Wednesday 15 April 2015

IP risk management: process and system

Recently the IP Finance hosted a guest post from Donal O'Connell (Managing Director, Chawton Innovation Services Limited) on the assessment of suppliers from an IP perspective (here). We are pleased to host another piece from Donal, this time on the risk management process, which contains several useful bullet-points and checklists for anyone concerned in the assessment of risk and who then has to decide whether, and if so what, to do anything about it. This is what he writes:
IP Risk Management: Process & System

Risk is the chance of something going wrong, and the danger that damage or loss will occur, whereas risk management is the process of analysing exposure to risk and determining how best to then handle such exposure. Risk mitigation means that you do something about it. By its very nature, there are both rewards and risks associated with intellectual property (IP). This paper explores the IP Risk Management process and how the right system or tool can help underpin this process.

IP Risk Mitigation

IP risk mitigation is about ensuring that the business really understands its IP related risks, and then mitigates pro-actively. The rationale for this may be driven by the need for freedom to use technologies already in use or being considered for use in the company’s products, but there are many other reasons why businesses need to take IP risk mitigation seriously.

The focus should be on risk mitigation and not just of risk evaluation. Risk mitigation covers efforts taken to reduce either the probability or consequences of a threat. Risk mitigation efforts may range from physical measures to financial measures.

IP Risks

The obvious IP related risk is that a business may infringe the IP rights of a 3rd party. However, there may also be IP related risks associated with (among other things)
• Having too narrow a definition of IP, and ignoring potentially valuable IP assets

• The IP terms and conditions in some development or commercial agreements with 3rd parties

• The publishing activities of the business

• Embracing open source software

• Being involved in certain interoperability standardisation activities

• Getting involved in some open innovation initiatives

• The use of subcontractors

• One's own IP out-licensing program
To help readers conduct risk assessment in a structured manner, I suggest that there are a number of specific areas which need to be analysed when considering IP related risks, and from where IP related risks may originate...
• The activities of your own company and its people

• The activities of entities within your company's own eco-system (suppliers, partners, distributors, customers)

• The activities of one's competitors

• The activities of other entities such as NPEs

• The activities of illegitimate entities such as hackers and counterfeiters
IP Risk Management Process

A process is an interrelated set of activities designed to transform inputs into outputs, which should accomplish your pre-defined business objectives. Processes produce an output of value, they very often span across organisational and functional boundaries and they exist whether you choose to document them or not.

A process can be seen as an agreement to do certain things in a certain way and the larger your organisation, the greater the need for agreements on ways of working. Processes are the memory of your organisation, and without them a lot of effort can be wasted by starting every procedure and process from scratch each time and possibly repeating the same mistakes.

At a very top level, the IP Risk Management process involves the following key phases:
• Identification

• Analysis

• Review

• Mitigation

• Monitoring
IP Risk Mitigation Techniques

There are a variety of IP risk mitigation techniques available, but of course their effectiveness will vary from one business to another.

Some of the IP risk mitigation techniques are listed here, but this list if not exhaustive by any means …
• Leveraging technical cooperation with others

• Using Standards with fit for purpose IP policies

• Obtaining indemnities

• Participating in patent pools

• Licensing IP

• Designing around

• Finding prior art to invalidate 3rd party IP

• IP acquisition

• Taking out IP insurance
It is important that a company builds up a good understanding and appreciation of the various IP solutions which exist, and if and when they should be deployed. 
IP Risk Management System

“Good Risk Management fosters vigilance in times of calm
and instils discipline in times of crisis.” Dr. Michael Ong 

An IP Risk Management System is only part of the solution. I suggest that the components of a good IP risk management solution are as follows:
• IP and IP related Risk awareness and education

• IP Risk Management process

• IP Risk Management system / tool

• Data (IP related risks, actions, documents, reports)

• IP Risk Mitigation solutions

• IP Risk Management resourcing (people, budget)

• IP Risk Management governance
 
With Awareness and Governance being like the bookends, keeping everything else in proper order. That said, a good IP Risk Management System helps ensure that the process is an efficient and effective one. It can improve data integrity as well as better support how IP risks are articulated and reported.

IP Risk Management Tool

A Risk Management Tool is commonly used in business in such areas as project management and organisational risk assessments. It acts as a central repository for all risks identified and, for each risk, includes information such as risk probability, impact, counter-measures, and risk owner and so on. It can sometimes be referred to as a 'risk register' or 'risk log'.

An IP Risk Management Tool is no different and is an essential tool to be able to manage this particular risk area. It initially provides a way to articulate the various IP related risks in a very structured manner. It then acts as an important tool for the ongoing management of these IP risks.

 
Typically an IP Risk Management Tool should contain...
• A description of the IP related risk

• The impact should this event actually occur

• The probability of its occurrence

• Risk score (the multiplication of probability and impact)

• A summary of the planned response should the event occur

• A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)

• Links to any associated documentation
 
In a "qualitative" risk tool descriptive terms are used: for example a risk might have a "High" impact and a "Medium" probability. In a "quantitative" risk tool the descriptions are enumerated: for example a risk might have a "$1 Million" impact and a "50%" probability.

A clever feature is to allow some calibration of the tool as different levels of impact and probability will differ from one company to another

 
Final thoughts

The skills needed to succeed with IP risk mitigation do not match exactly those needed to be successful with the other key IP processes, such as IP creation, IP portfolio management, IP exploitation and IP enforcement. The mind-set is just different for those charged with IP risk mitigation.

Who should be interested in IP Risk Management? Anyone…
• Operating in an IP litigious environment

• Coming up for exit or listing

• Anxious to get IP risk management under control

• Whose executive management team are demanding visibility of IP related risks

• Experiencing major business changes

• Facing a major IP risk and realising that they are unprepared

• Interested in proper governance of IP
Finally it is important not to underestimate or exaggerate the risks associated with IP. As IP relates to innovation and creativity, it can sometimes be an emotive subject and some care is needed.

“When dealing with people, remember you are not dealing with creatures of logic, but with creatures bristling with prejudice and motivated by pride and vanity.” ―Dale Carnegie
Graphics in this blogpost are all taken from the Alder IP Risk Management Tool

Readers might want to add some further bullet-points and observations of their own, providing an even more useful asset for anyone coming to the subject for the first time or seeking to improve an existing perspective on it.

No comments: