To be the leading global provider of valuable information and advice to risk and assurance practitioners working in the communications sector
That is the mission of the Risk & Assurance Group (RAG) and last week’s RAG London Conference proved it is moving in the right direction. The record turnout was complemented by an unprecedented level of support from sponsors. Dare we hope that RAG, which has been a long-running but quiet success amongst British telcos, might soon make a breakthrough which turns them into the preferred source of advice and education for professionals across every continent?
Perhaps some in the audience questioned the industry’s ability to change after last year’s conference dwelt on the relative lack of progress being made in risk and assurance. However, their doubts were likely dispelled by the most memorable talk of the event, which was given by TEOCO founder and CEO Atul Jain (pictured above). Flying in to give a keynote presentation on the opening morning, the Indian-American entrepreneur shared his personal views on how to be successful, drawing on his own 20-year journey of building up a global business from scratch. Atul quoted George Bernard Shaw and encouraged everyone to love their mothers-in-law during his often humorous analysis of why breakthroughs begin with the courage to think differently. Atul was dedicated to academic study as a young man, and there was no doubt he was responding to RAG’s determination to deliver new education opportunities to risk and assurance professionals everywhere.
As there were too many excellent speakers to review the contributions they each made, please excuse my desire to fast forward to the education panel which I moderated on the afternoon of the second day, and the extraordinary response from the audience. The two panellists were:
- Michael Lazarou, an RAFM specialist at MTN Cyprus. Michael is well know to fans of education and self-development through the regular reviews of online training courses he writes for Commsrisk.
- Marcus Bryant, a globe-trotting consultant who spoke about MTN Group’s approach to RAFM education at last year’s conference. His business, Orillion, is actively investigating the potential of delivering online training.
Both men have exerted an important but little appreciated influence on the direction of RAG, independently arguing for the merits of delivering engaging educational content over the internet so it can be accessed by practitioners wherever they are.
The panel began with Michael and Marcus describing the separate research projects they had initiated, each seeking a viable way to deliver RAG training over the web. The two proposals differed in important respects. Michael suggested a model where RAG would amass the necessary content by seeking donations of intellectual property, and would then employ a specialist business to rework the material so it can be delivered via a widely-used interactive education platform hosted in the cloud. Paying for this would require substantial fundraising from sponsors as the training would likely be supplied free to the user, although a charge could be levied if users decide they want an optional formal certificate to prove they have successfully passed the course. In contrast, Marcus’ proposition involved outsourcing both the development and delivery of the training course, with RAG having the more limited role of maintaining quality control. The course would be sold on a for-profit basis, either to individual practitioners or to their employers, but RAG members would benefit from free or discounted access to at least some of the material.
One reason to hold the panel was to gauge the feelings of RAG members in the room, allowing them to influence the development RAG’s education program as it explores a range of possibilities. To the audience’s great credit, there was no shortage of vocal feedback. On the contrary, the panel overran significantly but still failed to find time to address any of the 17 intelligent and considered questions that were posed by audience members using RAG’s real-time online Q&A service. It would be impractical to repeat all the opinions expressed during the extensive debate but three conclusions can be reached without much dispute:
- the community passionately wants better education and is frustrated by the lack of progress towards realizing this goal;
- after weighing up the respective advantages and disadvantages, neither proposal was clearly superior to the other, and there was a willingness to continue exploring both options in parallel; and
- doing nothing is not a satisfactory alternative.
So RAG will keep working with Michael and Marcus to construct an education program it can realistically deliver whilst also continuing to seek input from members, sponsors and other potential supporters. In the meantime, I promised that the panel could use Commsrisk to address the 17 questions submitted online but which we did not have time to deal with during the session. Questions and answers are given below; I have answered on behalf of the entire panel but Michael and Marcus have reviewed the answers to confirm they agree with them, and added additional notes where appropriate.
RAG is about sharing best practice, wouldn’t training do away with that and all discussions as we’d just refer to the training?
We do not expect this would happen. ‘Best practice’ is not static; RAG would not be the first organization to agree on a common standard whilst simultaneously maintaining an ongoing debate about how to improve standards. Furthermore, training content is not the same as best practice. Plenty of people need to be trained on how to do things better, and will have a lot of work to do before they have equalled the ‘best’. We can develop training material for all those people without needing to confuse this with the development of best practices. On the contrary, it is a sign of the poor quality of material currently available for training that relatively basic material gets called ‘best practice’ because nobody has ever documented or shared anything better. And because few people try to adopt these ‘best practices’ in practice it means the original documents are never improved as a consequence of critical feedback.
