Risk Management in Telecommunications

News:

Press Releases

Features & Articles


	Industry Automotive Aviation & Aerospace Cable Chemical Communications Construction Design Education Energy Entertainment Environmental Financial Institutions Forest Products Health Care Hospitality & Gaming Infrastructure Life Sciences Manufacturing Marine Media Mining, Metals and Minerals Power and Utilities Public Entities Real Estate Retail Sports Technology Telecommunications Marsh 2010 National Oil Companies Conference Information Web Site Choose Your Risk Issue Risk Business Continuity Management Business Interruption Captives Casualty China Climate Change Corporate Governance Crisis Management Directors & Officers Liability E-commerce/E-business Econmic Downturn Emergency Response Planning Employment Practices Liability Environmental Floods Hurricanes Intellectual Property Mergers & Acquisitions Natural Hazards Pandemic / H1N1 Flu Political Risk Product Liability Product Recall Professional Liability Property Supply Chain Surety Tainted Drywall Terrorism Trade Credit Workers' Compensation Wrap-Ups YOUR INDUSTRY		RISK ISSUE		MARSH WEB SITES	Printable Version

Communications, Media & Technology Reading Room

Risk Management in Telecommunications

Introduction
Marsh has gained considerable experience by working with numerous telecom operators world-wide.   This unique insight has enabled us to formulate a strategy which is intended to maximize the contribution of the company's own resources whilst utilising those of Marsh to best effect.   It is our experience that whilst operators will "risk manage" at an operational level by the design of telephone networks in order to provide a reliable service to its customers and address commonly identifiable threats such as fire, safety and security issues, it is our finding that procedures or standards are often applied on a blanket basis irrespective of the level of risk presented nor do these reflect experience either nationally or internationally.   This means that scarce resource is often diluted, leaving critical areas of the business unduly exposed whilst less important facilities enjoy enviable levels of attention.   It is Marsh's aim to assist in targeting risk management to produce the most effective control of risk within the company.

The Marsh Approach
In order to commence this process, it is felt the company needs to assess the relative likelihood and impact of a series of threats to its business.    Marsh recognize that it is the "services" that the company provides, that is the important issue rather than acting as custodian of a considerable asset base. Consequently any evaluation of impact must include an assessment of those effects which often cannot be measured in clear financial terms.   Customer confidence, the opinions of legislators, the use made of incidents by competitors are some of the range of social, commercial, political and occasionally national security issues which must be considered.   The importance is that the company set its own judgement criteria rather than follow those imposed by an external authority such as insurers, who will usually focus solely on the financial loss.   It is important when balancing cost of risk with the cost of risk reduction measures, that the true picture is used in any decision making process.   Where the company have self-insured risks they will need to evaluate the total cost to ensure the risk control measures or acceptance levels are both appropriate and effective.
Marsh's experience allows it to recognize that the sheer size of a national network means that no external consultant could hope to provide an overall risk management auditing function.   Our intention is to reduce the risks presented by utilising the company's main asset in this battle; its staff.   They are not only quite often the cause of but are also the solution to many problems.

Consequently Marsh's approach would be:

The formation of a Risk Management Committee or Council with authority drawn from the Director General. Representatives from all areas of the business; networks, sales/marketing, information systems, real estate as well as those normally associated with "risk management", finance, legal and personnel and organisation. The in-house fire, safety and security functions would also be involved as well as the risk management and insurance department. The primary role is that of risk identification and evaluation based on a total cost of risk concept.
The risk management committee would be responsible for the preparation of relevant company standards, practices and procedures. These should reflect a risk ranking or grading methodology particularly where asset protection is involved. This will combine severity, frequency and also the business impact referred to above in order that the controls put in place are relevant and appropriate.
Training and instruction of staff will be essential at local level in order to reduce not only the high frequency/low severity incident which can be identified by an analysis of the company's own experience and incorporating national or international experience but also to ensure that measures put in place to control potential catastrophe risks are not negated by poor local practices or communications. Systems should reflect the management of the risk as well purely physical aspects which may be beyond local control.
Undertaking regional/national audits to ensure that practices and procedures are being implemented, remain valid and also continue to reflect the true risk grading of the facility. Training and instruction for the staff to undertake these audit procedures is also a pre-requisite. At a corporate level Marsh's international experience would assist in establishing benchmarks to ensure company standards reflect the industry.
Utilising a risk grading approach and this audit of risk management on a regional or a functional department level can be incorporated into a premium apportionment model in order that those who effectively manage risk can be recognised.

