the two parties.
The problem existed for approximately six months before it was detected; the operator of the home
network was unable to recover any of this revenue.
In addition, the operator had also received and paid charges relating to termination of calls off-net
that originated by these foreign subscribers.
Root Cause
The network allowed foreign subscribers from this particular roaming partner to gain access to the
home network.
Detection
This problem was detected during a usage assurance audit that analyzed network usage data and
compared it to an analysis of the roaming clearing (TAP-out) files sent to the operators roaming
clearing house.
Files were not present for one of the foreign operators that were observed in the network usage
data.
Correction
The network was corrected so that these subscribers could no longer gain access to the network.
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Review of process by which the network is open to foreign subscribers.
Ensure roaming agreements are correctly implemented within the network
Independent analysis of network usage records and comparison with billing summaries for
traffic would have detected the anomaly

GB941 - Version 1.0 TeleManagement Forum 2006 Page 55 of 70


GB941 Revenue Assurance Guide Book

Title Market segment Classification Leakage Point


Fraudulent interconnect traffic Interconnect Usage Assurance D.2
settlement
Description
International traffic for terminating routed via PTT in such a way as avoid paying termination
charges.
The problem existed for approximately nine months before detection.
Root Cause
A loophole in the recording of usage data by the gateway switch was exploited by a competitive
operator, causing terminating international traffic to be recorded with a zero duration
Additionally, the process existed to specifically remove zero duration calls from the interconnect
settlement billing stream.
Detection
When analyzing usage patterns for a fixed line operator an unexpected high number of zero
duration calls was observed for international calls but only on routes relating to a particular
operator.
On further inspection, the calls were found to have represented real, successful calls; they had a
start time and an end time, but had been recorded by the network with zero duration.
Correction
Initially, the mediation system recalculated the duration from the start and end times.
Ultimately the switch was corrected.
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Independent analysis of network usage records and comparison with billing summaries for
international traffic would have detected the anomaly
Recalculation of duration from start and end times to compare with recorded duration
Periodic network testing to ensure accurate recording of usage information

GB941 - Version 1.0 TeleManagement Forum 2006 Page 56 of 70


GB941 Revenue Assurance Guide Book

Title Market segment Classification Leakage Point


Unbilled Service Data Services Sales Ref. A.4
Assurance
Description
Customers of a large operator took part in a trial period for a new service. When the trial period has
expired some of the customers that took part in the pilot continued to use the service and were
not charged for it
Root Cause
Once the pilot period has ceased, some of the participating customers did not request to continue
with the service, hence the billing system was not updated with the relevant service profile for
those customers.
The result was customers who did not have their billing profile updated continued to use the service
under the same terms of the pilot period i.e. without being charged for the service.
Detection
The detection of the problem was achieved by comparing the actual service topology on the
network with the profile of the customers on the billing system, i.e. the list of the service for which
each customer is being charged.
Correction
The billing profile of the relevant customers was corrected.
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Test the data integrity between the network and the billing system whenever a trial period
(or any other special period) elapses.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 57 of 70


GB941 Revenue Assurance Guide Book

Title Market segment Classification Leakage


Stranded Assets Broadband & Data Networks Cost Assurance Point Ref.
A.7
Description
A DSL service involved many installations for customers joining the service and de-installations for
customers who decided to cease the service. Apparently, the utilization of the network elements
supporting the DSL service did not prove to be optimal, and that, in turn, required the purchase of
an excess amount of network equipment.
Root Cause
During the cease process the service resources were released correctly in the network inventory
database, but were not de-activated in the physical network, and the service was not deleted
properly from the billing system.
Detection
This problem was detected by comparing the information from the physical network, using an NMS
with information from the network inventory system, provisioning and activation system and the
billing system. This comparison highlighted the discrepancies between the information, as it was
stored in the OSS and the billing and the actual status of the NE utilization.
Correction
The network was corrected so that the network assets were marked again as available for use and
the billing customer profiles were updated to reflect the cease of the service for the relevant
customers.
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Review of the process and the business rules involved in activation / de-activation of a
service for a customer, with contingency for failures overcome.
Analysis of the usage on the whole network assets against their operational status could
reveal in use components with zero utilization on them.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 58 of 70


