|
IV. Principles and Guidelines
The the execution of revenue assurance is a
responsibility similar in scope and trust to
that of any other financial assurance profession
(like auditing or financial reporting). For this
reason it is critical that our members subscribe
to a code of ethics that assures that the work
that they do, and the findings that they report
can be trusted. The GRAPA principles and
ethics statement summarizes these areas of
concern. The core principles describe the
foundational concepts upon which the practice of
revenue should be based. These include:
A. Consensus
It is primary objective of the revenue
assurance team to promote cooperation between
the operational teams involved in each of the
different aspects of revenue management,
accounting and delivery. Revenue assurance
should be a vehicle for collaboration first and
foremost. The goal of RA is to create a solution
that involves the consensus of all parties
involved. RA is not an internal audit or
policing function, it is a problem solving
function and most problem solving requires the
willful cooperation of all parties involved in
the problem.
B. Integrity
All revenue assurance activities are to be
performed with a primary focus on the integrity
of the activities performed. Integrity includes
the integrity of relations with other managers,
the integrity with which the job is conducted
and the integrity of the findings and reporting
utilized.
C.
Rationalization
All revenue assurance activities should be
based on the principle of rationalization of
investment. Any investment of the companies’
resources (time, money, effort) in pursuit of
revenue assurance objectives must be balanced
against the anticipated benefit in risk
reduction, revenue retention or revenue
maximization anticipated. The RA practitioner is
responsible for understanding, documenting and
assuring the rationalization of all investments
and decisions.
Every revenue assurance decision requires
that a balance be struck between the degree of
risk mitigated and the cost of accomplishing
that degree. The revenue assurance team will at
all times be aware of this tradeoff and make the
rationale and criteria for making those
decisions clear.
D. Delegation of
Responsibility for RA
It is not the job of the RA Professional to
insist that they do all of the RA job. The
overriding goal of the RA professional is to
make sure that the RA job is performed with
integrity with a goal of maximum effectiveness
for minimum cost.
The directive to accomplish maximum
effectiveness for minimum cost means that the RA
manager will work with other departments
(operational teams, operational managers,
internal audit, I/T and other groups) and
encourage the development of solutions, and the
allocation of responsibilities in a manner that
makes the most sense for the entire
organization.
E. Corporate
Responsibility
It is the responsibility of the revenue
assurance practitioner to stay alert for and
aware of any and all risks to the revenues of
the firm and well as to any assets of the firm
that are involved. The RA practitioner will
always and without fail report any serious risk
of loss to the appropriate agencies or
authorities whether it is directly within the
scope of the RA persons responsibilities or not.
F. Competency
Requirement
Revenue assurance functions should be staffed
with those who collectively have knowledge and
skills necessary to conduct RA activities.
Outside consultants with requisite knowledge may
need to be hired to complement internal staff.
GRAPA recommends staff receive a minimum number
of hours of continuing education each year and
maintain a record of training. The RA
practitioner is responsible for conducting
activities with competence.
G. Transparency
Requirement
All RA activities are to be conducted in a
straightforward and transparent manner. All
processes and activities are to be documented
and published for review of the appropriate
persons involved. Forensic analysis techniques,
assessment reports, quantification findings,
correction and control recommendations should be
clearly documented and published in a manner
that makes the process, intention and results
clear to all parties involved.
I. Operational
Independence Requirement
Each revenue assurance professional is
responsible for maintaining independence so that
opinions, conclusions, judgments, and
recommendations will be viewed as impartial by
third parties. This includes personal,
external, and organizational impairments.
A personal impairment might be financial
relationship, and an external impairment might
be unreasonable restrictions on the time to
complete an assurance activity. To achieve
organizational independence RA organizations and
compliance professionals should report the
results of their assessments and compliance
findings and be accountable to the head of the
organization and should be located
organizationally outside the staff or line
function being reviewed or reported upon.
This helps to ensure that staff is free from
political repercussion. (Assessment and
Compliance reporting should be done separate
from the operational unit. RA teams may also
perform operational reporting as long as the
team reports to the RA team not the operational
team).
J. Responsibility and
Relationship to Management
It is the responsibility of the RA
practitioner to assess and report actual revenue
loss, potential revenue loss and to assess the
potential risk of loss due to leakage or fraud
to management.
It is management’s responsibility to review
and decide upon the degree and nature of the
mitigation of that risk (if any).
RA professionals do not choose levels of risk
or determine policies regarding how operations
should be performed or who should perform what
task. That is the responsibility of management.
K. Responsibility and
Relationship to Operational Managers and Peers
It is the responsibility of the RA
practitioner to work with and assist operational
managers with the accuracy , efficiency and
effectiveness of their operational areas. The
addressing of leakage, risk of loss or other
risk or fraud exposures are the clear and full
responsibility of the operational team in
assigned to that area.
Revenue assurance is present to assist those
operational teams but not to assume their
responsibility.
(unless at the explicit direction of top
management the RA team takes on certain aspects
of this operational responsibility).
L. Maximum Effect for
Minimum Cost
It is the responsibility of the RA
professional to always attempt to attain the
maximum impact (in terms of the reduction of
revenue loss, risk of loss or other objective)
for the minimum investment. The best cost
solution is always preferred.
M. Responsibility and
Relationship to Related Departments
It is the responsibility of the RA
practitioner to work with and assist the people
responsible for Internal Audit, Business Process
Reengineering or any other staff discipline
which might overlap with the scope or RA. The
objective of RA is to attain maximum impact for
minimum cost and if the related department can
do the job (Forensics, Controls Management,
Compliance and Corrections) better, faster or
more efficiently, then it is the responsibility
of the RA practitioner to do everything possible
to help that group to accomplish those
objectives.
N. GRAPA
Inter-organizational Principles (Review)
Under the GRAPA standards, it is the
responsibility of the Revenue Assurance
practitioner to assess and report on the risk of
revenue loss, or the extent of revenue loss
suffered within a particular operational area as
directed by management , and in cooperation with
the operational manager responsible for the area
under review.
Based upon these guidelines, the following
conclusions ensue:
- It is the job of RA to assess risk and
loss only in areas where management has
directed it to. It is not the job of RA to
look for risk without this direction.
- It is the job of RA to report the risk
of loss, but it is NOT the job of RA to
recommend or enforce a particular level of
loss. The appetite for risk, and the level
of acceptable risk is a parameter set
explicitly by the management team.
- If so directed, the RA team can be
commissioned with responsibility to
investigate, develop and promote
recommendations for the reduction of a risk
exposure from its current level, to a level
set by management.
- The RA team will only be involved in the
assessment of risk and loss in areas where
the manager responsible for the operational
area in question has agreed to cooperate. We
believe that it is impossible to accurate
assess risk , report risk and remedy risk
without the full commitment of the
operational management team.
- The RA team can be invited by the
operational manager, or by top management to
proactively and aggressively assist the
operational manager in the assessment of his
risk exposure and in the development of a
coverage plan.
- Coverage plans and the institution of
new controls must be approved by operational
managers and top management before they are
to be executed.
- Primary responsibility for the execution
of a coverage plan and implementation of new
controls will be the responsibility of the
operational manager.
- The RA team may assist or execute a
coverage plan at the request of top
management and/or the operational manager.
Compliance reporting will be developed as
part of the coverage plan, and all ultimate
compliance and risk/loss reporting will be
managed by the RA team, separate from the
operational area
|
