Archive for 'Enterprise risk management.'

Intangible Assets…Prosecuting Theft – Misappropriation!

December 28th, 2012. Published under Enterprise risk management., Insider Theft of IP and Intangible Assets. No Comments.

Michael D. Moberly    December 28, 2012

An intriguing question was posed by Stuart Green, a Rutgers law professor, in a New York Times article (March 28, 2012), in which he frames in a very ‘forward looking’ manner whether the terms theft and/or stealing actually fit today’s business circumstances?  That is, when company’s most valuable assets likely to be stolen, misappropriated, or infringed, are intangible, (non-physical) in the form of intellectual, structural, and relationship capital, will the conventional (prosecutorial) definition and/or application of theft and/or stealing fit?  Or, do (will) prosecutors, to maximize court understanding, find it necessary to portray intangible assets in a tangible context?

This question, in my view, should not be misinterpreted as merely constituting an issue that best belongs in a law school lecture hall espoused as merely legal theory.  Rather, in my view, it actually underlies an important aspect to company’s ‘sustaining control, use, ownership and monitoring the value, materiality, and risk’ to their intangible assets.  In that sense, it should carry considerable relevance to the responsibilities associated with CSO’s (chief security officer), CIPO’s (chief intellectual property officer), CISO’s (chief information security officer), CTO’s (chief technology officer), CRO’s (chief risk officer), and corporate legal counsel alike.

Having developed and taught various asset protection courses in a university criminology department for 20 years, it’s widely recognized that acts of theft and/or stealing of ‘property’ have conventionally been taught and interpreted to mostly involve tangible-physical assets or property, with intangible (non-physical) assets seldom, if ever, being addressed.

I suspect some readers, particularly those in the security – asset protection profession, may find this question unnecessary, or perhaps worse, opening a much unwanted ‘legal can of worms’.

For a significant percentage of prosecutors, and presumably the music and film industries too, I assume they would prefer, and are quite willing to devote the necessary resources to ensure the relevant (criminal justice) institutions continue applying the conventional and time-honored language, i.e., (a.) an individual or entity acquires (takes) property belonging to another, (b.) without their permission, and (c.) with the intent to permanently deprive the rightful owner of its use. Or, what Professor Green and others characterize as a ‘zero sum game’.  That is, one party loses an asset (property) rightfully belonging to them, while another party gains that asset or property.

In other words, there is no significant distinction between tangible and intangible assets when it comes to theft and/or misappropriation.

However, in the current knowledge – intangible asset dominated global (business, transaction) economy in which, conservatively speaking, 65+% of most company’s value and sources of revenue lie in – evolve directly from intangible assets, it does beg the legal question; can those conventional, time-honored definitions regarding theft, misappropriation, and infringement be consistently applied to non-physical (intangible) assets, or will challenges be forthcoming?

To add complexity, but, perhaps reality to this position, Professor Green suggests, when particular types/categories of intangibles are stolen, the rightful owner is likely to retain some  use of those assets, albeit perhaps in a depreciated and/or undermined form insofar as reduced value and fewer sources of revenue.  Had, for example, music, video-based assets not been illegally downloaded, they presumably would have delivered greater sources of revenue to the rightful holder, i.e., artist, copyright holder, producer, etc.

The reality is, as readers know well, companies are producing, acquiring, and, inventing significantly fewer tangible or physical assets today in lieu of assets which are more likely to be intangible and non-physical. So how does this globally universal and irreversible circumstance mesh with the conventional perspective of prosecutorial ‘zero sum gain’ relative to (asset, property) theft and stealing?

As we know, various courts and legislative bodies have adjusted some of the conventional language found in theft and misappropriation statutes to accommodate growth in intangibles. Thus, has the time come, as Green posits, for specialized legal doctrines to be developed to specifically reflect the theft, misappropriation, infringement, and counterfeiting of intangible assets and its subset, intellectual properties, i.e., patents, trademarks, copyrights, etc.

Actually, in the mid-1960’s, some would-be reformers of criminal law became frustrated with how courts and legal practitioners were endeavoring to distinguish tangible and intangible property. One outcome of their frustration was that the American Law Institute developed a ‘model penal code’ which essentially defined property as constituting ‘anything of value.’ Personally, I remain unconvinced this was the most appropriate way to handle this problem. Admittedly though, in 1962, intangible (non-physical) assets were hardly part of mainstream business or legal vocabulary.

On a relevant note, a trust and estate attorney I met recently was asked about how she intended to address intangible assets clients had accumulated when drafting trusts, wills, or estate documents. The attorney expressed virtually no interest, nor seemingly a clue about how to identify, unravel, value, divide, or incorporate intangible assets in a will or trust other than to characterize them merely as issues which were referred to accountants, but only for asset valuation which she would accept without challenge. This perspective prompted me to wonder if this attorney was indeed operating in the 21st century, or perhaps worse, had her clients’ best interests in mind, and worse, understood intangible assets at all.