If the RAG training program succeeds it will be because its output can be used in real life, or because many people take the training but find its flaws in actual practice, and so force RAG to correct and improve the training content iteratively. Instead of doing away with discussions, we believe widespread common training will encourage far more input to the development of training material, leading to an increase in discussion and an acceleration in the development of further training material. Our hope is that this will lead training to become more ambitious and more expansive than any courses we have seen before, because the RAG program will benefit from the input of many more contributors.
Michael: I do not believe that RAFM and risk training is a replacement for coming together and sharing experiences/best practice. It is complementary. Training will also deal with the more nitty-gritty concepts of the day to day work, whilst a conference has a different target.
Marcus: I believe the training should provide a framework which allows individuals to start asking the right questions, to start developing a mindset open to seeking out the best way to do things, as well as practical guidance and advice. Experience and the ability to speak to others with different experiences and different accumulated knowledge will always play a vital role in the continuing education of all of us.
How can other providers of RA training participate in this?
Before answering this question it is worth reiterating that RAG is not proposing the development of a revenue assurance course. The RAG course will be aimed at all communications risk and assurance professionals, so will include revenue assurance alongside other disciplines in the risk and assurance umbrella like fraud management, credit risk, cost assurance, margin assurance and enterprise risk management. This may mean the course has a modular approach, where not every person needs to study every module.
To answer the specific question, the involvement of other providers would depend on who owns the training content, and the conditions imposed on its use by the party which supplies it. Of course RAG will welcome the donation of valuable content from any source, including professional trainers, but it is likely this question is more concerned with who can use the course.
If RAG develops the course by building upon content which has been freely donated it would be feasible to licence the content so other trainers could use it also. This would have advantages; we would have a consistent worldwide online syllabus which allows anyone to develop and prove their competence, but classroom educators could help telcos to get the maximum worth from the content by providing a tailored training experience that focuses on the specific needs of their business. If the content is amassed by RAG but donors place limits on the use of their intellectual property, because of the way they have licenced material to RAG, then it may not be possible for RAG to licence the content for use in classrooms. If the material is developed by a commercial business they may not want to licence the content for use by rival trainers, especially if they intend to supply classroom training too.
Marcus: This is a good question – it is a mammoth task to assemble all the content required, even with a significant quantity already developed or in development. I think it is very important that it is all edited by the same team or individual and has a common look and feel and level of quality. This is something that I am talking to MTN about currently – perhaps we will license some of their content on a charge back agreement. It does all get very complicated in a commercial concern and with intellectual property issues. There may be particular areas where my business, Orillion, does not feel it has sufficient capability to produce an authoritative training module and active participation from existing training providers may be sought out.
How does this tie in with the TMF material, and the work available there? Would it at all?
We have RAG Committee members who have been involved in the development of relevant TM Forum material, and we have good contacts within the TMF teams currently developing new material. Informal overtures have already been made to our friends in the TMF, keeping them aware of progress of the RAG education program and making it clear that RAG is open to negotiating a deal to licence TMF content. None of the TMF’s paid employees have followed up on this sales opportunity so far. RAG has not progressed it because our focus has been on RAG London, but now the conference is over we will make further efforts to communicate with the TMF and make it clear we are willing to pay a reasonable price to licence their content.
RAG can only speculate how the TMF will respond. Our experience is not favorable; the TMF does not have a relaxed attitude to its intellectual property. They may be unwilling to do any kind of deal, or they may ask for an unreasonable price to use their content. We will try anyway. RAG members who are also TMF members should express their feelings to the TMF, making it clear that they want a deal to be done.
The effort required to develop a course will increase if the TMF is unwilling to cooperate with RAG, but we do not think the additional hurdles will be insurmountable. On the contrary, if we enter into a competitive situation with the TMF we believe this will hurt their credibility and prompt a rapid transition where more telcos choose to donate their content to RAG instead. If RAG offers attractive free or low-cost training to telcos, why would telcos want to donate their intellectual property to a rival entity which wants to charge them a much higher price to have it back, or which is incapable of supplying equivalent online training?
