Competition for a limited number of customers in highly penetrated markets and increased government regulation has created a unique connection in the telecommunications industry - the linking of financial risks with operational risks.
On the financial side, the competition for customers has led to a near-realtime activation requirement for service connectivity and a true realtime, “self” provisioning requirement for products like phone apps and IPTV content. A failing in this area leads to either a customer experience issue with an incorrect provision of a telecom service/product or a billing issue for that service/product that is incorrectly accounted for as a revenue or expense.
In terms of operational risks, increased government risk and compliance reporting requirements has led to the need to identify interactions across a wide range of platforms and associate those interactions with internal and external risks to the organization. An inability to understand these interactions can lead to data breaches that lead to unwanted and costly corporate exposure or points of internal process breakdown that can indicate potential if not outright fraud.
Automated Processes: Linking Financial Risks with Operational Risks
In the past, these two practices were separated in the worlds of the office of the CFO represented by billing operations and customer fraud management and the office of the CSO in the form of corporate and information technology security. And for the most part, these two groups had little need to interact unless focused on some aspect of internal fraud detection. However, with the increased implementation of automated business processes and applications to meet the market challenges of customer expectations; financial and operational risks now need to be linked to maximize revenues and minimize risk exposure.
Billing Operations teams need to understand the linkages between internal and external interaction with the systems that allow for various stages of “realtime” provisions of services:
- Has the configuration of the billing system been changed?
- Who has accessed the product catalog? How often?
- When was the last update of the metadata associated with customer care?
Security and IT Operations needs to understand the financial impact of unauthorized access or suspect platform behavior:
- How much exposure has a data breech led to?
- What is the dollar value of a change to a server configuration?
- Which customers are impacted?
Recently, ArcSight announced the release of their next generation Enterprise Threat and Risk Management (ETRM) package. At the heart of this announcement is the upgrade of the following ArcSight products:
- ArcSight ESM 5.0
- ArcSight IdentityView 2.0
- ArcSight Logger 5.0
Each of these offerings brings a new aspect to the ability of Security and IT Operations teams speed the analysis of system, access and log event across a wide variety of platforms. This comes from the ability to perform “forensics on the fly”. This ability to link disparate events and recognize their relation to enterprise risks goes a long way to answering the questions of “who?” and “what?”.
For telecom organizations, the link between the CFO and CSO for enterprise risk management has been limited. Now, with the ability to see events across multiple automated platforms in both financial and operational terms, these links can strengthen and expanded to meet the challenges of both teams.
Finance can delve deeper into the root causes for the financial issues of customer/external usage fraud and revenue management. Security and IT can assign monetary values and establish ongoing business cases for their compliance activities. In both cases, the telecom organization should embrace the responsibility to link these worlds for long-term competitive advantage as well as short-term financial recovery and regulation compliance.
How is your telecom organization linking these aspects of risk management?
Post your comments below or email (John.Myers@BlueBuffaloGroup.com) / twitter (@BlueBuffaloGrp) me directly.
Posted September 21, 2010 8:28 AM
Permalink | No Comments |