Business IP and Intangible Asset Blog, Michael D. Moberly

Business’s Tolerance For Risk To Their Intangible Assets…!

November 12th, 2012. Published under Enterprise risk management., Organizational resilience and business continuity/conti, Uncategorized. 4 Comments.

Michael D. Moberly    November 12, 2012

In my corner of the intangible asset business world, it’s quite routine to engage highly experienced, intelligent, and successful business owners and management teams who cavalierly and somewhat patronizingly, express the view that it’s impossible and far too costly to eliminate (prevent) all business risk, that is if of one wants to remain in business.

Often embedded in this perspective, is the misperception that preventing business risks equates with being overly cautious and risk averse, which some argue is tantamount to a ‘fortress mentality’ which substantially dampens any sense of receptivity to new or ‘edgy’ business endeavors.   Too, a frequent refrain is that business risks are simply too prevalent, inescapable, and asymmetric to avoid in every business dealing, absent literally building a risk prevention – adverse ‘moat’ around one’s business.

My response to such consistent expressions from management teams, c-suites, and boards is to respectfully, but objectively, introduce the notion that a business, with a substantive risk prevention-mitigation pillar is not wholly impossible, nor will it be perceived as antagonistic or incompatible to competitive and welcoming business transactions and configurations.

Some management teams, et al, quite incorrectly interpret, in my view, that the resources  necessary for creating a ‘risk moderated’ business (transaction) environment are neither practical nor feasible and, if done, would inevitably expedite business failure because it would hamper and  impede business’s engaging their strongest, most valuable, and charismatic assets, i.e., intangible assets such as intellectual, relationship, and structural capital.

I’m confident few, if any readers of this blog would agree to such a restrictive business environment.

My experience and I suspect that of many readers of this blog as well, recognize that many management team’s ‘tolerance for risk’…

• varies considerably, even within the same sector…
• is generally subjective, often influenced by anecdotal evidence, the products and/or services a company produces, and/or evolve from management team, c-suite, and board perceptions – assumptions about (certain) business risks fro, prior experiences, and…
• locations of, and interactions with a company’s primary markets, i.e., countries, customers/clients, supply chains, and a host of other relevant stakeholders.

Let’s not overlook or forget the economic fact that 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability lie in – evolve directly from intangible assets today, which in most instances, a business/company has developed internally (i.e., through prudent use of its intellectual, structural, and relationship capital) or acquired and integrated externally.  So, in essence, when we address the subject of a business’ tolerance for risk, in my view, we’re really talking about how tolerant a company is relative to risks to its intangible assets!

According to Dr. Marc Siegel, a globally respected specialist in organizational resilience, there are ways to measure and assess a company’s tolerance for risk which I have added to throughout this post.  But, as readers know, sometimes all too well, measuring and assessing a company’s tolerance for risk is frequently dependent on the experiences, anecdotes, and largely subjective assessments emanating through the lens of management teams, c-suites and boards, i.e., their…

1. experience and confidence level acquired through their familiarity with and the significance they attach to known, current, and over-the-horizon risks…
2. ability to following a risk event through effective  risk management, prevention, and/or mitigation initiatives…
3. organizational resilienceto sustain a robust business (transaction) environment following a significant (business) risk or disruption and consistently utilize-leverage intangible assets to achieve strong growth, profitability, and sustainability trends, i.e., policies, procedures, and practices in place…

a. to mitigate-minimize the criticality posed by certain risks (reputation or otherwise) and,

b. that would allow a business to return to a state of operational and financial and revenue normalcy in a reasonable time frame      because  it  could maneuver and apply mitigation measures to an array of risks to elevate the probability that a previously agreed  upon (accepted) level of business operational continuity is sustainable should a particular risk actually materialize.

4. recognition of core/key intangible assets, e.g., minimizing intangibles’ fragility, and vulnerability to loss and/or compromise, while   stabilizing their value, competitive advantage-reputation delivery, revenue streams, and sustaining their control, use, and ownership throughout the risk event, particularly that which is embedded in intellectual, structural, and relationship capital.

Another important and relevant inquiry I routinely pose to management teams, is how they achieved consensus regarding the acceptance and/or toleration of a certain level of risk and/or operational continuity relative to specific transactions, new ventures, strategic alliances, or other business initiatives in which risks are present and/or occur?  Interestingly, their frequent answer is again, (a.) certain levels and/or types of risk are inherent features of doing business, and/or (b.) all successful business persons are inherently risk takers.

