Risk Professionals: Hang Together, or Hang Separately

"We must, indeed, all hang together, or most assuredly we shall all hang separately" - Benjamin Franklin.

What do these things have in common?

• Insurance
• Fraud Management
• Audit
• Business Continuity Management
• Revenue Assurance
• Security

Is it:

1. They all have something to do with managing risk?
2. They are all subgroups that sit within Enterprise Risk Management (ERM) per the eTOM?
3. Not much?
4. Communications Providers had better do them well or suffer terrible consequences?
5. All of the above?

I know that (1) and (2) are true. They are all vital components of managing risk, and they do sit within the Enterprise Risk Management grouping in the eTOM. I also know (4) is true. A business that fails with any of these areas is putting itself in danger. The adverse impacts are measured in terms of lost revenues, lost assets, higher costs, faulty processes and ultimately a reduced bottom line. All of these disciplines face challenges in showing the cost-benefit arguments for what they do, especially as the benefits only become easy to measure after something went wrong, and are easy to ignore when things go well. They all compete for limited time and attention of executives, yet they all need executive support and buy-in. There are linkages between the tasks too. Security vulnerabilities can lead to interruptions in service and hence relates to business continuity. A good internal auditor should ask if assets are adequately protected by insurance. Monitoring for revenue leaks may reveal evidence of fraud. There is a sense of a team effort needed here – but beyond that intuitive sense, how much have we done to work as a team? Perhaps (3) is true too, and that we have not done enough work to join the dots and show how these risk management silos can complement each other.

When talking about risks, we know there are many kinds. We all want to ensure our companies manage their risks. We also want a fair deal – businesses need to take risks, meaning not all risk is bad. What we want is the right amount of risk, at the right cost, for the right degree of reward. If a telco collapses due to unmanaged risks (never forget what happened to Worldcom!) that will be little comfort to the people who did a good job of mitigating other kinds of risks. Step back far enough, and all the risks become linked. Sometimes you just need to topple one domino and they all come crashing down. We also know communications providers depend on each other and their suppliers. It is little comfort to a customer if we let them down because of the failure of some other company we depended upon. To my mind, we had better work together to deal with risk, to get the right deal for everyone – customers, investors, suppliers, and our fellow employees. “Hang together, or hang separately” is a good maxim when trying to explain how to manage risk. The TM Forum is the kind of place where people can hang together, if inclined to do so. We have the Enterprise Risk Management box sitting in the eTOM’s diagram. However, more can be done to fill the blanks within that box. In response, I have encouraged the TM Forum to do just that (gulp) with the setting up of a community group focused on ERM. If you agree that we should hang together, and not separately, then come join the team!