I promised myself I would be presenting at fewer conferences this year. It takes a long time to write good new material and I do not believe in accepting an invitation to speak unless I have something new to say. However, I will be in London on 9th May to talk at IIR’s Global Forum on Telecoms Internal Audit, Risk Management and IT Controls. For those of you who cannot wait, you can now see see a sneak preview of my slides on the downloads page.
The reason why I accepted this particular invite was the same as it usually is: I wanted to say something that I felt should be said but rarely does. If you ever go to a conference with a title involving audit, risk and controls, and listen to a speaker from the revenue assurance community, you may enjoy what they say, but you may not notice what they do not say. The average revenue assurance speaker usually fails to talk about audit, or risk, and often fails to talk about controls. So I got it in my head after reading a risk management study from Deloitte to discuss the link between revenue assurance and risk. My particular motivation came from observing that most people who do revenue assurance see it as a special and stand-alone discipline, whilst good risk management is about avoid a silo mentality. So what gets described as revenue assurance best practice often conflicts with risk management best practice. This can easily happen where you find people working in each silo with no overall boss that forces them to integrate what they do. Fortunately, going to the conference I am lucky enough to be able to talk first-hand about one example of revenue assurance best practice that highlights the limits of putting revenue assurance into a silo. The revenue assurance maturity assessment, due to be published soon, identifies silo-based revenue assurance as an intermediary stage in its development. To reach the highest levels of maturity the activity of revenue assurance has to grow beyond the confines of a silo and be fully integrated into the business. In turn, the nature of revenue assurance changes to become an element of enterprise-wide risk management. I know that will not be a popular or welcome message for some, especially those interested in building empires or fighting turf wars. But it needs to be said. If integrated risk management is not the destiny of revenue assurance, it can only be because businesses fail to take a holistic approach to risk. The operational risks within the scope of revenue assurance are not a special case. They need to be assessed and measured alongside all the risks the business faces.