I examine responses such as to why management teams, boards, and c-suites may be inclined to tolerate certain (business) risks and not others?  I find it’s usually because the…

• risk is frequently subjectively assessed and/or measured to be relatively low in terms of vulnerability and probability, or the
• perceived cost of risk mitigation exceeds potential (projected) benefits, making elevated tolerance for risk appear to be the more prudent course of action…

However, experience suggests, absent experienced and expert assessments of risks/threats, management teams and c-suites will characterize certain types/categories of business risk…

• as being low in priority to receive prevention/mitigation resources in terms of probability
• as being low insofar as occurrence and asset vulnerability to loss, value reduction, and/or compromise, but
• high in criticality (adverse economic, competitive advantage effects to the company) should certain risks materialize.

But, the reality is today that, many types/categories of business risks are asymmetric, i.e., their magnitude, frequency, criticality, and speed of cascading throughout a business, should they materialize is substantial.

Therefore, for many, if not most companies, projected business opportunities come already affixed with certain levels of risk.  The objective is to mitigate risk exposures to the key-core intangible assets in play to point that management teams can proceed confidently with a particular transaction or initiative while assuming a portion of the risk with confidence and objectivity it will not spillover, cascade, or adversely affect the projected economics or competitive advantages.

This post was inspired by the work of Dr. Marc Siegel and his strong expertise in the field of organizational resilience on behalf of ASIS International.

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593 or m.moberly@kpstrat.com

Risk Tolerance: Where Does Your Company Stand?

April 25th, 2012. Published under Enterprise risk management., Organizational resilience and business continuity/conti. No Comments.

Michael D. Moberly    April 25, 2012

In my relatively small niche/corner of the intangible asset business world, it’s quite routine to engage experienced and seemingly successful management teams and risk managers who cavalierly express the view that it’s impossible to eliminate all (business) risk.  My response to such perspectives is usually to politely hedge a little by suggesting it is possible!  However, and here comes the hedging part, the resources a company would have to devote and the ultra-restrictive environment a ‘risk free’ business would necessitate, i.e., no external interactions or emanations are just two examples. I know of no company that would agree to such aggressive tactics because they could no longer be viable nor profitable and their intellectual, relationship, and structual capital (intangible assets) would be of little, or no value.

My experience also suggests most company’s ‘tolerance for risk’ (a.) varies, (b.) is largely subjective, (c.) is often influenced by industry sector and the products and/or services being produced, (d.) management team, c-suite, and board perceptions/beliefs about business risks (usually evolving from prior experiences and/or anecdotes), and (e.) locations of and interactions with a company’s primary markets, i.e., customers/clients, supply chains, and other stakeholders.

According to Dr. Marc Siegel, there are ways to measure and assess a company’s tolerance for risk which is dependent on their…

1. Experience, e.g., the confidence level held by a company’s management team achieved by their familiarity with current and over-the-horizon risks, coupled with their perceived ability to effectively manage (prevent and/or mitigate) such risks.

2. Resiliency – e.g., if or when a significant (business) risk or disruption occurs, are there policies and practices in place to (a.)mitigate/minimize the criticality posed by the risk, and (b.) rapidly return the company to a state of operational and financial/revenue normalcy in a reasonable time frame, in other words,  its resiliency. Achieving company resiliency also includes minimizing the vulnerability, fragility and/or loss of  intangible assets, particularly competitive advantages, for the duration of the risk event.

One question I often pose to management teams focuses on how they presumably achieved concensus to accept or tolerate a certain level of risk relative to a specific transaction, new venture, strategic alliance, etc.? The answer I tend to get when I pose such a question is the proverbial ‘risk is an inherent feature of doing business and all successful business persons are inherently risk takers’. I analyze risk a little differently in terms of why management teams, boards, and c-suites may be inclined to tolerate certain (business) risks and not others. It’s usually because the…

• level of risk is generally subjectively measured/assessed to be low in terms of vulnerability and probability, but the cost of mitigation through risk transfer, etc., may exceed potential (prospective) benefits, making self-insurance and elevated risk tolerance appear to be the prudent option.  Such circumstances often arise with risks that are assessed as having a low priority in terms of probability and vulnerability, but extraordinarily high in criticality.
• asymmetric nature of business risks, i.e., their magnitude, frequency, criticality, and cascading potential, should they materialize, coupled with the type of products and services a company produces, is beyond the capabilities of most to consistently prevent or mitigate.
• company’s anticipated/projected business opportunities associated with assuming a certain level of risk, outweigh risk exposures to the point that a management team can justify/rationalize proceeding with a particular transaction or initiative and therefore assume a substantial portion of the risk..