GB941 Revenue Assurance Guide Book

Title Market segment Classification Leakage Point


Under billed services Service Provisioning Subscription Assurance Ref. B.1
Description
A customer was offered a new DSL service and ordered the lowest rate and least expensive
option. In the middle of the provisioning process the customer asked for an upgrade in the service
to premium option. The service that the customer got eventually was the premium service, but the
customer was charged for the cheaper option.
Root Cause
In the process that begins with a service order and completes with the activation of the service for
the customer the billing system was involved at the stage of the initial order as to which price-plan
is relevant, and receives an event that initiates the actual charging when the activation is complete.
However, if a change to parameters is done between the initial order and the activation the billing
system is not aware of this change.
Detection
The detection was possible through the comparison of information in the network inventory system,
the billing and the actual service status, as reflected by an NMS system. This comparison revealed
the discrepancy between the services defined in the billing system as the basis for charging and the
actual service that was both defined in the network inventory database and that was actually
configured in the network.
Correction
As a short term remedy the definitions in the billing system were updated to be aligned with the
actual service provided
Prevention
The following techniques could be used in combination to prevent recurrence of this or similar
issues:
Updating the business process to include an update to the billing system with any change
that is being done to an open order.
Proactively initiate a timely check to ensure that the information in all the OSS the BSS and
the network are aligned and synchronized.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 59 of 70


GB941 Revenue Assurance Guide Book

Title Market segment Classification Leakage Point


Real Time Toll Ticketing files analysis Mobile Usage Assurance Ref. D.12
(GSM/UMTS)
Description
A tier 1 mobile operator experienced a systematic loss of revenues due to a particular type of international
roaming.
Visiting users roaming onto the operator network originated calls that were incorrectly billed only by their
home operator (TAP OUT flow).
The problem persisted for almost six months till its definitive solution.
Root Cause
Such kind of roaming calls generate the production of composite xDRs, called CAMEL xDRs.
Camel xDRs are composed by two simple xDRs: a Mobile-Land xDR and a Land-Land xDR.
In this composite xDRs, the networks nodes generated some unexpected fields causing the
inappropriate billing of these international roaming calls.
Detection
Discrepancies between Usage data and Billing data for international roaming calls pointed out the
anomaly. Such analysis is performed periodically and however with a low frequency.
Correction
The mobile operator introduced an automatic network-testing tool, which allowed the real time analysis of
toll ticketing files where xDRs are included.
The real time analysis allowed checking xDRs fields against semantic rules. Warnings and alarms were
set to notify when incorrect xDRs exceeded defined thresholds.
These alarms enabled the operator to spot roaming issues before post processing activities.
Prevention
Most often such analysis are not performed real time but after post processing activities due to the lack of
an appropriate automatic tool enabling real time analysis.
Based on the frequency of batch analysis and the kind of similar issues spotted only after post
processing the leakage involved may vary too little to considerable amounts of money.
Improved testing of international roaming for calls and services.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 60 of 70


GB941 Revenue Assurance Guide Book

Title Market segment Classification Leakage Point


Mobile content services roll out Mobile (GSM/UMTS) Process D.1
Assurance
Description
A competitive mobile operator was forced to roll out in a very short time new services (games java-
based) to stay competitive.
Such services required a change of release and some patches on SGSN and GGSN nodes.
Time constraints required the testing activities for service rollout to be significantly reduced.
After service rollout the operator suffered from revenue losses, i.e. poorer margins than expected,
without clear evidence of the causes.
This alarmed the operator since loyalty and churn issues turn into rolling out of new services almost
every month.
Root Cause
SW upgrades and patch activities on networks nodes are key factors in new services rollouts.
These activities are delicate. The correct setting of all parameters affecting service delivery and the
testing often are complex and involve test scenarios within several and different network nodes.
Time-to-market constraints unfortunately imply a limited set of tests cases to be performed.
Limited set of sample tests mean that more errors, read revenue issues, are likely to occur after the
service has been deployed.
Detection
Post processing analysis of both missing expected xDRs and badly generated xDRs (incorrect
fields) related to recently launched services pointed out the issue.
Correction
The objective of this testing is to encompass an adequately wide test cases base spanning different
user profiles, roaming types, geographical locations, etc. Review of new services deployment
testing procedures and sample test cases, patches and upgrading activities (time consuming heavy
non regression tests).
Prevention
Such activities have to be performed in a very short time yet they should include many testing
activities, to cover the different service scenarios.
Review of testing procedures and processes to avoid leakage, inaccurate billing or poor
service levels.
Use of automated tools to shorten testing activities period, make them easily repeatable
and widen their scope preferably including capabilities of:
Artificial traffic generation
Actual traffic analysis in real time
Flexible configuration of analysis to accommodate new services
Massive testing
Centralized architecture to reduce costs related to technical personnel involved in remote
on the field tests

