Last year I reviewed release 15.5 of the TM Forum’s enterprise risk management (ERM) standard and concluded it was an unusually useful document for those who manage risk at the top of a telco. Instead of trying to duplicate the contents of the better-known global ERM standards, the authors from Detecon broke down the key risk areas for telcos, effectively creating a checklist for all telcos to work through. Somebody in the telco needs to be responsible for each risk area described in the standard; this helps to clarify if the business is really managing its risks or just hopes that nothing will go wrong although nobody is paid to care. This year the same authors have revised the standard, which maintains the tradition of painful TMF names is continued with the release of the GB921R Enterprise Risk Management R16.5.0 Standard. Whilst there are no major changes to the breakdown of risk areas, each is now explained with a workflow diagram. Bravo! Users can hence use the document to help them review risk management at two levels: checking that someone in the organization takes responsibility for BCM, security, fraud management and so on, and also comparing the activities performed by the responsible team or individual to the steps outlined in the standard’s generic workflows.
Praise should go to lead author Jawahar Sajjad and his colleagues, who have done a fine piece of work. I recommend TM Forum members download the document and ensure that their telco is doing all the forms of risk management it describes. GB921R Enterprise Risk Management R16.5.0 Standard is currently made available for evaluation by TMF members, and the deadline for that evaluation is 1st June 2017. TMF members can download it from here.