Today, of course, intangible asset intensive – driven businesses have sprouted globally, brimming with all forms of intellectual, relationship, and structural capital, intellectual properties, brands, and reputation interests, each of which play critical economic and competitive advantage roles relative to a company’s profitability, sustainability, and growth potential.  So, if intangibles are not addressed in wills, estates, and trusts, it’s quite possible there will be many opportunities for same to be contested and challenged, thereby minimizing the significance attached to otherwise well constructed documents.

So, for me, and my colleagues in the information asset protection and insider threat – risk arena, it seems, the more engaged we become in intangible assets and businesses and transactions in which intangibles are routinely in play, the more complex and broader the dilemma becomes.

This post was inspired and adapted by Michael D. Moberly from a piece authored by Stuart P. Green published in the NYT’s on March 28, 2012.

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593.

 

Privacy In Social Media Apps: A Valuable Intangible Asset…!

December 13th, 2012. Published under Enterprise risk management., Fiduciary Responsibility. No Comments.

Michael D. Moberly   December 13, 2012

The assurance of privacy for social networking apps is a valuable, competitive advantage driving intangible asset that should be integrated before launch and certainly not dismissed or squandered!

As an admitted intangible asset advocate and strategist, personal privacy, and, I mean real and consistent personal privacy, not just the sort conjured in legal ease as a ‘check the box’ prelude to joining a social networking platform, is an incalculably valuable intangible asset that unfortunately, some ‘app’ developers appear to be squandering and/or ‘turning a blind eye’ in an effort to achieve near term revenue streams.

What’s’ really being squandered when such technological indiscretions occur are consumer presumptive trust, the company’s reputation, and its relationship capital.  Each is an intangible asset, and each has significant value, but, when those assets experience erosion and/or undermining, i.e., user privacy did not appear a primary factor in the apps’ development, substantial reputational, financial, and market space losses can materialize very rapidly.

Here’s just one example, probably among thousands, which I believe goes to the heart of the issue. Parker Higgins highlighted a privacy problem in Electronic Frontier Foundations’ blog (March 8, 2012), i.e., how apps need to respect user privacy rights from the start.

In the post, Higgins’ describes a Texas developed app that facilitates, ‘ambient social networking’. Translated, that means the app runs in the background of one’s phone collecting and sharing location data, etc., and then notifies the user when your friends and/or others with shared interests are in proximity, thus, enhancing serendipitous meetings.

I am certainly not suggesting these types of apps are inherently wrong or necessarily violate the increasingly tenuous and blurred presumptions of privacy app users have some right to expect. After all, one must willingly purchase the app, therefore buyers/consumers presumably understand (are forewarned about) the apps features and its often requisite connection to other social networking sites.

As Higgins quite correctly points out though, it certainly doesn’t require much imagination to foresee how sending a steady stream of data and information of all types to a third party, that may not have a (personal) privacy or data retention policy in place, can, and therefore, as the number of users increase, will inevitably give rise to a host of potentially significant personal privacy issues, particularly when the primary target market for the apps are children.

So, I reiterate, personal privacy, presumed or not, is, in my view, an extremely valuable, yet very fragile form of intangible asset and should be treated as such.

There is no question, if I were a board member or shareholder of an app developing firm, I would make every effort to obligate management (app development) teams to consider ‘personal privacy’ as being integral, if not a fiduciary responsibility to app development and not just ‘play fast and loose’ with app privacy features, and instead incorporate it as a real (business, added value) intangible asset!

The personal privacy issues Higgins and I claim are being dismissively disregarded, bring to the forefront, as they are today, a larger problem in app development, which is, initially building and marketing a ‘minimum viable product’ only to see how it’s received by niche consumers, and then adding personal privacy features later.  But, cutting personal privacy corners that are likely to undermine the relationship capital, trust, and reputation that is essential for the app sector’s sustainability is, to be sure, much more than mere shortsightedness. As aptly noted by Marissa Levin (Successful Culture Blog) a lifetime that has become largely ‘app driven’, we also must consider safeguarding the humanity of our companies!

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593.

Business’s Tolerance For Risk To Their Intangible Assets…!

November 12th, 2012. Published under Enterprise risk management., Organizational resilience and business continuity/conti, Uncategorized. 4 Comments.

Michael D. Moberly    November 12, 2012

In my corner of the intangible asset business world, it’s quite routine to engage highly experienced, intelligent, and successful business owners and management teams who cavalierly and somewhat patronizingly, express the view that it’s impossible and far too costly to eliminate (prevent) all business risk, that is if of one wants to remain in business.

Often embedded in this perspective, is the misperception that preventing business risks equates with being overly cautious and risk averse, which some argue is tantamount to a ‘fortress mentality’ which substantially dampens any sense of receptivity to new or ‘edgy’ business endeavors.   Too, a frequent refrain is that business risks are simply too prevalent, inescapable, and asymmetric to avoid in every business dealing, absent literally building a risk prevention – adverse ‘moat’ around one’s business.

