Archive for May, 2011

Enterprise Risk Management (ERM) is so global and diverse that it has rapidly been incorporated into the syllabus of business schools around the world. On the one hand, this is beneficial to those of us working for communications providers. A new generation of managers will come to work understanding the importance of risk management and keen to see it implemented in practice. On the other hand, it raises the bar for expectations – especially with how well we adapt the general concepts of ERM to the specifics of the communications industry. Managers in well-established risk silos will need to speak the same language as MBA grads with a textbook grounding in ERM. This article, from, explains how business schools have adopted ERM, but is focused on developing business leaders for the energy sector. For example:

Risk management is covered by most schools, at least as an elective or component of particular programmes, but this is not sufficient. While it is right to include all the tools well-trained managers need to master to be prepared to handle risk, as business educators we must help energy sector leaders address the “human element” – how people react on the ground in response to problems arising and in relation to their individual interests.

Whilst the energy sector has a different risk profile to that of the communications sector, we need to show the same fundamentals of risk management can be applied to our industry too. That involves more than teaching – we must also learn how to make ERM truly relevant to comms providers.

Bookmark and Share

Do you hate spam? I hate spam. I really hate spam.

I hate spam so much that if anybody ever spams me with an unsolicited spam email trying to sell me spamish RA training, I vow to devote the dark forces of talkRA to rubbishing them at every possible opportunity. You see, I got some spam from GRAPA once, during their early days. I gather lots of people still do. Thankfully, they stopped spamming me. I guess they took me off their list. But recently, some new spammers have polluted my inbox – another group of chancers and clowns promising to teach all the secrets of revenue assurance, fraud management, and (just to really spice things up) some risk management too. Lucky me.

What does this spamtastic firm call itself? iVyN Technologies. I kid you not. Little i, big V, little y, big N. iVyN. I admit I used to have a soft spot for some e e cummings-esque abuse of grammar, but iVyN is going too far. Enough with the small letters and the big letters in the wrong place. It was cute a few years ago. Now it is just getting silly. If we do not all agree to call a truce, and to revert to old-fashioned standards, then every sentence in future wIlL eNd Up LoOkInG lIkE tHiS.

So how much do ivyn want for their training? GBP6500 (USD10500) for the standard distance learning product, GBP8000 (USD13000) for the ‘premium’ version. That is the ‘list price’. That means ‘chump price’ for any of you not familiar with revenue management (though I imagine you all are). Assume the ‘special discount only for favourite customers’ will knock 80% off that figure and you would still have to be a complete idiot to pay that much for a training course that fell off the back of a lorry after being driven around the houses for a few years. Go buy a book instead of reading powerpoint slides off a screen. I know a really good book with a list price of GBP50 (USD80). That means you could buy 130 copies for the amount you would spend on ivyn’s standard distance learning product. 50 quid or 80 bucks, and you get an actual hard-bound book with paper and printed words that you can read even when your computer is turned off. Or GBP6500/USD10500 for the pleasure of sitting in front of a screen watching lame powerpoint slides copied and pasted from the same lame powerpoint presentations that sent you to sleep at every conference you attended in the last 10 years.

I can hear some of you saying: “that’s harsh, Eric… some really nice people wrote some good stuff for this IvYn course.” Well, maybe, in other circumstances, I would agree. But you must be forgetting the bit about spam. Spam is an unethical network-choking bane of modern life. Spam is a tawdry violation of privacy (whoever I gave that email address to, it sure as heck was not to a business called iVyN in the hopes of being sold an RA training course). Spam is the best friend of cyber-criminals. Oh yes. Spam comes from scum. I have zero tolerance for spam, and I sure as heck would never buy anything from any firm that dolls out spam. Do a few more mental cartwheels when considering this course claims to cover the ‘emerging’ risk of cybersecurity. Now, even governments have heard of cybersecurity. When a government has heard of something, you know it is well past the point where it is ‘emerging’. So I ask you, which scumbags provide the biggest cesspit spawning ground for all the evils of cybercrime? Spammers. If you want a secure network, you do all you can to stop spam. Spammers are vile. Getting cybersecurity training from a firm that spams you is like buying anti-virus software from a business that infected your computer with the kind of malware that pops up messages saying your computer is infected with malware.

I could stop there, but instead I want to poke some fun at the course contents….

Section 1 – Introduction to RA
• Key drivers for RA
• The scope of RA

Yawn! Is there anybody left who is so stupid they cannot get this information for free from somewhere else?

Section 2 – Issues & Controls
• Structure of the network
• Key risks by network node
• Mobile services
• Fixed line services
• Data services

Tut. Here we go with the ‘all networks are essentially the same’ fallacy. But they did identify three kinds of service… mobile, fixed and data. Wow, how varied is that?!? Hmmm…. how did the spammers describe their course? They used the phrase “21st Century Risks”. It is 2011 and we have progressed all the way to mobile, fixed and data, have we? At this rate, it will be the 22nd Century before we get to mobile banking and IPTV. Or rather, we have those now as well, but you have to pay your annual ivyn licence fee to get next year’s update, if you want to find out about the “new” stuff.