RAG already has a good relationship with industry-leading sponsors who also have a stake in encouraging the education of risk and assurance professionals; the annual sponsorship deals and the personal participation of Atul Jain at RAG London is evidence of this. Some of the best brains responsible for developing TMF content are also engaged in RAG. The recent offer of BT’s Andreas Manolis to simultaneously donate his new leakage susceptibility model to both the TMF and RAG shows how RAG will be able to quickly close the gap and amass like-for-like alternatives to existing TMF material if TMF employees decide against working with us.
Marcus: My intention would certainly be to include references to other notable bodies of work, as suggestions for further reading, rather than to plagiarise or recreate. The TMF would certainly be one of these bodies. I also think the TMF materials can benefit from being first contextualised by a training course – certainly for newcomers to the industry. I believe it is also valuable to highlight which existing professional qualifications may be pertinent to certain modules (e.g. CA, CRISC, CISA etc).
Would you agree we need RA education for non-RA people?
Yes. It may not be the first priority, but it is unlikely there will be any objections to reworking some of the content so it is suitable for people in departments not primarily focused on risk and assurance. The only question is whether this kind of training would be sufficiently profitable if RAG decides to partner with an external commercial training provider. Whilst RAG might be willing to support such training, the partner may lack sufficient incentive to develop that version of the course, though this will depend on the price that telcos are willing to pay for this variant of the course.
Michael: Definitely, the whole organization needs to be aware of certain risks and have some basic knowledge. One of the ways that training can be more inclusive is if it also includes a telecoms training module which can be an intro for anyone entering the industry or can provide the basic concepts for people with no technical background (such as finance staff). The focus, however, should be risk and assurance professionals. Everything else will come later on if there is a need or demand.
Marcus: Certainly. MTN has recently run a week-long awareness campaign specifically targeting the non Revenue Assurance stakeholders in the business. Without their support Revenue Assurance and Fraud Management will have limited success – especially when an organisation has matured to the point that it is attempting to embed controls into the process owner (primary) environment. I will speak to Tony Sani [the MTN Group executive with responsibility for RAFM] and see if he might be willing to release some of the video content developed for this purpose to RAG for re-use by other operators.
If content is just telco focussed, how do we make it relevant across other industries?
Many practitioners believe the abstract concepts used in communications risk and assurance can be applied across different industries. This seems to be corroborated by the fact that RAG routinely attracts attendees from outside the comms sector. However, working the material so it is relevant to all industries would be too ambitious at the beginning. RAG is currently focused on building credibility and awareness within telcos. If we succeed in making significant progress with rolling out a common education program for telcos then it will become appropriate to discuss how the material might be adapted for use by other businesses.
Marcus: The way Orillion has structured its course is to focus on fundamental concepts and then to plug specific industry information in where these principles will be applied. The same could be done easily enough for other industries.
Would it be better to structure the course from an absolute beginner level to intermediate and advanced levels
Yes. The limits on what will be offered will be imposed because of other constraints, like how much content we can afford to develop and how much ‘advanced’ material is donated to RAG. There is no intrinsic objection to providing training at different levels. The actual levels will depend on the amount of work to be done, who does it, and how well rewarded they are for doing it.
Marcus: Yes – this is how Orillion has structured the competency framework and training content to allow progression through the required competencies.
We have heard the how and heard the what, can I ask the why??
Is 10 years of no progress indicative of the appetite for this?
These two questions are related. The latter question relates to David Smith’s comment at last year’s London Conference, complaining that no progress had been made with education in the 10 years since the Global Billing Association turned down David’s proposal to develop an industry RA course. We believe the response to this year’s education panel, the response to previous RAG talks and surveys, the regular take-up of expensive low-quality courses supplied on a for-profit basis and the strong feelings expressed by many parties shows there is a very real appetite for better education. Work began on the RAG education program immediately after our last major conference because the audience reacted so strongly to the points raised by Marcus and David when they separately talked about the need for better education opportunities.
If there is a question about appetite it relates to how much people are willing to pay for good training material. We believe this has become a trap: lack of common investment means telcos hope/expect good content to have already been developed by somebody else, and for this to be supplied to them in a classroom context at a time and place which suits them. These flawed expectations mean telcos generally pay a high price for an inferior quality training where the syllabus is decided based on the subjective opinions of the individual giving the training. The key assumption of the RAG training program is that we can attain massive cost efficiencies by persuading a very large number of telcos to switch to common adoption of the same online training program. By pooling all development costs into a single global online training course we will be able to satisfy the appetite at a lower cost whilst raising the quality of training for everyone.