GB941 - Version 1.0 TeleManagement Forum 2006 Page 61 of 70


GB941 Revenue Assurance Guide Book

Title Market segment Classification Leakage Point


WiFi Mobile (WiFi) Usage Assurance D.18
Description
Business customers of a national data-voice Service Provider were able to get WiFi connection even if
their credit was void.
Such leakage was solved only after several weeks.
Root Cause
The updating of a Lucent Navis radius version required syntax changes in radius policies.
Navis Radius versions installed in production and testing environments were different. This
discrepancy raised troubles for changed syntax and generated leakages because what tested didnt fit
production environment.
In fact the user was actually able to connect even though NAS returned zero as maximum duration for
connection.
Detection
Subsequent analysis of WiFi connections pointed out some odd long connections with abnormal
amount of downloaded data. A restricted user base initiated them, which was easy to catch.
Correction
Analysis of old backup Radius policy spotted the misaligned syntax for production version and then
leads for it to be fixed.
Prevention
A tool for automated check and fixing on software versioning between testing and production
installation base was introduced.
Such a decision allows preventing also unknown discrepancies, which may arise form misaligned
software versions and generate leakages for the service provider.

Title Market segment Classification Leakage Point


WiFi Roaming Mobile (WiFi) Usage Assurance D.18
Description
Roaming for WiFi connections of a medium size Italian Service Providers towards a particular
operator was systematically unbilled.
Navis Radius was failing to properly connect to the rating engine.
Root Cause
Connection management for roaming calls toward the third operator of interest was managed by a
piece of software not correctly updated.
Such software requires two separate calls to the rating engine. The first aims at calculating users
remaining connection time from his remaining credit and users location. The last one aims at
deducing the remaining credit from actual connection time and users credit before starting the call, as
a double check.
Second call to the rating engine was not properly implemented.
Detection
The problem was resulting in different billing data from the two involved operators since only one of
them was properly rating and billing users WiFi connections.
Analysis of connections data pointed out the actual trouble since all connections was properly tracked.
Correction
Install and configure up-to-date software for the second call to the rating engine to properly be
accomplished.
Prevention
Legacy solution to monitor tracked connection data and rated values was implemented.
Moreover as a development mandatory policy was prohibited to release single java classes not
included in packages.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 62 of 70


GB941 Revenue Assurance Guide Book

7 Appendix A: Introduction to Telecom Frauds

Fraud in telecom networks has been a problem that has always plagued the bottom
line of operators. The lure of easy money turns many a man into a fraudster. There
are many ways to defraud and abuse telecom networks - both wireline and wireless.
Ingenuity and innovation are the hallmarks of this tribe of modern-day bandits.

Telecom companies have a long history of fraud fighting but the imaginative methods
employed by fraudsters call for continuous improvements on the solutions deployed,
to check fraud.

Fraud - Unnoticed?

In spite of the fact that many telecom companies worldwide have lost significant
amounts of money due to fraudulent activity in their networks, a large number of
CSPs are still not addressing this crucial issue. In many cases, they even feel that
fraud does not exist. Even though one wishes that this should be the case, this is
never true. Losses due to fraud often get swept under the carpet as bad debt. A
recent study has proven that the portion of revenue lost due to fraud could form 40-
50% of the bad debt component! Another aspect is the belief that networks based on
digital technologies are secure. The networks that were rolled out earlier used
analog technologies that had several technical loopholes. Fraudsters exploited these
opportunities to make money. The advent of digital technologies like GSM put paid to
most of the technical frauds. Perhaps this could be the reason why many GSM
operators feel that they are safe from the clutches of villainous fraudsters.