My response to such consistent expressions from management teams, c-suites, and boards is to respectfully, but objectively, introduce the notion that a business, with a substantive risk prevention-mitigation pillar is not wholly impossible, nor will it be perceived as antagonistic or incompatible to competitive and welcoming business transactions and configurations.

Some management teams, et al, quite incorrectly interpret, in my view, that the resources  necessary for creating a ‘risk moderated’ business (transaction) environment are neither practical nor feasible and, if done, would inevitably expedite business failure because it would hamper and  impede business’s engaging their strongest, most valuable, and charismatic assets, i.e., intangible assets such as intellectual, relationship, and structural capital.

I’m confident few, if any readers of this blog would agree to such a restrictive business environment.

My experience and I suspect that of many readers of this blog as well, recognize that many management team’s ‘tolerance for risk’…

  • varies considerably, even within the same sector…
  • is generally subjective, often influenced by anecdotal evidence, the products and/or services a company produces, and/or evolve from management team, c-suite, and board perceptions – assumptions about (certain) business risks fro, prior experiences, and…
  • locations of, and interactions with a company’s primary markets, i.e., countries, customers/clients, supply chains, and a host of other relevant stakeholders.

Let’s not overlook or forget the economic fact that 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability lie in – evolve directly from intangible assets today, which in most instances, a business/company has developed internally (i.e., through prudent use of its intellectual, structural, and relationship capital) or acquired and integrated externally.  So, in essence, when we address the subject of a business’ tolerance for risk, in my view, we’re really talking about how tolerant a company is relative to risks to its intangible assets!

According to Dr. Marc Siegel, a globally respected specialist in organizational resilience, there are ways to measure and assess a company’s tolerance for risk which I have added to throughout this post.  But, as readers know, sometimes all too well, measuring and assessing a company’s tolerance for risk is frequently dependent on the experiences, anecdotes, and largely subjective assessments emanating through the lens of management teams, c-suites and boards, i.e., their…

  1. experience and confidence level acquired through their familiarity with and the significance they attach to known, current, and over-the-horizon risks…
  2. ability to following a risk event through effective  risk management, prevention, and/or mitigation initiatives…
  3. organizational resilienceto sustain a robust business (transaction) environment following a significant (business) risk or disruption and consistently utilize-leverage intangible assets to achieve strong growth, profitability, and sustainability trends, i.e., policies, procedures, and practices in place…

a. to mitigate-minimize the criticality posed by certain risks (reputation or otherwise) and,

b. that would allow a business to return to a state of operational and financial and revenue normalcy in a reasonable time frame      because  it  could maneuver and apply mitigation measures to an array of risks to elevate the probability that a previously agreed  upon (accepted) level of business operational continuity is sustainable should a particular risk actually materialize.

4. recognition of core/key intangible assets, e.g., minimizing intangibles’ fragility, and vulnerability to loss and/or compromise, while   stabilizing their value, competitive advantage-reputation delivery, revenue streams, and sustaining their control, use, and ownership throughout the risk event, particularly that which is embedded in intellectual, structural, and relationship capital.

Another important and relevant inquiry I routinely pose to management teams, is how they achieved consensus regarding the acceptance and/or toleration of a certain level of risk and/or operational continuity relative to specific transactions, new ventures, strategic alliances, or other business initiatives in which risks are present and/or occur?  Interestingly, their frequent answer is again, (a.) certain levels and/or types of risk are inherent features of doing business, and/or (b.) all successful business persons are inherently risk takers.

I examine responses such as to why management teams, boards, and c-suites may be inclined to tolerate certain (business) risks and not others?  I find it’s usually because the…

  • risk is frequently subjectively assessed and/or measured to be relatively low in terms of vulnerability and probability, or the
  • perceived cost of risk mitigation exceeds potential (projected) benefits, making elevated tolerance for risk appear to be the more prudent course of action…

However, experience suggests, absent experienced and expert assessments of risks/threats, management teams and c-suites will characterize certain types/categories of business risk…

  • as being low in priority to receive prevention/mitigation resources in terms of probability
  • as being low insofar as occurrence and asset vulnerability to loss, value reduction, and/or compromise, but
  • high in criticality (adverse economic, competitive advantage effects to the company) should certain risks materialize.

But, the reality is today that, many types/categories of business risks are asymmetric, i.e., their magnitude, frequency, criticality, and speed of cascading throughout a business, should they materialize is substantial.

Therefore, for many, if not most companies, projected business opportunities come already affixed with certain levels of risk.  The objective is to mitigate risk exposures to the key-core intangible assets in play to point that management teams can proceed confidently with a particular transaction or initiative while assuming a portion of the risk with confidence and objectivity it will not spillover, cascade, or adversely affect the projected economics or competitive advantages.

This post was inspired by the work of Dr. Marc Siegel and his strong expertise in the field of organizational resilience on behalf of ASIS International.

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593 or m.moberly@kpstrat.com

Understanding Intangible Asset Value: Key To Mitigating Risks and Threats…

October 10th, 2012. Published under Enterprise risk management., Intangible Asset Value. No Comments.

