T-Mobile US Internal Audit Given Spotlight by Protiviti Report

“We are known as an organisation with a solid value system – an ethical company dedicated to doing things the right way.”

So says Michael Rimkus, who works for T-Mobile US as their Senior Vice President of Internal Audit and Risk Management, in a new report by risk consultancy Protiviti. A few brief pages is sufficient for Rimkus and Protiviti to draw an interesting vignette about the way T-Mobile US approaches audit and internal controls. For example:

We’re helping customers get the most from T-Mobile’s products and services, so that means we have a personal conversation to find out what each customer needs,” Rimkus says. “Just the simple act of listening to customers has caused such a shift for us culturally. So much of our culture, even from a risk point of view, is about the customer.”

Rimkus shares some facts that internal auditors in other telcos will find interesting, not least because they will want to compare their approach to that adopted in T-Mobile US. For example, his “audit services” team covers both internal audit and retail audit, and employs 25 auditors in total – for a business with 50,000 employees and annual revenues over USD37bn. Only three members of the audit team are focused on IT because they choose to use external firms to co-source their technology audits.

Protiviti’s report focuses too much on their desire to audit a company’s culture, as compared to implementing the real tools and techniques of audit and assurance. The flaw in Protiviti’s thinking is highlighted by recent speculation that T-Mobile USA may take over rival Sprint. Cultures are real but they are neither tangible nor subject to objective measurement or control. There will be a change of culture when a single employee joins or leaves the business. However, most people will not be aware of such changes unless thousands join or leave at once.

Rimkus has been T-Mobile’s top internal auditor for 14 years. He is a likely example of an individual who has shaped his company’s culture. The danger with trying to manage culture as an additional and separate property from managing the rest of the business is that culture is ultimately enshrined in the decisions people make. Managing culture can be reduced to managing every individual who works for the firm, and that begs the question of whether auditing culture is just a roundabout way of auditing what people do.

No corporate culture is an island; all businesses are influenced by the national culture, the regulatory and legal environment in which they work, and the style of competition adopted by rivals. Cosmopolitan readers of this report will notice the impact of national culture on how the report was written: American customers may think there is only one T-Mobile, but Protiviti’s authors should have referred to the company by its full title – T-Mobile US Inc – to distinguish it from all the other T-Mobiles in this world. Some of the report’s observations reveal more about the US market than this particular telco’s approach to internal controls. For example:

The company has implemented roaming agreements in 160 countries. “Our customers can use their phones with no additional charge or configuration necessary,” Rimkus says. “That really opened customers’ eyes to the fact that T-Mobile is here for them…”

This also opened my eyes, revealing that market-leading practices in one region can be long-established norms elsewhere.

I would not recommend reading the whole of Protiviti’s report, which centers on a flawed argument that internal auditors should also audit their company’s risk culture, even though such a review would be hopelessly subjective. Rimkus’ T-Mobile, like some of the other companies covered by the report, appears to be a counter-example to Protiviti’s thesis; the small T-Mobile team does not audit culture per se. Nevertheless, internal auditors may find it worthwhile to download the report and skip straight to page 57, where they will find the section on Rimkus and T-Mobile. It is not often that we can read the opinions of a man who has so long been the senior auditor in his telco. Auditing can be a stressful job, so Rimkus’ relaxed tone indicates he must be doing something right…

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Director of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.