Section 3 – Strategy
• Approaches to RA
• The RA maturity model
• Determining the RA ROI

There is only one thing worse than seeing yet another copy and paste of the RA maturity model used as padding in a lame training course. I almost wish I never wrote that blasted maturity model. The one thing worse than seeing the maturity model in the course contents is seeing yet another discussion about determining the ROI for revenue assurance. I swear, with my right hand pressed against a copy of The Institute of Chartered Accountants of England and Wales’ Accounting Standards and Guidance for Members that if anybody working in RA ever comes to me and tries to show me a special method they use to determine ROI which they learned from some dumb-ass on-line training course, I will personally amass the world’s greatest botnet army, and concentrate all its fire on driving the stupid bugger off the internet forever.

Section 4 – RA Tool Selection

Who is ivyn’s course aimed at? There cannot be many telcos left who do not have an RA tool. For any that do, here is a good tip: go to cVidya and ask to use their ‘cloud-based’ solutions (or whatever they call them). They will probably let you use them for free, for a while, and they will even throw in their own online training course as well. If you like what cVidya offers, pay them something. It is not true that cVidya is willing to work for food, but they will knock 99.99% off their list price if you let them issue a press release. If you do not like the cVidya offering, the experience will still give you a good idea of what you really want, meaning you can go find it without wasting lots of money on guidance. Or just buy our book and get great advice at a good price. Or just read this website for free. But then, ivyn’s course is not aimed at you, because you are the people bright enough to read this. The ivyn course is aimed at the people who only use the internet to read spam.

Internal fraud risks

Maybe it is just me, but I see a connection between internal fraud and incentivizing someone to persuade their telco to buy stupidly expensive online training courses by offering an iPad which the person takes home and conveniently forgets to bring back to the office. But maybe it is just me who thinks like that.

Emerging Risks
• Cyber-security risks
• eCommerce fraud risks
• Social media risks

Hmmm… the so-called ‘emerging risks’ take up a few lines at the end of loads and loads of spiel about things you have heard a hundred times before. Obviously cybersecurity, e-commerce and social media are the kinds of risks that only need 10 minutes of attention every other week.

I hate spam. Do you hate spam? If you do, then never reward a spammer. Hammer the spammer, instead. I always do. This firm of spammer scumbags should never have been called Ivyn. It sounds too like “I win”. A much better name would have been uFail.

Bookmark and Share

Regular followers of Tony Poulos will know of his crusade against bill shock – the heart-stopping moment when a customer looks at their bill and discovers they have used a service that costs thousands of times more than expected. This excellent blog at the Harvard Business Review looks at the problem in a refreshing way. Economics professor Joshua Gans describes sky-high data roaming rates as a ‘stupidity tax’, aimed at the people too dumb (or too lazy) to calculate the cost of what they are doing. That implies that telcos are smart enough to take advantage of those stupid customers, especially as roamers have no long-term commitment to the networks they roam on, so upsetting them has no cost in terms of lost loyalty and lost future revenues.

I think there is another analogy that fits the bill (ahem). Telcos do not want data roamers on their network. They want voice roamers on their network. They want their customers to be able to roam, and to be able to use both voice and data services when away. So they have to offer data to inbound roamers as part of making the deal work. When inbound roamers use data, they place a burden on congested networks, reducing the quality of service for the network’s own subscribers. Whilst the network’s subscribers are in it for the long haul, the roamers are a variable element that drive up demand for peak capacity but at ordinary rates will not generate returns that could actually finance the capacity they use. That means they cannot be trusted nor relied upon, but they harm the operator’s ability to compete with its rivals for those all-important, high-value, long-term subscribers. So inbound roamers have to pay their way upfront, suffering higher rates because that is how any business would treat unwanted, untrusted, one-off customers whose business they literally cannot refuse. You could think of it as pricing in the volatility in the use and revenue generated by these customers. Or, from a negative perspective, the charge is a fine – a punishment for using the network. The problem is, whilst the fine is levied by the network on which the user roams, warning notices are the responsibility of the provider that bills the subscriber.

Putting analogies to one side, the question for RA is this: how much does it cost to service an inbound data roamer, and how much is it worth to discourage them?

Bookmark and Share

We could call them ‘the companies formerly known as revenue assurance vendors’, or TCFKARAV for short. Telco people love acronyms, but I suspect even they would baulk at that. So what will be the new nomenclature for those companies that started by selling revenue assurance? You know which companies I mean. Subex now sells ‘business optimization’, WeDo now sells ‘business assurance’, and cVidya now sells ‘revenue intelligence’, but we used to know them as suppliers of RA. As they have matured, their product ranges have become more similar, not less. Whilst they have grown beyond the narrow boundaries of core RA, they all offer something best thought of as RA+. A recent interview highlights the possibility of a bandwagon being started. Cartesian is the TCFKARAV subsidiary of TMNG Global. In a good and interesting interview, Cartesian MD Howard Watson pins his colours to the mast. He said:

“Business assurance is now at the top of the agenda of the COO and increasingly on the agenda of the CEO.”

