Our Alder solution explained

Risk management:

Risk management involves understanding, analyzing and addressing risks to make sure organizations achieve their objectives. Proper risk management is an integrated and joined up approach to managing risks across an organization and its extended networks.

Risk management is about ensuring that the business really understands its risks, and then mitigates pro-actively.

The focus should be on risk mitigation and not just on risk evaluation. Risk mitigation covers efforts taken to reduce either the probability or consequences of a threat.

Risk registers in general:

A Risk Register is a tool for documenting risks, and actions to manage each risk. A Risk Register is essential to the successful management of risk. As risks are identified they should be logged onto the Risk Register as well as the actions to first analyze and then respond to the risk.

A Risk Register is an important component of the overall risk management framework. It can be viewed as a management tool for monitoring the risk management processes. A Risk Register is used to identify, assess, and manage risks down to acceptable levels through a review and updating process. The purpose of a Risk Register is to record the details of all risks that have been identified along with their analysis and plans for how those risks will be treated.

Intellectual property has both value and risk:

By its very nature, there are both rewards and risks associated with IP. For anyone involved in IP, then IP related risks are part of working life.

Any business professor will tell you that the value of companies has been shifting markedly from tangible assets, "bricks and mortar", to intangible assets like intellectual property in recent years.

Research has indicated that intangibles now account for about 80% of the total value of many companies. There is no data available on the scale or size of the risks associated with IP facing companies, but one can assume that it is significant.

IP risks:

Any company faces a variety of IP related risks, some foreseen others unforeseen. I have yet to meet a company who does not have one or more IP related risks to consider.

Not all IP related risks are the same and they may be broken down into a variety of different categories, such as the form of IP involved (e.g. patents, trademarks, copyright, trade secrets, etc.); the impact and probability of the risk; the source or origin of the IP related risk; the date when the risk is likely to materialize; the IP activity impacted; the geographical nature of the IP risk; whether they are generic or specific in nature; the group or sub-group most impacted by this risk in the organization; etc.

IP litigation is a threat to all businesses, large and small but it is by far not the only form of IP related risk. There are indeed many different types of IP related risks that a company may face.

Examples of IP related risks:

Here are some IP related risks taken from the IP Risk Register of one particular company (data modified to hide the identify of the company).

• Risk of theft of the epoxy coating process trade secret
• Copyright issue with images on the Betta web site
• Standards Setting Organization changing their IP policy with respect to Standard Essential Patents
• Digital thermometers - counterfeit products reported by Southampton Customs
• Trademark issue with Product Gamma in foreign language jurisdictions
• Domain name issues with Product Yugi with new extensions
• Inventor dispute with University of Cobh
• Concerns about Feature X on Product Yugi possibly infringing 3rd party patents
• Concerns about Trademark issue with Project Delta from Music sector
• Assertion letter received from Pia Licensing Non Practicing Entity
• Issue with the IP provisions in Collaboration Agreement with Pear

IP risk management:

IP risk management is a practice that deals with processes, methods, and tools for managing IP risks in a project, business unit or organization. It is initially about the identification, assessment, and prioritization of IP related risks followed by the coordinated and cost-effective application of resources to reduce or eliminate the probability and/or the impact of these IP related risks to the organization.

IP risk management involves understanding, analyzing and addressing IP related risks to make sure organizations achieve their objectives. Proper IP risk management is an integrated and joined up approach to managing IP related risks across an organization and its extended networks.

IP risk management is about ensuring that the business really understands its IP related risks, and then mitigates pro-actively. The rationale for this may be driven by the need for freedom to use technologies already in use or being considered for use in the company’s products, but there are many other reasons why businesses need to take IP risk mitigation seriously.

The focus should be on risk mitigation and not just of risk evaluation. Risk mitigation covers efforts taken to reduce either the probability or consequences of a threat. Risk mitigation efforts may range from physical measures to financial measures.

The IP Risk Register:

The IP Risk Register is much more than just a simple list of IP related risks. It is much more sophisticated than that. The IP Risk Register will also contain IP risk metadata.

An IP Risk Register should ideally also log the actions to analyze these IP risks and the actions to mitigate these IP risks plus metadata associated with these actions.

It should also contain a document management component to help track the various documents associated with IP related risks, IP risk analysis actions and IP risk mitigation actions. Metadata associated with these documents should also be logged into the IP Risk Register.

A cost module should definitely be included, to help track the costs associated with the IP risks if and when they materialize and the costs associated with the actions to first analyze and then mitigate these IP risks.

Good search and reporting functionality should also built into the IP Risk Register if it is going to be a truly value adding IP management tool.

IP risk heat-map:

An IP risk heat map is used to present the results of a risk assessment process visually and in a meaningful and concise way. It is a simple yet extremely powerful visualization.

The development of an effective heat map has several critical elements – a common understanding of the IP risk appetite of the company, the level of impact that would be material to the company, and a common language for assigning probabilities and potential impacts.

IP risk profile is not static:

It is almost certain that the intellectual property risk profile of companies is changing, sometimes quite dramatically.

The nature of the IP risks facing companies is different yesterday, today and tomorrow.

The nature of a particular IP risk may be defined by the form of IP involved, the source of the IP risk; the impact & probability of the IP risk; the proximity date of the IP risk, etc.

It is therefore important that the IP Risk Register is capable of tracking how the IP risk profile of a company is changing over time

Where is this IP Risk Register located?

Typically the IP Risk Register will be located within the in-house Legal / IP function and operated by people within that function. Given the nature of some IP related risks, access to and access control of the IP Risk Register are crucial issues for consideration.

However there are a number of Legal and IP Firms who have designed, developed and deployed an IP risk management service offering for their operating company clients and these Firms locate and operate the IP Risk Register within the Firm but on behalf of their clients.

Final thoughts:

An IP Risk Register is a crucial tool to support the IP risk management process. A robust fit for purpose IP Risk Register which underpins the IP risk management process is key. A good IP Risk Register helps ensure that the process is an efficient and effective one. It can improve data integrity as well as better support how IP risks are articulated and reported. It should be easy to install, easy to configure and easy to take into use, otherwise there is a great danger that the system become a ‘white elephant’.

As stated initially, IP related risks are an issue of concern for most businesses. It is therefore critical that the company’s IP Risk Register is fit for purpose, ensures the effectiveness and efficiency of its IP risk management process, brings great value to those using the system, allows the user to convert the IP risk related data contained therein into information, and ultimately helps add value to the business.

Donal O'Connell is the Managing Director of Chawton Innovation Services Ltd.

More details of the company's Alder IP Risk Management Tool are available on request.