(This post was inspired by the work of Dr. Marc Siegel and his work related to organizational resilience on behalf of ASIS International.)

Intangible Assets and Organizational Resilience

March 30th, 2012. Published under Intangible asset protection, Intangible asset strategy, Organizational resilience and business continuity/conti. No Comments.

Michael D. Moberly   March 30, 2012

Some management teams consider ’organizational resilience’ to merely be a tweaked version of conventional continuity and contingency planning. Be assured, it’s not!

If anything, organizational resilience (OR) is business continuity and contingency planning on steroids.  That is, OR is more inclusive and evolves from a multifaceted ‘attitude’ of:

• prevention
• protection
• preparedness
• response
• mitigation
• continuity, and
• economic – competitive advantage recovery

From an operational standpoint, OR differs markedly from conventional security and/or risk management approaches because of its focus on:

• preparedness
• drawing a balance between asset vulnerability, risk probability, and criticality (consequences) of certain risks, and
• shifting away from managing risk reactively, to a highly proactive, adaptive and continually improving series of activities and responses.

Ultimately, a well-designed and executed OR plan can serve as a strategic path for moving a company from a conventional defensive and reactive posture to a proactive (forward looking, forward thinking) risk posture.  By doing so, companies become more anticipatory and ultimately resilient to a broader range of risks and adverse events, should they materialize

In my view, OR is particularly well suited to the ‘systems approach’ which compels management teams to identify and examine risks in independent and dependent variable contexts relative to (a.) asset vulnerability, (b.) probability of occurrence, and (c,) criticality, i.e., potential for significant adverse cascading effects throughout a company and its stakeholders should they materialize.

An OR approach to risk would entail examining business risk(s) that may, for example, have a relatively low probability for occurrence, but carry inordinately high consequences (criticality) making it more challenging to return to a state of operational-financial normalcy.

Thus, OR is much more than mere defensive posturing.  It involves proactive attitudes and practices that recognize 65+% of most company’s value, sources of revenue, and building blocks for growth and sustainability evolve directly from intangible assets. Ironically, this requires management teams, c-suites, and boards to recognize that materialized risks or adverse events may, for organizationally resilient firms, present opportunities to further exploit its intangible assets, presuming other industry sector companies and/or competitors are experiencing similar risk events simultaneously.

A firm’s ability to rapidly, efficiently, and effectively adapt to change and uncertainty (risk) are being ratcheted up on company agendas as action items requiring higher priorities. In OR parlance, the vulnerability, probability, and criticality associated with potential and/or materialized risks, be they natural, intentional, or unintentional, represent a strong rationale why companies need to achieve a level of resilience that fits their respective market, industry sector, and business (transaction) environment.  More specifically, a recovery and adaptive oriented OR strategy can no longer be dismissed or relegated to merely being an ’after thought’.

An initial step toward achieving an organizationally resilient firm puts the onus on management teams and c-suites to recognize the unique elements and features (intangible assets) that are routinely embedded in company operations and functions. In other words, preserve (intangible) assets that underlie a company’s profitability, competitive advantages, and sustainability, i.e., reputation, brand, intellectual – relationship capital, goodwill, image, etc.

Intangibles though, often go un-noticed and un-protected in conventional risk management and business continuity-contingency planning.  I say this in the context that I have yet to engage a management team or board member that does not hold the view that every business or company, particularly theirs, possesses nuanced and unique features that contribute to its success.  Referring to such features as intangible assets though, seldom occurs.

Another step toward achieving an organizationally resilient company is to identify ways to measurably improve on its ability to adapt and rapidly recover from significant (business) disruptions, materialized risks, and/or significant changes in the business (value-supply chain) environment. In other words, remain financially and competitively viable for the duration of the adverse – disruptive event!

