EY Revisits Top 10 Telecom Risks

Ernst & Young, the Big 4 accounting firm, has established a reputation for surveying and reporting on the top risks faced by the telecoms sector. However, their latest report tackles risk in a different way, by giving their opinion on the progress made in mitigating the top ten risks that were identified in 2014. You might consider it a scorecard on telco progress with risk management, though subject to one important caveat: who told EY to keep score?

This is how they begin their review of the state of telecoms risk mitigation.

How are operators faring?

In our conversations with senior management, we have found that a number of operators are already making concerted efforts to tackle their universe of risks. Concerns about customer experience management, business model overhaul and increased organizational agility are, and will remain, leadership priorities.

Yet this does not translate into a lessening of these risks. On the contrary, once responses have been defined and articulated, the challenge shifts in nature. Operators are tasked with ramping up
existing efforts and ensuring their approaches prove dynamic and flexible in the long term. For example, while many operators are overhauling their customer value propositions, new approaches to customer segmentation and product simplification are vital as cross-selling capabilities become a unique differentiator in a converging market.

I used to work for a Big 4 firm. One thing I learned was never to audit by conversation. It is a common human failing: instead of checking facts, you ask somebody else about the facts, and rely on the statements they make. If EY really wanted to assess risk mitigation, they should not have relied on conversation with senior management. The obvious criticism of EY’s report is they should have begun by surveying the risks in 2016, using the same methods they employed in 2014, and then assessed what factors had caused risks to rise and fall. Surveys are not a perfect source of information, but at least the methods used would be consistent, and hence provide a framework for gauging the success of efforts to mitigate risk.

Consider this statement: “yet this does not translate into a lessening of these risks.” Well, what the heck does it translate into? Does it translate into bullshit, because that is how it sounds and smells to me. Either risk mitigation reduces risks or it does not. So you should not say telcos are making concerted efforts to mitigate risks but the risks are getting worse anyway. Professional risk managers want to know what benefits have been delivered by existing risk mitigation, and what additional benefit might be delivered through further mitigation. Just saying risks can go up is as useless as observing that a giant meteor might send the human race to the same place as the dinosaurs.

Perhaps factors outside of the business’ control will cause risk to rise faster than mitigation activities will cause risk to fall. However, if that is true – and lacking any useful measure, we must take EY’s word for it – the factors that increase risk should be separated from the mitigation activities that decrease risk, and both should be independently analyzed. Conflating the benefits of risk mitigation with adverse factors outside of the business’ control confuses the purpose of risk management, which is to manage what can be managed. Risk managers never delivered any benefit by complaining that some things are outside of the control of their business.

There is no need for me to keep commenting on EY’s report, because the whole thing is an unwelcome exercise in waffly consulting-speak. Consider some of the advice it gives:

  • “Take a lead in emerging ecosystems”;
  • “Prize a level playing field of regulations”;
  • “Tackle cyber threats head-on”;
  • “Improve internal collaboration”;
  • “Align internal capabilities to bring data to the fore”;
  • “Sensitize the inorganic growth agenda to the Internet of Things”;
  • “Embrace a wider set of key performance indicators”; and
  • “Shift the cultural mindset”.

This is helpful advice, if the people running your telco are morons. It is less than helpful if management is already fighting to tackle cyber-threats, and trying to boost internal collaboration, and lobbying for fairer regulation, but find all of these objectives are easier to state than to accomplish.

Nothing in this report will come as a surprise if you already follow industry news and trends – perhaps by reading Commsrisk on a regular basis. In that sense, this report is very low-powered, and reads like the unedited ramblings of telecoms consultants after they have gone down the pub and run out of every other topic of conversation, so started talking about work again. Consider the following paragraph:

Youth customers continue to build a sharing economy, where crowdsourcing and shared rides via taxi apps are the norm. These customers are more comfortable with technology, and operators should reflect this digital self-reliance by packaging their services in ways that promote self-service support.

These data-free generalizations about ‘youth customers’ manage to be blindingly obvious, wrong, and patronizing at the same time. Plenty of young women have enough sense to question the desirability of sharing car rides with strangers. Anyone who engages in crowdsourcing would know the rise in its popularity obscures the reality that only a small minority contribute to crowdsourced projects, meaning it is far from being a norm for most people. Self-service is nothing new, and has been the way forward for customers of all ages. And what is EY’s recommendation, except that telcos should ‘package’ their services in ways that customers like? That observation is so insipid that it is impossible to imagine somebody making a better decision as a result.

The report was seemingly written by a global team, which makes you wonder if the Indian partners who contributed would advise their own daughters to download apps so they can share more car rides with strangers. The advice has been so homogenized to reflect an idealized global market that it contains no observations which might be pertinent to a specific telco’s circumstances. You might want to read the report anyway, but my conclusion is that its vague findings are more likely to muddle readers than help them to think clearly. If you are kept busy by managing real risks, my recommendation is not to waste any time by reading EY’s report. However, if you want to check for yourself, you will find the report here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.