Michael: One of the reasons for developing this education program would also be to reach RAFM teams with minimal resources and to empower their mission. We could argue that in a perfect world there would be no need for RAFM either! This is not an attempt to spoon-feed people. It is an attempt to provide every RAFM professional in the world with a strong foundation to build on, by providing them with access to content from the top vendors, telcos and professionals in the field.
Marcus: Despite being told never to answer a question with a question, why wouldn’t you want engaging training content to be available which could be used to induct new, bright graduates into the RAFM field and have them productively understanding the risks inherent in the their industry and asking the right questions to help mitigate those risks? I don’t think the last 10 years shows there is a lack of appetite for education. The experience of MTN was that it is just too hard to get content that is coherent, accurate, pitched at the right level and sufficiently engaging for it to be effective. The 10 year gap may indicate a certain disdain for training amongst the seasoned professionals who believe there is no substitute for experience. It certainly does reflect the huge task to build, structure and edit the content into a coherent course.
What useful MOOC stuff is there right now?
If we adopt Michael Lazarou’s preferred proposal it will be possible to intelligently link the RAG education program to massive open online courses (MOOCs) provided by other parties. Michael continues to investigate the potential, but the most obvious benefits will relate to technical and technological disciplines which can be adapted for use in communications risk and assurance, such as courses in data analytics, big data, programming, and statistics.
How much will this cost individual RAG members?
Can you raise funds through advertising on videos like YouTube?
These questions are also connected. RAG is willing to adopt any approach to funding that works well in practice. But web advertising is a variable and unpredictable source of funding, so will not be our initial focus, not least because there will be significant up-front costs.
Our initial hope is to offer a program which is attractive to very many users, meaning the cost per user is low or nil, and that our sponsors will cover most or all of the development costs in exchange for promoting their brands worldwide. The other obvious option is to seek payment from telcos and end users. Clearly there is a trade-off between the number who will take the course and the amount that can be charged for taking it. However, we also recognize that supplying the course for free might have a detrimental impact on the perceived value of the course.
Perhaps the likeliest initial scenario is that RAG will partner will specific large telecoms groups, do deals where the telcos acquire access to the course on behalf of their employees in exchange for payment or a non-financial trade like the donation of that group’s existing training material. These initial deals with telco groups will likely influence and inform the way we subsequently seek funding.
Marcus: Orillion’s intention is to offer the basic tiers to RAG members for free in return for some RAG oversight/endorsement of the product. The pricing of the other tiers – in order to complete a course to the higher levels – will probably be primarily directed at the corporate market but also available to individuals. This has not been finalised but it is not our intention for this to be a primary revenue stream for the company, so it is unlikely to be prohibitively expensive.
What ID verification checks will we have to ensure our main ‘consumers’ are not fraudsters?
And who is doing training for fraudsters? :-)
How secure is the content?
Let us take these questions together because they are connected. It will not be feasible to prove that consumers are not fraudsters. However, the prevalence of internal fraud suggests that RAG is not the only organization that faces that problem. It would be possible to limit access to users with appropriate email addresses etc. but determined fraudsters will find ways to work around such constraints. Perhaps it is more pertinent to ask how much advantage we hope to gain by denying fraudsters knowledge if it also means denying knowledge to anti-fraud professionals. Fraudsters work as hard as they need to overcome the real obstacles put in place to defeat them, not as hard as they might need to work if every telco did everything possible to stop them. As such, it is likely that the training will advise most telcos to implement more anti-fraud measures than the average telco currently does. And if we spread good anti-fraud ideas quickly we at least have the option to improve quickly, even if the fraudster also has that option.
It is often said that fraudsters are quicker to learn about fraud vulnerabilities than telcos are, because the fraudster has more incentive to perform research and to innovate. If this is true then a widely-accessible course will generally help telcos more than it helps fraudsters. The fraudsters already sell and give each other information; we need to be more efficient at transferring knowledge than they are.