Michael D. Moberly     October 10, 2012

Information asset protection programs (for companies) should be constructed to withstand the inevitable consequences of ‘category five hurricanes or Richter scale 5+ earthquakes’!

The proper starting point for achieving this level of sustainable protection is to be alert to anecdotal accountings that provide important glimpses into new techniques, methodologies, and perhaps most important of all, the players.  However, to ensure that the asset protection policies and practices address and mitigate specific and growing number of challenges, risks, and threats,  I strongly urge practitioners to take the time to become well versed in the most current and objective findings of social science research.  Too me, anything less is reckless.

But, perhaps worse, being unreceptive or unwilling to integrate relevant research( findings) in an enterprise-wide information asset protection program can be  uncannily apparent to both insiders and outsiders, serving as a global beacon, of sorts, to economic – competitive advantage adversaries that vulnerabilities exist,  they can be targeted, they can breached, and assets compromised with a high probability of success.

That readers, conveys the level of sophistication which many adversaries have already achieved and regularly hone to stay well ahead of their respective, all be it, illegal curve!

Readers’ who elect to construe these characterizations as over dramatizations, would not only be mistaken, but it likely suggests they’re simply not current about the risks/threats posed by increasingly (ultra) sophisticated and organized groups of state sponsored, independent actors, and a host of legacy free global (economic – competitive advantage) adversaries, each functioning quite effectively, efficiently, and profitably in the increasingly predatorial and winner–take-all global business transaction environment.

Integral to achieving this defensible level of information asset protection is understanding that today, 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, future wealth creation, and overall sustainability lie in – evolve directly from an array of intangible assets, most of which are outgrowths of internally developed intellectual, structural, and relationship capital and intellectual properties.

In far too many instances, however, I observe information asset protection practitioners and programs that appear to have been constructed using quite conventional  ‘infosec’  frameworks…

  • designed to address subjective, anecdotal, or one-off types of (information asset) threats, risks, or events, or
  • based on pre-conceived and outmoded notions of who the adversaries’ are, their origins, motives, MO’s, and beneficiaries (recipients) of any misappropriated (information, intangible) assets, or
  • that are country (adversary) specific.

So, in many instances, what such initiatives don’t do, or, do poorly, is to distinguish – focus information (intangible) asset protection resources on specific and/or bundles of intangible assets which…

  • elevate company or project value by delivering sources of revenue, competitive advantage, market position, reputation, and
  • serve as ‘building blocks’ for (company) growth, future wealth creation, and sustainability.

For the remainder of 2012, and for the foreseeable future, intangible assets are, I am confident, the focal points (targets) of global economic – competitive advantage adversaries and economic espionage.  Why?, because it’s the intellectual, relationship, and structural capital (know how) they’re after!

C-suites, including CSO’s, CIPO’s, CTO’s, CRO’s, and CFO’s would be well served to acknowledge the above by distinguishing their company’s intangible assets on the basis of where their company’s value, sources of revenue, competitive advantages, and ‘building blocks’ for growth and sustainability lie, i.e.,  the…

  1. Objective value the assets deliver relative to being directly linked to business operations and continuity, i.e., legal, financial, etc.
  2. Subjective value the assets deliver, i.e., that which flows from the nature and/or context of the assets, i.e., customer lists, pricing lists, relationship capital, strategic planning, new product launches, etc.

Equally essential to constructing effective information (intangible) asset safeguards is recognizing that intangibles are now, more than anytime previous time in business governance history, routine components to any/all business transactions.

Business realities dictate then, knowing precisely which intangible-information/knowledge-based assets carry the greatest value and competitive advantage, will be on most every adversary’s ‘shopping list’.

For these reasons, I recommend information (intangible) asset protection measures be framed around this key principle…the immediacy and criticality of adverse (economic, market, competitive advantage) impacts should specific risks-threats materialize.

Integral to this principle, is understanding key methodologies for valuing information-based (intangible) assets, i.e., based on their…

Fair Market Value – the price which property (ala intangible-information assets) would exchange hands between a willing buyer and a willing seller with neither being under any compulsion to buy or sell and with both having reasonable knowledge of the relevant facts regarding the assets.

  • However – in instances in which an insider acquires and sells information assets to an information broker, business intelligence operative, competitor, or foreign agent without knowing the ultimate end user, ‘fair market value’ is merely a euphemism for the highest price.

Value-in-Exchange – Considers the actions of buyers, sellers, and/or investors. It implies the value at which, in this instance, intangible (information-based) assets would sell (legitimately) if offered – became available on a piecemeal or compartmentalized basis.

  • However – proprietary information, trade secrets, or other forms of intellectual property sought and illegally acquired by an insider are likely to have multiple and/or standalone elements of value, i.e., a formula, plus the process to operationalize that formula.

Value-in-Use – The value of a unit of proprietary information and/or trade secret that produces on-going contributory value to an enterprise.

  • However – the information asset that is sought and acquired is integral to a company’s business operations and is necessary to sustain company value, sources of revenue, market share, competitive advantages, reputation, etc., i.e., Coca-Cola syrup recipe.