There are several specific issues which Marsh have highlighted in other exercises :

Network operations often refer to restoration plans, resilient networks, and redundancy. It is our experience that these plans are usually designed to address the fairly frequent disruptions caused by equipment failure; rarely do they adequately address the catastrophe level incident presented by, for example, a serious fire.   Furthermore the risk profile of the industry has changed significantly with the move from dedicated technical buildings in the electro-mechanical age to multi-occupancy premises housing network equipment with other company departments and occasionally third parties.   All of these factors have an impact on fire, security and health and safety issues which require to be factored in to any risk assessment.
In order to formulate adequate disaster recovery plans as opposed to simple contingency or restoration plans, it is essential that the incident is both relevant and fully evaluated less plans fall short of requirements.
Marsh also recognised that a telecommunications company consists of far more than the network of exchanges and transmission media.   Offices, data centres, technical service centres, warehouses, customer service centres, the vehicle fleet and perhaps its most important asset, its staff, all present specific risk issues.   With such a wide dispersement throughout a country, risk issues related to the community, customers and in some cases suppliers must all be factored into any equation.   However, once the operator moves into the international arena, particularly where joint ventures are involved, the range of threats to which it is exposed and the potential to control them varies considerably.   Marsh's worldwide experience is a valuable asset in the risk management of these situations.

Conclusion
Reflecting Marsh's integrated approach to risk management means that the impact evaluation of a particular incident will not only ensure appropriate disaster recovery and crisis management plans have been involved but should the business still consider that the effects are unacceptable, then can be reflected in enhanced levels of 'risk control' in order to mitigate the incident to an acceptable level.   The evaluation in purely financial terms will assist in the development of appropriate risk financing methodology.   One of Marsh's strengths is its understanding of the financial organisation almost unique to telephone operators and therefore its involvement in such evaluations will be of great assistance.
It is always Marsh's intention to act in a pro-active manner.   Therefore risk evaluation at the project planning stage can highlight where the company is potentially creating an unacceptable exposure. This allows risk control by avoidance, duplication, physical control or recovery planning to be implemented at this most effective of stages.
Large, diverse enterprises can have internal problems of communication and occasional conflict over responsibility.   For example it is common for one department to be responsible for the design and construction of facilities, for another to operate and for a third to provide maintenance.   This can lead to measures incorporated to control risk at the outset being negated by poor practices during its lifetime or maintenance procedures. Alterations and changes are often not reviewed against the original specifications and consequently the reasoning behind safety measures is overcome or simply forgotten.
Marsh believes that this cross company-communication is vital to ensure that the cost to the company is minimised and also an acceptable, recognised level of risk is maintained at all times.   Our involvement whether by project review, site audit or training can greatly assist any company.

The Marsh Advantage
Marsh's expertise incorporates the ability to provide the following services to meet the client's risk management needs:

Risk identification across all disciplines.
Risk Evaluation against clear business driven parameters.
Development of risk ranking methodologies
The preparation of risk control standards or manuals reflecting a company's own experience as well as national or international standards.
Development of audit procedures for local or national implementation.
Review of risk control practices to ensure audits are effective and relevant.
Training programmes.
Use of Risk Management Information Systems for, inter alia, incident loss reporting, recommendations monitoring, "what if" analysis.
Risk review of projects.
Development of relevant Disaster Recovery and Crisis Management plans.

Incorporating the aforementioned risk audit and risk control practices with the use of software packages for the analysis of incidents and losses should ensure that risk management programmes can be measured year on year to ensure that resources show a measurable benefit.

The incorporation of risk evaluation into generic and site specific disaster recovery and crisis management plans utilising software packages to manage the large amount of data and constantly changing situation of the modern telecommunications industry would also prove likely to be of great benefit to company. It is particularly true where plans are required to be updated to take account of alterations in occupation again a common feature in modern telecommunications industry.

Overview

Reading Room



	Home \| Terms & Conditions \| Privacy Policy \| Site Map	Copyright © 2010 Marsh Inc.