Innovative fraudsters soon managed to find simple, non-technical ways to continue


their nefarious activities even in technically advanced digital networks. The much
dreaded subscription fraud is the best example of this scenario. This is a case where
fraudsters obtain legal connections from telecom companies with no intention of ever
paying their bills. The companies have no way of collecting these outstanding
amounts, as the fraudsters can never be traced. The very nature of subscription fraud
misleads operators into considering losses from fraudulent activities as ordinary bad
debts. The danger here is that the fraud - which actually requires focused attention -
goes unnoticed and in due course of time leads to a significant amount of revenue
loss.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 63 of 70


GB941 Revenue Assurance Guide Book

How does fraud happen?

There are many methods employed by unscrupulous elements to defraud telecom


networks. Technical frauds like cloning and tumbling used to be the major causes of
worry for analog network operators. Such technical frauds cannot be perpetrated in
digital networks (even though there are unconfirmed reports that cloning is possible in
GSM). Only digital networks are being deployed by telcos and this has resulted in the
evolution of non-technical frauds.

This acquires gigantic proportions in a roaming scenario due to the delay in accessing
call detail records and subsequent detection. One can understand the possibility of
this fraud when we realize that roaming is a key feature offered by GSM operators
and has many business benefits. Subscription fraud in the roaming situation is often
referred to as Roaming Subscription Fraud.

Subscription Fraud is the most damaging amongst the non-technical frauds. The
methodology adopted here is simple with the fraudster obtaining a connection from
the telecom company using the normal, accepted procedure of the company. The
fraudster has no intention to pay and rings up huge bills, in a very short time frames.
The telecom company comes to know of such high usage only after some time and
by then it would be impossible to trace the fraudulent subscriber. Ultimately all the
payments that were to be recovered from this subscriber will have to be written off.

A variation of this is what is called the Call-Sell Fraud. Here the fraudster abuses the
call-forwarding feature of networks and uses his connection to set-up multiple,
simultaneous calls for his clients. The client pays a lesser amount of money than
they would normally pay the telecom company. The fraudster can, of course, afford to
offer such a subsidy as he has no intention of ever paying any money to the telecom
company. By the time, the bills are raised and the company comes around to collect
the money, the fraudster would have made a significant amount of money and flown
the coop.

There is also another interesting variant called Premium Rate Services (PRS)
Fraud. Premium Rate Services are closely associated with fraud in two ways -
fraudsters are likely to abuse the network to call these numbers and the PRS content
providers themselves might defraud. The PRS content provider first obtains a
subscription through some devious means and then uses this subscription to make
calls to their own PRS service and thus inflates the transactions to their service. The
CSPs pay the PRS content provider irrespective of whether this fraudulent subscriber
has paid or not. Call selling and PRS are the major contributors to losses due to
subscription fraud and could be more than 50% of the total fraud loss.

Wireline networks face some other frauds like PBX Hacking and Clip-on Fraud. The first
type of fraud is possible where the PBX supports a feature called Direct Inward System
Access (DISA). Here, an employee of the organization owning the PBX can dial into the
PBX and get access to an external line - for making long distance and international calls -
through keying an authorized PIN. Hackers dial into such PBXs and crack the PIN and
thus gain access to an external line that allows them to make long distance and
international calls. The organization owning the PBX will get an inflated bill that includes
calls made by such hackers. As the name suggests, Clipon fraud is an unauthorized

GB941 - Version 1.0 TeleManagement Forum 2006 Page 64 of 70


GB941 Revenue Assurance Guide Book

physical connection to a telephone line using some clamping devices (like alligator clips).
This is one of the oldest forms of telecom fraud. Both of the above types of fraud are
surfing frauds, which imply unauthorized use of a service or a product.