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593 or m.moberly@kpstrat.com

 

 

 

CSO’s…Differences Between Information Security and Information Asset Protection!

October 5th, 2012. Published under Economic Espionage, Enterprise risk management., Trade secrecy.. No Comments.

Michael D. Moberly   October 5, 2012

The context,…‘if a hole is found in my company’s or my client’s proprietary information fence, the job of information security is to patch the hole, but, the job of an information asset protection specialist is, in addition to helping patch the hole, DETERMINE

  1. What caused the hole in the fence to occur/form in the first place, and were there precipitating circumstance or triggering factors…?
  2. Under what circumstances was the hole in the fence initially discovered…?
  3. Who, if anyone, knew the hole in the fence existed before it was discovered, but did not report it…?
  4. How long did the hole in the fence exist before it was discovered…?
  5. What information assets moved through the hole in the fence before it was discovered and patched…?
  6. Is there evidence that the information/data-based assets that moved through the hole in the fence before it was discovered and patched were specifically targeted or merely arbitrarily acquired…?
  7. How much (economic) hemorrhaging and/or impairment to (asset) value, materiality, competitive advantage, brand, reputation, ownership, trade secrecy and/or strategic planning, etc., occurred as a result of information assets moving through hole being in the fence…?
  8. Is it known who the recipients of the information assets that moved through the hole in the fence are, before it was discovered and patched…?
  9. How will the recipients likely use – exploit those information assets…?

The responsibilities of information (security) asset protection specialists are now cross-functional and converge with risk management, HR, IT security, intellectual property counsel, audits, valuation, R&D, reputation risk, and brand integrity, among others.

To mitigate adverse effects – consequences do to information asset losses, compromises, and/or misappropriation, an important key is to collaborate with professional domain above with a singular objective;  sustain (protect, preserve) control, use, ownership, and monitor the value and materiality of a company’s information-based (largely intangible) assets!

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance.  And, I always welcome your inquiry at 314-440-3593 or m.moberly@kpstrat.com

This post was adapted by Michael D. Moberly and inspired by a speech made by Dr. Joel Brenner, then Director, Office of National Counterintelligence Executive (ONCIX) to the American Bar Association in Washington, D.C., and author of ‘America The Vulnerable: Inside The New Threat Matrix of Digital Espionage, Crime, and Warfare’.

Intangible Asset Due Diligence In A Recession: Should It Be Conducted Differently?

June 7th, 2012. Published under Due Diligence and Risk Assessments, Enterprise risk management., Intangible asset protection, Intangible asset strategy. No Comments.

Michael D. Moberly   June 7, 2012

At the outset, let me say that the intent here is certainly not to cast dispersion on, or otherwise suggest the state of being unemployed or under-employed necessarily renders one more receptive to infringing proprietary knowledge acquired from a previous position, as leverage to secure new employment, market themselves as a specialized sector consultant, or start a new enterprise.

But, as we all have come to know all-to-well, the extended economic recession we’re experiencing and its various and often devastating ‘trickle down after shocks’ has placed growing percentages of workers and families at risk.

One well-understood reality, regardless of whether its influenced by this current recession or not, is that large scale layoffs, terminations, and the sheer unavailability of gainful employment prospects across all sectors, irrespective of whether one received a severance package, advance notice, unemployment benefits, or opportunity for ‘call back’ can, and usually will produce disgruntled and justifiably worried employees coupled with an elevated sense of (company, employer) disloyalty.

Collectively, we know through multiple objective and rigorous research studies, these factors can manifest themselves as a greater propensity (proclivity, receptivity) for a (former) employee to engage in illegal and/or unethical acts, e.g., theft, misappropriation, and/or infringement of proprietary information, intellectual property and other intangible assets.

Such attitudes and the adverse behaviors they can spawn are largely manifested as uncertainty that such dire economic and employment circumstances produce, particularly as one’s financial future and solvency become increasingly and indeterminately at risk.

In these circumstances exit interviews should obviously be ratcheted up to, among other things, emphasize the (legally binding) contractual components of employee non-disclosure confidentiality, and non-compete agreements (the latter in jurisdictions where they’re enforceable).  This especially important for employees who have had access to sensitive-proprietary information and other forms of intangible assets.

The recession has also prompted countless companies to ’look to the proverbial low hanging fruit’ as targets for budget reductions which we know has substantially curtailed if not eliminate countless security and risk management programs and initiatives.

Translated this means fewer information (intangible asset) audits and less direct oversight and management of information-based intangible assets which includes intellectual property, proprietary and sensitive information, competitive advantage driving business processes and methods, as well as brand, reputation, and goodwill, etc.

But, collectively, these (intangible) assets conservatively comprise, for most companies, 65+% of their value, sources of revenue, and ‘building blocks’ for growth, expansion, and competitive advantage.

Too, we see many companies reallocating (re-distributing) their security resources or literally dismantling their security departments causing decentralization of security and asset protection responsibilities.  Routinely then, these responsibilities are being delegated – entrusted to untrained and inexperienced personnel and/or business units.  For the most part, they are unaccustomed to asset protection and security which, practically speaking means inconsistent interpretation, assessment, and treatment of intangible asset risk thresholds.