A specific answer to the question of security will depend on the choice of platform used to host the content. However, the choices considered so far are all professional-grade, as used by universities and big businesses. To be clear, we are not currently proposing that RAG offers a ‘cheap and cheerful’ approach that involves presenting animated slide packs on sites like YouTube. We want a mechanism where we can actually track the progress of the student, ask the student questions, and hence impose a pass/fail threshold. From what we have seen so far, all the providers who meet these requirements have also incorporated an appropriate and robust degree of security into their solution.
Michael: The cloud-based solution I have researched can be configured to provide access only to RAG members or only to telco employees or RAFM vendors (i.e. anyone with the right kind of business email). However, most fraud detection has to do with pattern matching and fraud has to do with getting as much as possible before being caught. Fraud teams can set thresholds that very sensitive or too broad. It’s not like detecting fraud is that scientific.
Marcus: Assume the fraudsters already know more than your teams. They are organised, educated and motivated by massive profit. Being able to access the training content will not give them a significant advantage.
What accreditation/certification would you recommend to a RA novice… GRAPA still relevant?
This was one question we did discuss during the panel session but it is worth briefly reiterating the response in writing. It was hard to determine the thrust of this question because nobody in the room was willing to argue for the worth or relevance of GRAPA training. So instead of asking whether GRAPA is still relevant, it is pertinent to question what, if anything, made GRAPA relevant in the first place, other than the fact that some people want certificates and GRAPA are happy to give people certificates. If people want to pay GRAPA for training they can. The fact that telco groups like MTN have abandoned GRAPA training speaks volumes about the quality of the product they have received over the years and the extent to which this has fulfilled the genuine working requirements of practitioners. GRAPA has talked a lot about helping people get better jobs, better pay, promotions, and providing continual professional education backed by a community engaged in the continual improvement of its intellectual property. Where is the evidence that it has kept any of those promises?
Marcus: The GRAPA content has to be applauded for being out there, in a void. Have I recommended it to companies and colleagues I have worked with? No. Would I be embarking, with partners, on the mammoth task of developing a training course and content if I felt there was already a credible, comprehensive option in the market, given that the financial reward is likely to be low? Hell no.
RAG is a Community of Practice…
The question is not obvious but we wholeheartedly agree with the sentiment. A big motivation for the RAG education program is to harness all the talents and attain cost synergies by engaging with the whole of our community worldwide. Instead of the unrealistic hope that one individual will do all the work needed to develop a comprehensive and useful training course which can be applied worldwide, we want to pool all the community’s resources for mutual benefit.
Benjamin Franklin famously said we must hang together, or we shall all hang separately. We believe the low and declining levels of telecom investment in risk and assurance is a worrying sign that we are hanging separately. Our community needs to do a much better job of working together in order to revitalize the argument for new investment in our discipline. For RAG, this begins by delivering a cycle of big free events around the world, promoting the best new thinking from every continent. By genuinely connecting with more practitioners we intend to foster the scale for a single effective global online training program. We seek to prove that such a program is feasible; the efficiencies should be obvious so long as the program can be realized in practice. Proving there is a large established market for the training will also stimulate more of the community to contribute to the development of our discipline, because they will enjoy the reward of seeing their ideas being adopted widely.
As Atul put it during his talk, we need to change our thinking if we want to achieve results that currently seem impossible. Expectations for training and standards development within the field of risk and assurance are so very low that it seems unimaginable that we might ever earn the respect accorded to real professions like accountancy and law. Those other professions benefit from a scale that we desperately lack. But we will not grow by magic; we must make the argument for growth and persuade executives that investment in our work will increase shareholder value. Hence RAG’s disruptive innovation is very simple: we are going for the maximum scale by removing every possible barrier and trying to engage with every relevant practitioner everywhere. Of course many individuals may decide they are better off without RAG, or may choose to purchase education services from other suppliers. They may not be persuaded that we will ever attain the scale needed to realize the efficiencies that will make our program sustainable. But David Smith’s observation about 10 years without progress was well made. What credible alternative plan has been offered that has a better chance of success than ours? And do we really want this community’s plan to be another 10 years of trying the same things, and failing for the same reasons?
We understand risk and the development of a program whose success depends on scale involves a degree of calculated risk. But can we afford to risk another 10 years without any change to how we educate ourselves? RAG has made extraordinary progress during the short time it changed strategy and oriented towards its new global mission. The feedback from members and sponsors has been overwhelmingly positive. So whilst investing money and effort into the development of a global online education program represents a significant risk, we have every confidence that this risk is worth taking.