(This was inspired by the work of Gregg Goble, Howard Fields, and Richard Cocchiara of IBM’s Resilient Business and Infrastructures Solutions unit and the work of Dr. Marc Siegel, ASIS.)

Organizational Resilience and Intangible Assets

January 12th, 2012. Published under Intangible asset strategy, Organizational resilience and business continuity/conti. No Comments.

Michael D. Moberly   January 12, 2012

I suspect there are very few, if any, management teams today, including c-suites and boards that do not recognize the necessity for their company to have reasonable assurance of operational continuity should certain risks/threats materialize.  Enterprise risk management is no longer solely about (risk) prevention or mitigation rather it’s about creating organizational resilience.

Today’s business transaction environment, for both large and small companies is truly global in which each of the following are the norm:

• business interdependencies and alliances
• supply chains that are multifaceted, lengthier, and ‘just in time’
• elevated vulnerability – probability of disruptions and materialization of risk that carry the capability of producing immediate, adverse, and cascading affects that ripple throughout an enterprise (internally and externally)

      …too, each is prompting management teams, as fiduciary responsibilities, to reassess the conventional business continuity – contingency plan to determine if it reflects today’s  necessary standard’s for organizational resilience?

Determining (assessing) with some degree of precision, just how resilient a company really is to the growing array of (asymmetric) business risks and threats is challenging, but absolutely necessary today.  Many of those risks, should they materialize, their adverse (potential cascading) affects can be immediate, relentless, and devastating insofar as undermining and eroding a company’s value, standing, market share, and revenue streams, etc., regardless of a company’s size, industry sector, or whether it publicly or privately held.  

The bottom line, in my view is, some materialized risks/threats cannot be fully or readily mitigated or reversed without recognizing the need to have a viable and comprehensive organizational resilience plan in place. 

One business reality that makes organizational resilience all the more critical is that growing numbers of analysts as well as consumers, clients, and suppliers:

• possess a propensity to exhibit – express a sense of skepticism, cynicism , and are generally less-believing of company’s resiliency motivated (public) communications following the occurrence of a risk-threat event
• can readily find satisfactory alternatives to meet their needs either in the interim or permanently due to which certain risks materialize, i.e., product recalls, production – supply chain disruptions, etc.

           …that render products temporarily unavailable or cause question about their quality.

I find the single greatest challenge to helping company’s design and execute an organizational resilience plan is achieving consensus about the criticality of certain processes, products, and assets (tangible and intangible) insofar as measurably elevating a company’s resilience, i.e., returning to a state of operational normalcy as quickly as possible, following an adverse event or act.  

A word of caution though, management teams that inadvertently overlook or do not specifically include a company’s intangible assets in their organizational resilience plan are not merely being near-sighted or neglectful of their fiduciary responsibilities, they’re actually taking their company down a much more riskier path because:

• 65+% of most company’s value, sources of revenue, and building blocks for growth and sustainability today lie in – directly evolve from intangible assets, and
• intangible assets are frequently more fragile, transportable, and therefore vulnerable to adverse events or acts.

(This post was inspired by Michael D. Moberly’s interpretation of ASIS Internationals’ 2009 ’Organizational Resilience’ standard.)

Intangible Asset ‘Risk of Risks’: Company Reputation

December 30th, 2011. Published under Looking Forward, Organizational resilience and business continuity/conti, Reputation risk.. No Comments.

Michael D. Moberly      December 30, 2011

Company reputation is an intangible asset of the first order and, when effectively used and safeguarded, can be a major source of competitive advantage and sustainability.   This is probably what prompted The Economist’s Intelligence Unit to produce a ‘global risk briefing’ titled Reputation: Risk of Risks arising from interviews with 269 senior risk managers. Aside from the fact that the report was produced in December, 2005, its relevance remains very much intact today.

Company reputation is certainly a prized, yet increasingly vulnerable and fragile asset in my view which the reports’ respondents agreed by stating that reputation represented a main concern for the majority of risk managers, ahead of, for example:

• regulatory risk
• human capital risk
• IT network risk
• market risk, and
• credit risk. 

Interestingly, the priorities of senior risk managers have changed little since publication of The Economist’s report.  It’s certainly fair to say then that company reputational risk also has become a very significant (fiduciary) concern, not just for senior risk managers, but for company management teams, c-suites, and boards as well.  They recognize the many ways it can adversely affect their company.

Company reputation is defined (in the Economists’ report) as ‘how a business is perceived by stakeholders, including customers, investors, regulators, the media, and the wider public’.  Company reputation, the report goes on to state, ‘declines when experiences of an organization fall short of expectations’. 

However, before this definition can be fully translated into effective (reputation risk) countermeasures, it’s important for a company to bring operational clarity to:

• whose experience
• what experience, and
• which expectations.

Safeguarding a company’s reputation is, with few exceptions, probably the most important, but also, in my view, one of the more challenging tasks and (fiduciary) responsibilities a company can and should undertake relative to its overall management, stewardship and oversight.  In large part I find it challenging because of the asymmetric nature how (reputational) risks and threats can materialize and cascade throughout a company. 

For example, The Economists’ study identified three significant phenomena that individually and/or collectively contribute to elevating reputation risk, each of which remains relevant today:

• development of 24/7 global media and communication channels
• increased scrutiny from regulators, and
• reduced customer loyalty

A relevant, but not easily answered question though, about damages a company can sustain as a result of a materialized reputational risk, in terms of prevention, mitigation, or management, is whether reputation risks – threats should be characterized and addressed as:

• standalones, or
• the consequence of other, perhaps simultaneously converging risks? 

As already noted above, reputational risk is often (highly) asymmetric in my view.  This belief inclines me to address it not solely as a standalone or separate risk, rather a consequence (by-product or multiplier) of risks that can materialize sequentially and adversely affect a company simultaneously on multiple levels.

Respondents to the Economist’ study identified the three biggest risks/threats to a company’s reputation as:

• failure to comply with regulatory or legal obligation
• failure to deliver minimum standards of service and product quality to customers
• exposure of unethical practices

This elevates the importance of how company management teams, boards, and risk managers perceive reputational risks to their company…relative to the processes, procedures, and/or programs they (may/may not) have in place as forward looking monitoring and assessments of internal and external factors/variables necessary to prevent, mitigate, and manage reputational risks if/when they begin to materialize.

For example, when conducting a comprehensive (intangible asset) assessment of a company (which includes reputational risks) and there’s evidence that a company’s plans and/or attitudes for responding to reputational risks appear more closely aligned with crisis management than contingency and organizational resilience planning, I would engage the senior risk manager for clarity.  If its revealed that the company genuinely addresses reputational risks/threats solely through a conventional ‘crisis management’ lens, its often an indicator, that the company may not be adequately monitoring – scanning their horizon and stakeholders for risks/threats which is so essential today, and is, my judgment a key underlier to quality contingency – organization resilience planning, not crisis management!

While visiting  my blog, you are respectfully encouraged to browse other topics/subjects (left column, below photograph) .  Should you find particular topics of interest or relevant to your circumstance,  I would welcome your inquiry at  314-440-3593 or m.moberly@kpstrat.com

What Is An Intangible Asset Specialist and What Can They Do For Companies?

December 8th, 2011. Published under Fiduciary Responsibility, Intangible asset strategy, Organizational resilience and business continuity/conti. No Comments.

Michael D. Moberly      December 8, 2010

I start with the premise that management teams and boards have a fiduciary responsibility to routinely and objectively ask…

   is our company properly positioned, insofar as possessing the expertise and skill sets, to identify, unravel, develop, bundle,  utilize, and extract as much value as possible from its intangibles, while simultaneously protecting and monitoring risks to those assets’ value, sustainability, and materiality’? 

As noted numerous times in this blog, the key requisite to managing and overseeing a company’s intangibles is the ability to sustain control, use, ownership, and monitor their value and materiality.  If the former does not occur, or fails, little else matters, because asset value can quickly go to zero!

An intangible asset officer (specialist) can benefit a company by…

1. Providing on-going guidance to business units and management teams for managing intangibles, i.e., monitoring and extracting value, delivering competitive advantages, and developing strategic plans for measuring asset performance, monitoring risks  and materiality.

2. Adding predictability to business transaction outcomes by assessing the stability, defensibility, value, and sustainability of the intangibles in play.

3. Conducting periodic intangible asset assessments to monitor competitive advantages and ensure asset synergies and efficiencies are being effectively utilized.

4. Reducing the probability that the momentum of a project or deal can be stifled or undermined by identifying and mitigating circumstances that can (a.) ensnare and/or entangle the assets in costly and time consuming legal challenges, (b.) erode asset performance and value.

5. Improving the valuing, reporting, and accounting of intangibles and integrating same in (a.) asset development, (b.) company governance processes, and (c.) specialized asset management initiatives, i.e., knowledge management and balanced scorecard.

6. Building an ‘intangible asset’ company culture that’s effectively aligned – converged with a company’s mission and business objectives.

7. Designing an organizational resilience (continuity, contingency) plan that encompasses mission essential intangible assets to provide quicker recovery following a significant business disruption or natural disaster.

8. Monitoring intangible asset value chains, i.e., the inter-connectedness between the production, acquisition, and utilization of intangibles relative to their contributions to company value, revenue, and creating and sustaining competitive advantages.

While visiting  my blog, you are encouraged to browse other topics/subjects (left column, below photograph) .  Should you find particular topics of interest or relevant to your circumstance,  I would welcome your inquiry at  314-440-3593 or m.moberly@kpstrat.com

A Good First Step Toward Organizational Resilience…

August 10th, 2010. Published under Organizational resilience and business continuity/conti. No Comments.

Michael D. Moberly   August 10, 2010

Broadly speaking, organizational resilience encompasses a management systems approach that simultaneously focuses on prevention, protection, preparedness, response, mitigation, continuity, and recovery from disruptive incidents.  And, for the skeptics, organizational resilience is not merely a warmed over version of (conventional-traditional) business continuity and contingency planning.

An organizations’ ability to quickly, efficiently, and effectively adapt to change and uncertainty (risk) that are so pervasive in today’s globally competitive business (transaction) environment, is certainly being ratcheted up on management team and board agendas as a necessary and priority action item.  In organizational resilience parlance, changes in policy, market forces, environmental factors, and the vulnerability, probability, and criticality associated with materialized risks, i.e., natural, intentional, or unintentional, etc., all fall under the (business case) rationale why today’s companies require a level of resilience that fits their respective market, industry sector, and business transaction environment.  Recovery oriented (adaptive, proactive) company resilience strategies can no longer be dismissed or relegated to merely being ’after thoughts’.

The first step toward achieving organizational resilience puts the onus on management teams and boards to literally identify (recognize) the unique elements and features that are embedded and sometimes very much under their company’s radar.  In other words, what makes their company successful.  I offer this in the context that I have yet to engage a management team or board that does not hold the view that every business/company, including theirs, possesses nuanced and otherwise unique features that contribute to its success and sustainability.

Why is this necessary?, it’s because the components (elements, features, processes, practices, etc.) that define a company’s uniqueness are essentially the foundation for identifying a ‘resiliency strategy’.  A resilience strategy commences with identifying/determining ways which a management team and board can measurably improve the degree to which a company, in the context of its respective business environment, is adaptive and able to quickly recover from significant disruptions, materialized risks, and/or significant changes in the business (value-supply chain) environment.

Executable strategies that improve a company’s level of adaptability and timely recovery from disruptive events include ensuring certain (executable) processes are in place that impose (carry) specific demands and functions, as a well informed management team and board dictate so the company can remain viable for the duration of the adverse – disruptive event.

(This post was inspired by the work of Gregg Goble, Howard Fields, and Richard Cocchiara of IBM’s Resilient Business and Infrastructures Solutions unit and the work of Dr. Marc Siegel, ASIS.)

The ‘Business IP and Intangible Asset Blog’ is researched and written by Mr. Moberly to provide insights and additional views for company management teams, boards, and employees to aid in identifying, assessing, valuing, protecting, and profiting from their intangible assets.  I welcome and respect your comments and perspectives at m.moberly@kpstrat.com.

Organizational Resiliency: Defensive Foundations

August 4th, 2010. Published under Organizational resilience and business continuity/conti. 1 Comment.

Michael D. Moberly   August 4, 2010

Organizational resilience should not be conceived or characterized as simply an ‘insurance’ measure that provides a company with ’coverage’ if or when adverse events occur or risks actually materialize.  Rather, management teams and boards would be prudent, in today’s risk laden global business environment, to frame – adjust their organizational resilience plan so that it serves as a strategic path for moving a company, operationally speaking, from a defensive and reactive posture to having a succession – series of highly proactive responses/actions to address risks and adverse events, one aspect of which is focused on improving (exploiting) or at least sustaining, a company’s competitive position during the duress event.