We can also presume with considerable certainty, that during an economic downturn, there will be an elevated presence and even more aggressive and predatorial tactics emanating from global competitive/business intelligence operations, information brokers, and various state sponsored entities and actors that will specifically target ’disgruntled employees’.   In most instances, the objective of course is to elicit proprietary information, knowhow, and other forms of value laden intangible assets that can deliver new/additional sources of revenue and/or competitive advantage to another (end) user.

Similarly, we can presume these circumstances may well prompt a percentage of already disgruntled and disheartened employees to initiate contact with competitors or other adversaries to leverage or otherwise offer any specialized knowledge acquired during a previous employment for (a.) cash payment, or (b.) in exchange for employment with a competitor, or (c.) to start their own company.

A collective bottom line to all of this is that some company’s appear to have positioned themselves, as perhaps an unfortunate choice or reaction to the recession, to accept increasingly higher risk thresholds regarding their primary sources of value, revenue generation, and strategic (intangible asset) capability.  The question, or perhaps more appropriately, the challenge for information – intangible asset protection professionals is how much company value, reputation, image, goodwill, and IP, etc., will be eroded, de-valued, undermined, or outright lost in the interim?

To me, this is hardly a sustainable position!

Systemic Risks, Intangible Assets and IP…

May 8th, 2012. Published under Enterprise risk management., Fiduciary Responsibility, Systemic Risk. No Comments.

Michael D. Moberly    May 8, 2012

The term ‘systemic risk’ has a relatively long history.  Its revival, in terms of becoming the presumably focus-grouped explanation for the calamities of the financial services sector beginning in early Fall, 2008 has now come to be embedded in business lexicon to represent a broad cross-section of risk.

The subsequent wide spread use of ‘systemic risk’ in legislative (House, Senate) committee hearings wherein testifying cabinet secretaries, legislators, regulatory agency heads, and financial service c-suites routinely evoked the term (systemic risk) as part of their narrative for explaining (a.) how – why financial institutions and the financial services sector were literally unraveling, (b.) the intertwined elements of the now globalized financial system, and (c.) the underlying rationale for the notion of ’too big to fail’ which eventually prompted the TARP (bailout) provisions.

One of the better understood definitions of systemic risk, in my view, is one provided by Steven Schwarcz of Duke University School of Law wherein he described it (systemic risk) as ’the probability that cumulative losses will occur from an event that ignites a series of successive losses along a chain of (financial) institutions or markets comprising a system’.

Another, but, admittedly, cherry picked definition of systemic risk is provided by BusinessDictionary.com wherein it defines systemic risk as ’the probability of loss common to all businesses, and inherent in all dealings’.  In other words risk that cannot be circumvented or totally eliminated. 

A commonality embedded throughout the various definitions of systemic risk is the concept of a (preceding) ‘triggering event’.  A triggering event is one that causes (internal, external domino or cascading types of) consequences, usually adverse, e.g., loss or undermining of a company’s competitive advantages, asset value, market position, reputation, brand, image, goodwill, supply chain, stakeholders, etc. 

In the case of companies with fairly intensive portfolios of intellectual property and other forms of intangible assets, triggering events could include (a.) theft, misappropriation, infringement, and/or premature leakage of key assets, e.g., plans, intentions, capabilities, etc., and/or (b.) significant counterfeiting or product piracy operations against company produced assets.  Should anyone of these ’triggering events’ occur, it would collectively undermine or stifle asset value, competitive position, sources of revenue, and future growth opportunities, etc.

Outside the financial services sector, insofar as IP and other intangible assets are concerned, systemic risks would represent those assets cumulative risk, i.e., the vulnerability, probability, and criticality associated with, for example, theft, misappropriation, infringement, compromise, and/or premature leakage of IP and its underlying intellectual capital.  Of course, loss and/or compromise of those assets are generally less containable and can rapidly and adversely cascade –  ripple throughout a company and its entire chain of stakeholders.

Such adverse affects, are in my view, on the same or comparable plain as the much touted term ‘systemic risk’ and the accompanying market shocks experienced globally by the financial services sector in 2008, i.e., in the form of defaults, bankruptcies, employee layoffs, loss of markets and market share, and competitive advantages,

Several fine studies report that systemic risks (threats) to a company’s intellectual property and other forms of intangible (knowledge-based) assets lies largely with ’insiders’ along with the proliferation of extraordinarily sophisticated and predatorial data mining, information brokering, infringement, misappropriation, and counterfeiting operations that function profitably on a global scale. 

The risks (threats) presented by these entities and the subsequent asset compromises that occur are persistent, asymmetric, and frequently devastating to company’s profitability, competitive advantages, and reputation, etc.  Multiple respected studies consistently report that U.S. company losses of IP (largely attributed to insiders, infringement, theft, and misappropriation, etc.) range from $45 to $200+ billion annually.