Pre-paid systems that were deployed initially had several inherent problems such as
last call exposure and were prone to fraud attacks like hacking of platform. Vendors of
pre-paid systems understood the seriousness of the issue and upgraded the
technology in the platforms, making them more secure. This has led to a false belief
among operators that pre-paid systems are fraud-free. This is not true and huge
losses are being reported due to Pre-paid Fraud. Fraudsters have found it possible to
defraud pre-paid platforms through the abuse of security codes, using ghosting
techniques to confuse the platform, internal fraud etc.

In addition to the above, there exists the problem of internal fraud wherein
employees within the operator or associates of the company aid outsiders in
defrauding the network. Employees have access to all parts of the network and are
sufficiently knowledgeable to know where to play the dirty tricks. There have been
instances wherein employees have used highly sophisticated instruments (which
were actually meant to be used for network troubleshooting) to obtain confidential
information and make money using this information. Internal Fraud is extremely
dangerous and can lead to a quick erosion of revenue.

Interconnect fraud is another important area. Some of the common interconnect


frauds include partners introducing additional traffic not covered by the contract by
unapproved use of GSM gateways. This allows partners to terminate large amount of
calls that are not accounted for. Another interconnect fraud is the modification of call
parameters such as A-number to modify the nature of the call to apply lower charges.
By modifying the A-number, international calls that attract higher rates can be
modified to look like a local call. Other interconnect frauds include illegal bypass of
traffic through cheaper unauthorized networks whereas regulation mandates transit
through authorized carriers.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 65 of 70


GB941 Revenue Assurance Guide Book

8 Administrative Appendix

This Appendix provides additional background material about the TeleManagement


Forum and this document.

8.1 About this document

This is a TM Forum Guidebook. The guidebook format is used when:


The document lays out a core part of TM Forums approach to automating business
processes. Such guidebooks would include the Telecom Operations Map and the
Technology Integration Map, but not the detailed specifications that are developed in
support of the approach.
Information about TM Forum policy, or goals or programs is provided, such as the
Strategic Plan or Operating Plan.
Information about the marketplace is provided, as in the report on the size of the OSS
market.

8.2 Document Life Cycle

The Revenue Assurance Guidebook is being issued as Member Evaluation Version


1.0. It can be considered valid until July 2006. The purpose of an Evaluation Version
is to encourage input based on experience of members and the public as they begin
to use the document. Following the Evaluation Period, documents that are seen to
deliver value are candidates for formal approval by the TM Forum. All documents
approved by the TM Forum undergo a formal review and approval process.

This document will continue under formal change control. Supporting work will be
issued as companions to this document. A document of this type is a living
document, capturing and communicating current knowledge and practices. Further
inputs will be made because of detailed work ongoing in the TM Forum and the
industry.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 66 of 70


GB941 Revenue Assurance Guide Book

8.3 Document History

8.3.1 Version History


<This section records the changes between this and the previous document version as it is edited
by the team concerned. Note: this is an incremental number which does not have to match the
release number>

Version Number Date Modified Modified by: Description of changes


0.1 19-DEC-2005 Mike Willett First issue of document
0.2 21-DEC-2005 Kathryn Durham Updates
0.3 26-JAN-2005 Mike Willett First update with review comments
0.4 10-MAR-2006 Kathryn Dunham First Revision after TAW
0.5 10-MAY-2006 Mike Willett Editors review to release to group
0.6 01-JUN-2006 Gadi Internal review before release to
Solotorevsky TMF members review
0.7 9Jun06 D Burkett Minor edits in preparation for
Approval Committee review.
th
0.8 5 -July-06 T.OSullivan Final modification prior to ME
posting.
0.9 11-October-06 Gadi Minor formatting and numbering
Solotorevsky changes as result from review
process
1.0 08-Nov-2006 Tina O'Sullivan Updated for Public sharing

8.3.2 Release History


<This section records the changes between this and the previous Official document release>

Release Number Date Modified Modified by: Description of


changes
1.0 19-Dec-2005 Mike Willett Initial Release

8.4 Company Contact Details


Company Team Member Representative
cVidya Networks Name Dr. Gadi Solotorevsky
Title Chief Scientist
Email gadi@cvidya.com
Phone +972 3 6441644
Fax: +972 3 6441881
Telstra Corporation Name Mike Willett
Ltd Title General Manager, Fraud & Revenue Assurance
Email michael.j.willett@team.telstra.com
Phone +61 3 9634 5421
Fax:
The Billing College Name Kathryn Dunham
Title Vice President
Email Kathyd@billingcollege.com