Organizational resilience today, and certainly for the foreseeable future, is much more than mere defensive steps to protect a company, rather OR must also include proactive measures for actually improving a company’s competitive position throughout the duress event.  This, of course, requires company management teams and boards to recognize that materialized risks or adverse events may, for resilient companies, present valuable and exploitable competitive advantage opportunities, presuming other industry sector companies and/or competitors are experiencing similar risk events simultaneously.

So, what are the ‘building blocks’ to organizational resilience?  Goble, Fields, and Cocchiara of IBM’s ‘improving business resilience through a resilient infrastructure’ unit point to:

1. Recovery -elevates awareness to the onset of particular risks and/or adverse events which in turn enables a company to return to an acceptable state of operational normalcy and performance in an acceptable time period.

2. Hardening -is the use of strategies to make a company’s key infrastructure harder, i.e., more challenging, more difficult, and ultimately, less susceptible to certain risks and adverse events.  Hardening increases the efforts (resources, time, etc.) that adversaries must expend to actually execute a particular (man made) risk, threat, or adverse event by literally denying or, at minimum, limiting access to the infrastructure itself.  Companies should be mindful that excessive (extreme) use of infrastructure hardening tactics, can create a ‘fortress mentality’ (imagery) whereby partners, stakeholders, and valuable contributors to the company’s value-supply chain may find offensive and withdraw.

3. Redundancy – ensuring the company infrastructure has a sufficient number of ’redundancies’ (i.e., back-ups, duplications) designed/built into it relative to meeting its mission critical priorities.

4. Accessibility – the ability of a company as a whole, i.e., its employees and value-supply chain partners and stakeholders to retain the ability to access (from anywhere) the relevant and necessary (company) infrastructure, including communication systems.

5. Diversification – the goal is straightforward; create an infrastructure that can be fully operational while being physically distributed and is still capable of being effectively managed during periods of duress.  The premise of operational diversity is straightforward, don’t allow all of a company’s eggs to remain in a single basket.

6. Information Technology Autonomics – self-managing and self-regulating IT systems and infrastructure that is not vulnerable to succumbing to anticipated-projected risks and adverse events. 

The ‘Business IP and Intangible Asset Blog’ is researched, written, and produced by Mr. Moberly to provide insights and additional and sometimes alternative views for company management teams, boards, and employees to aid in identifying, assessing, valuing, protecting, and profiting from their intangible assets.  I welcome and respect your comments and perspectives at m.moberly@kpstrat.com.

Organizational Resilience…Try Framing It As A Strategic Roadmap!

August 3rd, 2010. Published under Organizational resilience and business continuity/conti. No Comments.

Michael D. Moberly   August 3, 2010

In today’s ‘go fast, go hard, go global’ business transaction environment, management teams and boards are less inclined to dismiss or characterize materialized risks and business disruptions as merely being embarrassing events or short-lived inconveniences. 

In large part that’s because of recent events, ala BP, Massey Coal, Toyota, Wall Street, etc., coupled with a re-consideration (appreciation) for the speed which negative events can occur or certain risks materialize and literally cascade throughout an enterprise to irreversably infect and adversely affect what matters most to company’s operating in ‘intangible asset’ dominated economies, i.e., their  (a.) brand, reputation, image, and goodwill, and (b.) supply – value chain!

That, in my view, is sufficient rationale for management teams and boards to initiate organizational resilience planning, quite apart from conventional business continuity-contingency planning.  But, to further serve a company in 2010, 2011, 2012 and beyond, its useful for management teams and boards to conceive – frame their organizational resilience planning initiative in the context of a ’strategic roadmap’ to achieve business goals and objectives absent impediments and/or interruptions. 

The strategic roadmap would of course also include achieving a level of (enterprise) preparedness sufficient to effectively (1.) mitigate, counter, defend, and manage certain risks, and (2.) enable a company to recover from adverse events and/or materialized risks more speedily.

The heart of an organizational resilience program, in my view, lies in framing-conceptualizing a ’strategic roadmap’ that includes effectively designed ’infrastructures’ that are operationally resilient to the ever growing array of risks and vulnerabilities by being able to perform, at minimum, two broad, but essential functions under duress, i.e., (1.) safeguard supply – value chains by ensuring an acceptable level of preparedness and functionality exists so a company may continue to produce-deliver goods, services, products, etc., for the duration of the adverse event, and (2.)  enable a company to return to an acceptable level of operational normalcy as rapidly as possible.  

