Firstly happy new year to everyone – I hope 2010 is a successful one.
Reflecting on some recent posts, both on talkRA and more broadly, I found myself asking the above question.
My rationale was that much of the discussion around RA seems to centre on what the next step of evolution for RA should be. It is almost as if finding and preventing leakage is not enough to sustain an RA function and that more needs to be added to the RA portfolio for it to continue to be seen to be adding value. I wonder if the logic for this is an assumption that, with a well-established RA function, either leakage will fall away or more likely the costs of finding and fixing it outweigh the benefits it will bring.
In many ways this makes sense. The TMF maturity model advocates greater decentralisation of the “RA” mindset and capability across an organisation. Now in many organisations this is not practically possible to achieve but it is possible to move further along the continuum. And this would imply that the RA managers who do the right thing for their organisation by spreading the thinking of RA may find their role reduces as resource moves out to operational areas as the perceived value of RA moves from tangible detected loss to less tangible prevented.
So is it the case that RA done well means that the RA manager must look to extend their remit to hold their status in their organisation? Is RA alone not “noble” enough to provide a sustainable career path? Now, I don’t have the answers to this but as I have recently moved from an operator to being an independent consultant, this question is also relevant for me personally.
Surely though this challenge for RA is not that different to other risk management disciplines – primarily I am thinking of fraud and security but this could also apply to other risks such as legal, regulatory etc. When RA is new in an organisation then opportunity for attention arise as the leakages are found and fixed but at some stage a steady state will be met. Must RA extend itself to continue to have influence and attention at the CxO level…and if not will it find its position becomes less relevant? I don’t have the answer to this question and I suspect it will actually evolve and change anyway over time but it is something every RA manager driving their company along the maturity curve should consider.
Well written Mike! I’m afraid RA has finally become ‘mainstream’ and that’s why it has to re-invent itself to remain relevant for continued C-level support. Remember the days when we joked about RA doing its job so well that leakage was almost non-existent? We feared that managemnet would cut budget if we did the job too well. Ummm, we may be there already!
The TM Forum’s advocacy on decentralisation is a real attempt to illustarte the reality of all-IP networks and that charging functioanlity may occur anywhere on any server or SDP across the network, even externally on third party kit. That alone should keep a few more in RA jobs in the years to come. Don’t you think?
Tony, there will certainly be a need for RA activity as the networks and business models change.
The question is whether this will be undertaken by a separate RA function or is ingrained in operational business processes. I suspect it will be a combination of these with RA providing a greater governance role than the actual “do-er” of the work (be that detailed analytics or performance monitoring).
I think though that many RA people like “doing” the work and maybe this drives the rationale to look for other activity where that “doing” is not being done and can leverage off the skills developed. After all, if RA becomes more oversight than delivery of work, then isn’t RA going to lose its identity and become too similar to internal audit?
Ah yes, and the circle of life will be completed, right back where it started. I’m sounding pessimistic, I know, but I see RA being split into a fully automated NOC-type activity on one hand and good old internal auditing on the other just to make sure the auto monitoring systems are actually working correctly. Finding and preventing leakage doesn’t boost share price, cost reduction does. Reducing staffing numbers continues to be the most popular short term means of cutting costs. I fear that the comibnaition of automation and cost-cutting will not bode well for RA teams, no matter how well they are ‘doing’ the work. The software and tool vendors may not be helping here either. They also have to prove their business case to management and will always include some level of cost-cutting to provide the necessary ROI.
Maybe every operator should merge RA and Fraud (if they haven’t already). Ah fraud, now that’s an area that continues to need investment and monitoring. However, you need humans to work out what’s going on and to work out how to stop it. No machine can do that, yet.
RA was/is used to be measured by ROI, mainly as a function of leakage found, and leakage recovery. In mature operators the approach is proactive, and not reactive, hence they find and recover fewer leakages, but prevent more. Hélas, today there is still not an industry standard model that quantifies it (the TM Forum RA team will work on such model). So, mature SPs are looking to other ways to show a clear ROI, expansion is relatively easy, and permits them to continue to show ROI.
Is this bad, I believe quite the opposite, as long as the expansion to none RA activities does not come instead of doing the basic RA, or expanding RA to processes or products uncovered yet (and you can find such processes in most of SPs, even the most advanced once – how many RA departments cover collection) . These none pure RA expansions will give enough time to RA departments to continue to show ROI, until the market is educated to quantify and accept the ROI of preventive RA.
I have no issues with RA people extending their remit and adding more ROI to the company. In fact, I think RA people often have unique skills and views of the organisation that mean they are well placed to do this.
I guess the question from my blog is – why does RA have to extend itself to prove itself? Other risk management functions do not need to do this as either fear of not managing the risk (e.g. regulatory) or even showing that the risk is ever present (e.g. fraud) is sufficient. Demonstrating ROIs on these functions is, at best, difficult and speculative but it seems RA may get stuck somewhere between being a “must have” risk management function and acting as a “profit centre” where it must financially explain its existence.
I think that reason is historical, RA started by justifying itself solely as a profit center with clear ROI that shows in the ARPU. Changing it to something different in the industry will take time for two main reasons. First, in many, not to say most places, RA still has a very clear ROI, therefore they can continue this way. Second, once the business sees you as a profit center, and measures you mainly by the ROI, saying “this year we are more mature, therefore my ROI will be lower which is great, because it shows that we are doing our work properly” is not very convincing
I believe that Industry bodies like the TM Forum, have an important role in educating the market on how RA should be measured , and creating the right standards for years to come – but it will be a slow process (in my blog I put this as one of my predictions for the changes RA in 2010 http://ra-blog.org/)
I agree that RA started with measuring itself by $ so is now probably paying a bit of the price for focussing just on that measure when others could have been equally important. Seems the focus was on the “Revenue” part of RA and less so on the “Assurance” but that is another blog altogether.
I think most people have sorted out how to calculate leakage, a few have methods for the revenue uplift from fixing leakage (which is obviously not the same as the leakage as customer behaviour may change) but I have only seen cursory attempts at prevented. I encourage the TMF to look into this and would be happy to be involved when the time is right.
You have taken the right topic.
If RA is to be judged only by ROI then unfortunately the mature practices will not get much of the credit, they deserve. My personal opinion is that “Assurance” is very much part of RA and needs to be carried out irrespective of the ROI implications (as long as its material in nature).
Slowly RA will get integrated in to a bigger Assurance structure, like CRA ( Compliance and Risks Assurance) concentrating on Revenue, its specialization.
I don’t see RA as a function being defunct in the near future, especially with Technology advances and increased complexity in new products and services. Though where this function sits within the Business may change – maybe with a new structure which encompasses some of the other functions like Regulatory / Internal Audit / BRM / Quality assurance?
Though I also feel that the skills and expertise RA personnel acquire within the Telco segment should and will be marketable to other segments – mainly utility.