GB941 - Version 1.0 TeleManagement Forum 2006 Page 67 of 70


GB941 Revenue Assurance Guide Book

Phone +1 904 317 7973


Fax +1 201 833 8444
Cable & Wireless Name: Nitin. Patel
Title: RA & Regulatory Consultant
Emailnitin.patel@cw.com
Phone+44 1908 833546
Fax:
Logan - Orviss Name: Hugh Roberts
Title: Associate Strategist
Email: hugh@hughroberts.com or
hugh.roberts@logan-orviss.com
Phone: +44 1962 813376
Fax: + 44 87 0139 1082
Azure Solutions Ltd Name: Geoff Ibbett
Title: Product Portfolio Manager
Email geoff.ibbett@azuresolutions.com
Phone +44 7977 449832
Fax + 44 207 826 5437
Subex Systems Name: Vinoo P. Jacob
Title: Product Manager
Email vinoop@subexsystems.com
Phone+91 80 5759 8700
Fax: +91 80 2563 4100
Infogix, Inc Name: Tracy Miller
Title: Vice President
Email tmiller@infogix.com
Phone +1 214 534 0803

Datamat SpA Name: Alberto Canad


Title: Product Manager
Email: alberto.canade@datamat.it
Phone: 39-335-7847-467
Revenue Protect Name: Eric R. A. Priezkalns
Limited Title: Director
Email: eric.priezkalns@revenueprotect.com
Phone: +44 7958 467273
+44 1707 259895

8.5 Acknowledgments

The members of the TeleManagement Forum Revenue Assurance Technical Team prepared
this document:

The Revenue Assurance Guidebook, GB941, is a genuinely collaborative effort. The


TeleManagement Forum would like to thank the following people for contributing their time
and expertise to the production of this document.
Mike Willett - Telstra, Editor
Kathryn Dunham - The Billing College, Editor
Nitin Patel - Cable & Wireless, Editor

GB941 - Version 1.0 TeleManagement Forum 2006 Page 68 of 70


GB941 Revenue Assurance Guide Book

Dr. Gadi Solotorevsky - cVidya, Team Leader


Doron Avidar - cVidya
Alberto Canade - Datamat
Dabra Huneycut Convergys
Debbie Burkett TeleManagement Forum
Geoff Ibbett Azure
Vinoo P Jacob Subex
Nilesh Karani - Convergys
Ilya Kuznetsov - Ernst and Young (CIS) B.V.
Eric Priezkalns - Revenue Protect Limited
Hugh Roberts, Logan-Oviss International
John Reilly - MetaSolv Software
Tracy Miller, Infogix Inc.
Stephen Tebbett - Ernst & Young
Junkee Wang China Unicom
Dmitry Y. Kirsanov - Ernst and Young (CIS) B.V.
Maxim Kulchenko - Ernst and Young (CIS) B.V.

A number of people provided input and/or formal contributions. Although not an exhaustive list, many
thanks to the following for their thoughtful input and contributions
Enrico Angori - Datamat
Sachdeva Deepika Siemens

8.6 About TeleManagement Forum

TeleManagement Forum is an international consortium of communications service providers


and their suppliers. Its mission is to help service providers and network operators automate
their business processes in a cost- and time-effective way. Specifically, the work of the TM
Forum includes:
Establishing operational guidance on the shape of business processes.
Agreeing on information that needs to flow from one process activity to another.
Identifying a realistic systems environment to support the interconnection of operational
support systems.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 69 of 70


GB941 Revenue Assurance Guide Book

Enabling the development of a market and real products for integrating and automating
telecom operations processes.
The members of TM Forum include service providers, network operators and suppliers of
equipment and software to the communications industry. With that combination of buyers
and suppliers of operational support systems, TM Forum is able to achieve results in a
pragmatic way that leads to product offerings (from member companies) as well as paper
specifications.

GB941 - Version 1.0 TeleManagement Forum 2006 Page 70 of 70