True enough, the adverse affects/consequences of IP – intangible asset losses and/or compromises incurred by small, medium enterprises (SME’s) or small, medium multinationals (SMM’s), may not rise to the same ’systemic risk level’ as experienced by the likes of AIG, Lehman Brothers, or Bank of America, etc., but, they do carry adverse cascading (systemic) affects that are often equally devastating.

Collectively then, this constitutes a fairly strong rationale why company’s should engage in routine monitoring, valuation, and ’stress tests’ regarding their IP and intangible assets.  The purpose of these activities if of course, to objectively and proactively determine if any (asset) materiality changes, value erosion, and/or undermining, etc., are occurring and determine if further asset hemorrhaging can be mitigated.  Such exercises are now being recognized by management teams, boards, and c-suites alike, as useful and necessary ingredients to (a.) the effective stewardship, oversight, and management of their companies’ intangible assets, and (b.) avoiding costly and often times irreversible surprise will occur.

The inspiration for this post was sparked by (1.) ‘Allegiance in a Time of Globalization’ (Defense Personnel Security Research Center, Technical Report 08-10, December, 2008)  and (2.) ‘Technological, Social, and Economic Trends That Are Increasing U.S. Vulnerability To Insider Espionage’ Defense Personnel Security Research Center Lisa A. Kramer, Richards J. Heuer, Jr., Kent S. Crawford Technical Report 05-10 May, 2005 International Journal of Intelligence and Counterintelligence as ‘America’s Increased Vulnerability to Insider Espionage’ (20: 50-64, 2007)

Risk Tolerance: Where Does Your Company Stand?

April 25th, 2012. Published under Enterprise risk management., Organizational resilience and business continuity/conti. No Comments.

Michael D. Moberly    April 25, 2012

In my relatively small niche/corner of the intangible asset business world, it’s quite routine to engage experienced and seemingly successful management teams and risk managers who cavalierly express the view that it’s impossible to eliminate all (business) risk.  My response to such perspectives is usually to politely hedge a little by suggesting it is possible!  However, and here comes the hedging part, the resources a company would have to devote and the ultra-restrictive environment a ‘risk free’ business would necessitate, i.e., no external interactions or emanations are just two examples. I know of no company that would agree to such aggressive tactics because they could no longer be viable nor profitable and their intellectual, relationship, and structual capital (intangible assets) would be of little, or no value.

My experience also suggests most company’s ‘tolerance for risk’ (a.) varies, (b.) is largely subjective, (c.) is often influenced by industry sector and the products and/or services being produced, (d.) management team, c-suite, and board perceptions/beliefs about business risks (usually evolving from prior experiences and/or anecdotes), and (e.) locations of and interactions with a company’s primary markets, i.e., customers/clients, supply chains, and other stakeholders.

According to Dr. Marc Siegel, there are ways to measure and assess a company’s tolerance for risk which is dependent on their…

1. Experience, e.g., the confidence level held by a company’s management team achieved by their familiarity with current and over-the-horizon risks, coupled with their perceived ability to effectively manage (prevent and/or mitigate) such risks.

2. Resiliency – e.g., if or when a significant (business) risk or disruption occurs, are there policies and practices in place to (a.)mitigate/minimize the criticality posed by the risk, and (b.) rapidly return the company to a state of operational and financial/revenue normalcy in a reasonable time frame, in other words,  its resiliency. Achieving company resiliency also includes minimizing the vulnerability, fragility and/or loss of  intangible assets, particularly competitive advantages, for the duration of the risk event.

One question I often pose to management teams focuses on how they presumably achieved concensus to accept or tolerate a certain level of risk relative to a specific transaction, new venture, strategic alliance, etc.? The answer I tend to get when I pose such a question is the proverbial ‘risk is an inherent feature of doing business and all successful business persons are inherently risk takers’. I analyze risk a little differently in terms of why management teams, boards, and c-suites may be inclined to tolerate certain (business) risks and not others. It’s usually because the…

  • level of risk is generally subjectively measured/assessed to be low in terms of vulnerability and probability, but the cost of mitigation through risk transfer, etc., may exceed potential (prospective) benefits, making self-insurance and elevated risk tolerance appear to be the prudent option.  Such circumstances often arise with risks that are assessed as having a low priority in terms of probability and vulnerability, but extraordinarily high in criticality.
  • asymmetric nature of business risks, i.e., their magnitude, frequency, criticality, and cascading potential, should they materialize, coupled with the type of products and services a company produces, is beyond the capabilities of most to consistently prevent or mitigate.
  • company’s anticipated/projected business opportunities associated with assuming a certain level of risk, outweigh risk exposures to the point that a management team can justify/rationalize proceeding with a particular transaction or initiative and therefore assume a substantial portion of the risk..

(This post was inspired by the work of Dr. Marc Siegel and his work related to organizational resilience on behalf of ASIS International.)

Intangible Assets: Can Become Entangled In Costly And Time Consuming Disputes And Challenges

April 17th, 2012. Published under Enterprise risk management., Managing intangible assets. No Comments.