Company infrastructures are increasingly complex and nuanced however, and routinely consist of numerous disparate components and inter-dependencies, which, in most instances, extend well beyond a company’s conventional walls or perimeter by virtue of what seems to be ever evolving, dynamic, and converging chains of suppliers, distributors, partners, customers, and other stakeholders, that presumably converge to achieve (the company’s business) goals and objectives. 

Too, by framing organizational resilience planning in a ’strategic roadmap’ context, it elevates management team and board ‘buy-in’ by bringing more clarity and insight to company exposures and vulnerabilities to certain risks, particularly within the supply – value chain.

(This post was inspired by the work of Gregg Goble, Howard Fields, and Richard Cocchiara of IBM’s Resilient Business and Infrastructures Solutions unit and the work of Dr. Marc Siegel, ASIS.)

The ‘Business IP and Intangible Asset Blog’ is researched, written, and produced by Mr. Moberly to provide insights and additional and sometimes alternative views for company management teams, boards, and employees to aid in identifying, assessing, valuing, protecting, and profiting from their intangible assets.  I welcome and respect your comments and perspectives at m.moberly@kpstrat.com.

Organizational Resilience Standards and Stone v. Ritter: Is There Be A Connection?

July 22nd, 2010. Published under Analysis and commentary, Organizational resilience and business continuity/conti. No Comments.

Michael D. Moberly   July 22, 2010

In Stone v. Ritter (as they did in In Re Caremark and In Re Disney) Delaware courts brought attention to board and director oversight of regulatory compliance programs and company assets by stating…

 ’boards must be kept apprised of and receive accurate information, in a timely manner, that’s sufficient to allow them and senior management to reach informed judgments about the company’s business performance and compliance with the laws…’ 

Some court decisions can be precedent setting with the arguments presented by the winning side replicated in the form of framing points for (oral, written) arguments in future (similar) cases.  The prevailing arguments in Stone v. Ritter being no exception, I presume will be replicated in other cases in which board-director fiduciary responsibility (liability) is at issue, e.g., assessing the effectiveness of board and director efforts relative to ensuring their company is compliant with certain regulatory mandates and how personally engaged they are in the oversight (stewardship, management) of their company’s compliance program.

A close and admittedly desirous reading of the Stone v. Ritter decision suggests the ruling may go a long way toward eliminating some of the ambiguities associated with board and director fiduciary responsibilities and liability by bringing clarity to what actually constitutes ‘board oversight’ of a company’s assets which presumably include, both the tangible and intangible variety.

It’s certainly not a stretch then, at least in my view, in light of the collective and recent mishaps of BP, Massey Coal, Toyota, Johnson and Johnson, etc., and the on-going legal wranglings, to anticipate that the Stone v Ritter decision is being closely reviewed with the not so improbable possibility that new litigation will be framed to extend Stone v Ritter concepts to now encompass the newly adopted ASIS/ANSI American National Standard on Organizational Resilience.  

It’s just not out of the real of possibilities to see litigation being brought by stakeholders, in fact they may be remiss if they did not do so, arguing board fiduciary responsibilities should now encompass the highly proactive  ‘organizational resilience’ practices as detailed in the ASIS/ANSI Standard.  That is, in lieu of putting more lipstick on existing business continuity and contingency approaches which remain largely reactive. 

My views are that the prudent ’best practice’ norm for companies now, and for the foreseeable future, lie in organizational resilience programs that systematically identify and actively manage risks that can potentially hinder the achievement of a companies mission which are broadly congruent with the best interests of the public, should adverse events and/or circumstances materialize.

(Thanks to the work of Rebecca Walker in her paper titled ’Board Oversight of a Compliance Program: The Implications of Stone v. Ritter’ for some additional insight.)

 The ‘Business IP and Intangible Asset Blog’ is researched, written, and produced by Mr. Moberly to provide insights and additional and sometimes alternative views for company management teams, boards, and employees to aid in identifying, assessing, valuing, protecting, and profiting from their intangible assets.  I welcome and respect your comments and perspectives at m.moberly@kpstrat.com.