Got that? COO’s and CEO’s know what ‘Business Assurance’ is, because it is on their agenda. WeDo can breathe a sigh of relief. Meanwhile, Subex and cVidya had better ramp up their marketing… else Rob Mattison will have to proclaim himself the President of GBAPA. But perhaps that is preferable to GBOPA… or the oddly appropriate GRIPA.

Bookmark and Share

Can you predict what will happen tomorrow? Yes… but your prediction may be wrong. Can you improve the reliability of your predictions? Yes… but you will not know if you succeeded until after you see the results. Can you predict with certainty? No… but you may be ignorant enough to feel certain. How do you measure your own ignorance? You cannot… you are too ignorant. But surely you can make inferences based on the success of your previous predictions? Yes… but only in the long run, and even then, you may get caught out because of gaps in your model of cause and effect, or gaps in the data you put into your model. Should we just give up trying to predict the future? No, but we should be realistic about the chances of success. Why are you writing this? It is really hard to compellingly explain the fundamentals of risk without ending up re-writing a book by some genius like Nassim Teleb. Come on, what is the real reason for writing this? Because I found this excellent BBC article which succinctly explains how businesses tend to over-manage in response to common cause variation, leading to lower levels of performance. Excuse me? In short, statistically speaking, businesses can over-interpret data, implement too many management controls, and make bad decisions because they think they are responding to cause-and-effect, when really their causal model (or their data) is not able to explain the random variances they observe. Errr… excuse me? Just read the article.

[...some time passes...]

Okay, I read the article. Are they saying that businesses can implement too many controls, spend too much time trying to eliminate variances in performance, and do more harm than good? Yes, that is what it says. But what about Louis Khor and that blog he wrote about implementing RA and fraud controls to improve financial forecasting? I think I already explained why fundamental limits on forecasting accuracy make a nonsense of Louis’ argument (and that he was looking at the wrong data anyway). That was a lucky coincidence, you making fun of Louis and then the BBC explaining how similar errors are made right across the business world. Yes, it was a lucky coincidence… which just goes to show. But what about Gadi Solotorevsky and the TM Forum – they just devised a new method to reduce risk by analysing lots of data? Have you actually read it? Errr… no. I just saw the presentation at a conference. It sounded great. Then go read it, before we start talking about it.

[...some more time passes...]

Okay, I read it. It still sounds great! It says we need more and more and more RA in order to reduce risk. What could be wrong with that? Doing more and more of the same kind of analysis is not a method to reduce risk. It is a method to sell lots of software with the erroneous justification of reducing risk. Hold on! That is a bit strong, is it not? Let me put it this way. Suppose I spend five years training you to work as a coastguard. I train you to use all the latest technology to rescue ships and boats in distress. I train you to fly a helicopter and to pilot a great big boat. I train you to use radar. I train you how to manage a team of coastguards that will report to you. You complete your training and are walking into work on your first day in charge. BAM! You got run over by a car and killed. You spent five years in coastguard training but you did not look before you crossed the road. Now, all the resources that went into your coastguard training were wasted. That is what Gadi’s new RA paper promises to do for risk management – devote excessive resources to one place, at huge and disproportionate cost, resulting in wastage and shortages of resources where the business really needs them. So, you are saying that I could spend huge amounts on the coastguard, but maybe I should have spent more on road safety instead? Exactly. If we care about risk, and care about the business, we want money to be spent where most effective, not wastefully concentrated on one kind of risk at the expense of all the others. Surely the TMF paper gives guidance on how to decide when the level of risk is tolerable, and when there are enough controls in place, and when the costs of doing more outweigh the benefits gained? You clearly did not read it properly. No, it says none of those things. It just says to spend more, and more, and even more, on controls. It never says anything about how much is too much. But those statisticians in the BBC article argue that you actually make things worse through excessive controls!? Well, I guess the ‘scientists’ behind the TMF paper are a bit backward with their understanding of statistics – which is why they always assert you should check everything rather than take the ‘risk’ of relying on a statistical sample. If they do not know how to use basic sampling techniques, then they have no hope of doing something more statistically sophisticated, like evaluating risk. Hang on, I thought that new TMF paper has your name on it? Impossible! This is the first I heard of it. Maybe you did not read it properly [chortle]? Let me just quickly double-check…

[...time passes...]

Cripes! They do have my name on it. So you must have contributed to the paper? Yes… but only in the sense that I told them their work was utter rubbish, and why. Did they listen to your criticism? No, they ignored it. Well then, it sounds rather cheeky to put your name on a paper that you 100% disagree with. It makes me wonder how many of the people listed really did provide input. Maybe some of them are glad to get their name on the paper so they can impress their boss? Good point. You never see any of those people on the TMF’s web forum… and it makes me wonder about data quality too – why list somebody as contributing if they did not contribute? Perhaps they should have had more controls over their document [snigger]? No, they were happy to take the risk [chortle]. What do you predict for Gadi’s TMF RA team, based on this recent output? I predict they will produce more rubbish in future. Are you certain? Hmmm… pretty certain.

Bookmark and Share