Michael D. Moberly    April 17, 2012

Business risk vulnerability-probability equations have changed from merely being subjective prognostications to inevitabilities particularly when we’re talking about companies intangible assets that have gone unrecognized, unchecked, or ineffectively managed.

Based on my own experiences, there are, at minimum, six ways in which a company’s most valuable assets, i.e., intangibles, become, with increasing frequency, entangled and/or ensnared in costly, time consuming, and sometimes irreversible legal disputes and challenges.  Particular intangible assets I’m referring to include proprietary know how, intellectual, relationship, and structural capital, some categories of intellectual property and other intangibles that underlie and contribute to building – sustaining company and asset value and competitive advantages.

Typically, when know how-based intangibles become involved in disputes and/or challenges it’s a consequence and/or combination of…

  1. Misplaced and/or a violated trust among business partners, research collaborators, and/or management team members.
  2. Asset safeguard miscues that unnecessarily create – elevate the vulnerability of intangibles to compromise, misappropriation, or, theft.
  3. The absence, ineffectiveness, and/or inconsistency in the management and oversight of a company’s intangibles insofar as they constitute the dominant drivers’ of company value, revenue, and competitive advantage.
  4. Unethical or illegal conduct of personnel, contractors, and/or vendors most anywhere in the supply – value chain that triggers – facilitates asset compromises and undermining competitive advantages…
  5. Assumptions held by management teams and counsel that conventional IP, i.e., patents, trademarks, and copyrights, etc., are sufficient stand-alone deterrents to infringement, misappropriation, and product – service counterfeiting …
  6. Disregard and/or being dismissive about the speed which asset value and competitive advantages can be compromised and irreversibly undermined…

In today’s globally competitive and predatorial business environment intangible assets are routinely in play and therefore integral to most every deal.  Dismissing any of the above  challenges as merely constituting additional risks of doing business in the knowledge era will also, with increasing surety, lay a foundation for outright deal failure and/or asset under-performance.

While visiting  my blog, you are respectfully encouraged to browse other topics/subjects (left column, below photograph) .  Should you find particular topics of interest or relevant to your circumstance,  I would welcome your inquiry at  314-440-3593 or m.moberly@kpstrat.com

 

Intangible Assets: Replication and Copying By Competitors and Adversaries

April 5th, 2012. Published under Enterprise risk management., Intangible asset protection. No Comments.

Michael D. Moberly    April 5, 2012

Generally speaking, intangible assets are unique and nuanced to fit a particular project and/or company operating needs and circumstances.  First though, let’s agree that in many, if not most instances, economic and competitive advantage adversaries and competitors are seldom seeking intellectual property per se from targeted companies, because that ‘information’ is often already in open source.   Instead, they want and need to acquire the relevant  intellectual, structural, and relationship capital (intangible assets) that underlies the functionality of the IP.

Some of my concerns are, how or whether those (intellectual, structural, relationship) intangible assets can be readily replicated, copied, and/or converted to fit and function equally well in a competitor’s or adversary’s company and operating culture?  While we can assume through observation considerable success is achieved particularly given the estimates of losses to victim companies and the volume of counterfeited goods being produced globally, few, if any studies specifically address the intangible asset angle addressed here.

My experience suggest, intangible assets seldom remain fixed or static as originally developed or produced.  Instead, they may experience numerous and/or evolving renditions, updates, and ‘tweaks’ over time.  Ideally, from a risk management perspective this should make their replication or copying more challenging for competitors and other global adversaries.

One strategy to combat or mitigate the inevitable adverse consequences of asset replication by competitors is for company management teams to:

  • identify and unravel their intangibles to achieve a better understanding of the assets’ origins, composition, and contributory value, and
  • assess their vulnerability to – ease of replication and/or copying

Such potential for product replication and loss, in my view, should figure rather prominently in the overall analysis and projected outcome of any transaction which today, will certainly involve intangible assets.  Far too often though, intangibles fall outside conventional – main stream risk identification and management processes even though they now routinely comprise 65+% of most company’s value, sources of revenue, and building blocks for growth and sustainability.

Another question is, are intangible assets, when they exist in the form of efficiencies and competitive advantages produced through intellectual, structural, and/or relationship capital subject to conventional enforcements as intellectual property, i.e., theft, misappropriation, infringement, etc.?

The answer lies in part in the reality that in many instances, a buyer, investor, or holder of intangible assets is engaged in a certain level of (intangible) asset hedging.  Still, management team confidence in achieving sufficient returns on their intangibles should begin by identifying and understanding the much coveted (and targeted) nuances, i.e., the intellectual, structual, and relationship capital that comprise intangible assets, beginning with:

  • unraveling, assessing, and monitoring each assets’ stability, fragility, defensibility, transferability, and contributory value
  • putting in place practices to sustain control, use, ownership, and monitoring the value, materiality, competitive advantages and efficiencies produced by the assets.

Consistently performing these tasks will help mitigate asset vulnerability to copying or replication, or more accurately stated, asset loss!