Book review: Demystifying communications risk
Demystifying Communications Risk: A guide to revenue risk management in the communications sector.
Mark Johnson (Gower: 2012).
In telecommunications, just as in banking and retailing and most other businesses as far as I can tell, fraud is an ever present cost of staying in business and managing that fraud down to acceptable levels is one of the most important roles of operational management. That's easy to say, but hard to execute. I picked up Mark Johnson's "Demystifying Communications Risk" (recently published by our friends at Gower) by Mark Johnson from The Risk Management Group hoping for a few ideas on this front and I wasn't disappointed. I'm not an expert on the operational management side of telecommuncations, but I think for someone entering the field Mark's layout, examples and checklists combine to make the book a very useful starting point.
The overall message of the book, for me, was (as always) isn't hackers who are the problem, but the staff. Here I found Chapter Four the most relevant. It is fascinating discussion on managing insider fraud, written by Nick Mann of Nick Mann Associates, which shows just how hard this is, partly because of the variety of the frauds and partly because of the statistics. Basically, most employees are potential fraudsters! He gives a case study of an internal fraud that was uncovered after $6 million in losses, yet not a penny was recovered., highlight the point that prevention is better than cure. Actually, I thought Michael's use of specific case studies was very helpful throughout the book and in some cases very surprising (for example, the clock drift on a switch leading to incorrect rating). I found his discussion of prepaid frauds especially interesting, partly because they are so simple and partly because I think the growth in prepaid will continue over the coming years.
I rather liked Michael suggestion of a risk management "dashboard" of relevant key performance indicators. We do a lot of risk management work in the digital money and digital identity fields, and help clients to devise and implement appropriate countermeasures, and I will be certainly using the dashboard idea in the future.
Mark covers many of the areas that will be familiar to risk management practitioners including computer and communications security, countermeasure return on investment and revenue assurance control points but he also introduces management techniques that strike me as being pretty helpful to newcomers (looking at risk strategy as the interconnection between risk management cycles, for example). I think he will open many people's eyes to some wholly new categories of risk that will need managing in the modern communications service provider. He gives over a whole chapter to the specific headache of dealing with anti-money-laundering and anti corruption controls that are unfortunately part of the customer billing and management world now: a very valuable summary.
All in all, this book distills a great many years of practical experience in a presentable and practical form and is sure to be useful to those entering the realm of revenue management.
In the future, everyone will be famous for fifteen megabytes