IP strategist: IP risk management: a case study
Risk is the chance of something going wrong, causing damage or loss; but many companies ignore IP risks and react only once the risk has materialised. In most cases this is too late to mitigate cost effectively
IP risks are significant because the value of companies has been shifting markedly from tangible to intangible assets in recent years. Many assume that IP risks originate from competitors. In fact, they also arise from the actions of one’s own people and suppliers, partners, distributors and customers. In addition, risks can arise from changes to government policy and assaults by non-practising entities; while hackers and counterfeiters add to this complexity.
The most obvious risk is that a business infringes a third party’s IP rights. However, there are also risks associated with:
- ignoring potentially valuable intellectual property by defining intellectual property too narrowly;
- disadvantageous IP terms in agreements;
- publication before protected;
- use of open source software;
- membership of standards groups;
- open innovation initiatives;
- the use of subcontractors;
- IP licensing;
- IP theft by employees;
- trademark disputes; and
- trade secrets leakage.
IP risk management involves processes and tools. It is initially about identification, assessment and prioritisation, followed by the coordinated, cost-effective application of resources to reduce or eliminate the impact of these IP risks.
Its aim is to ensure that a company achieves its objectives. It must be proportionate to the complexity and type of company and deployed as an integrated, joined-up approach to managing such risks. A business needs to understand its risks and mitigate proactively. The focus should be on risk mitigation and not just risk evaluation. Risk mitigation covers efforts taken to reduce either the probability or the consequences of a threat.
This case study is of a medium-sized enterprise active in hi-tech. The company has been operating since the 1990s and now operates worldwide. The following is an account of its transformation of IP risk from reactive to proactive and includes comments on the complexities encountered.
The legal and IP team was skilled, but small; it clearly had more work than people and was under intense pressure. A first analysis identified the following challenges;
- an overly narrow definition of intellectual property when compared to the company’s products;
- little understanding of the diversity of IP risk;
- no IP risk management process;
- little understanding of potential IP risk mitigation solutions;
- challenges with the categorisation of IP risks;
- difficulties in articulating IP-related risks to C-suite executives; and
- no IP risk management governance.
The team had operated in a reactive mode best described as firefighting, with emergency allocation of IP resources to deal with unforeseen IP problems. Team members assumed that the fires were unpredictable and had to be put out immediately.
The company secured an IP risk management software package and initiated an IP risk management process in early 2015. It accepted that the process and tool would not magically solve all of its IP risks, but that it would help the company to improve risk mitigation. The selected tool was easy to install and use and was taken up within days of installation. Today the company’s IP risk management process had the following phases: identification, analysis, review, mitigation and monitoring.
The general counsel also initiated work on education and governance because he recognised that these act as bookends, keeping everything in place.
The company chose a phased approach rather than a ‘big bang’ when switching from reactive to proactive actions. The first phase focused on the proactive management of a single IP category, namely trademark risks. This allowed the company to stress test its processes and tools in a controlled manner and to optimise where needed.
The second phase was to gather all historical IP risks from various parts of the company and a variety of repositories, including knowledge in people’s heads, in emails and in different systems. Some additional people were hired to assist during this phase to help gather all of this historical data and ensure data integrity.
Finally, the team applied the IP risk management process and tool to all IP risks, making this the de facto approach for managing such risks across the entire organisation.
“IP risk management … is initially about identification, assessment and prioritisation, followed by the coordinated, cost-effective application of resources
The most striking benefit was getting IP risk management under visible control and effectively articulating IP risks to C-suite executives.
The number of IP risks did not decrease, but rather increased during the early stages of this change project because latent problems were discovered earlier. In these cases the team had more time to analyse risk and to explore and plan a greater variety of IP risk mitigation solutions.
The team was now more prepared, better able to uncover potential problems or conflict early and able to minimise exposure. It has more flexibility, time to see the big picture and to understand the long-term implications. Importantly, it could plan to solve or mitigate problems rather than firefight.