Archive for 'Due Diligence and Risk Assessments'

Risk Perceptions Influence How Risk Will Be Managed

July 3rd, 2015. Published under Design thinking., Due Diligence and Risk Assessments. No Comments.

Michael D. Moberly     July 4, 2015    ‘A long form blog where attention span really matters’!

It should come as no surprise that the way one perceives risk in general, and business risk in particular, influence how, why, and when decisions about managing (business) risk are made.

To be sure, identifying, measuring, and assessing risk are collectively important, as is meaningfulness, specificity, and perhaps most importantly in my view, commonality of (risk) understanding that fosters consensus necessary for decision makers to actually undertake appropriate (risk prevention, mitigation, or management) initiatives.

Again, to no readers’ surprise, an important aspect of recognizing (business) risk today is that it (risk) evolves over time, particularly in terms of how it is characterized, its drivers, and its potential criticality. Countless experiences of my own however, suggest there remain a significant percentage of business decision makers who ‘react’ to risk. That is, their recognition of business risk tends to be either relatively dismissive or, doing (only) what’s necessary to try to favorably restructure the odds that risk will materialize, i.e., vulnerability, probability, and criticality but, absent characterization of risk in a continuum context.

In other words, numerous business decision makers I have met perceive risk through rather fatalistic lens, i.e., assumption and acceptance that adversity (business risk) is generally present or permanent fixtures, conveying little confidence in prevention, mitigation, or management initiatives. Preferably there is change on the horizon though, as more sophisticated risk or its unfortunate counterpart ‘threat’ calculations include more meaningful and relevant probabilities (vulnerabilities, criticalities) which in turn elevate business decision makers’ understanding and fiscal comfort to address risk accordingly.

I envision with greater recognition of the irreversible prevalence – dominance of intangible asset intensive and dependant businesses and markets and the more unique and stealthy risks associated with intangibles will influence business decision makers’ to re-think risk management initiatives and necessities.

Fate and divine providence…

For long periods of time however, events and activities perceived as carrying a probability for adverse consequences, i.e., risk, were often attributed to divine providence or to the supernatural.

During the early periods, prayer and sacrifice were the prevalent means for mitigating a broad range of risks, as was the acceptance of whatever fate that followed. Sacrifice particularly was presumed to appease the spirits (gods) that could impose – bring about adverse outcomes. If however, there was no supernatural spirit or ‘god’ intervention, a business owner could anticipate incurring some level of suffering to their business or person. Presumably, if the ‘gods’ did intervene, a business owner could expect a favorable outcome.

Consequently, it was deemed unnecessary to measure risk in a conventional context due to peoples’ strong beliefs that all events, activities, and outcomes were pre-destined, i.e., they were driven by super natural forces beyond one’s control. ( The above was heavily adapted by Mr. Moberly from Dr. Aswath Damodaran’s ‘Risk Management: A Corporate Governance Manual’, Chapter 4, Stern School of Business, NYU)

Difficult to differentiate risk…

Why do people or businesses engage in risk, and why are significant percentages of people – business decision makers relatively ineffective at assessing risks which they elect to engage?

For one, I suspect there are numerous readers of this blog who have experienced challenges insofar as articulating risk to c-suite colleagues in a manner they understand which allows them to differentiate the act of engaging in circumstances and/or transactions laden with risk relative to any presumed (projected) benefits of engaging in those risks.

Their rationale may, at least in part, be characterized as an anticipated emotional – psychological ‘buzz’ by engaging in behaviors and activities in which risks are obvious and known. For example, one may experience a ‘sense of affirmative relief’ after engaging in certain high risk behaviors, i.e., seeing one’s parachute canopy being fully deployed, or successfully negotiating highway curves while driving at a high rate of speed in a new automobile, or achieving – surpassing projected returns from a risky investment or transaction.

Most of us engage – face risk everyday…

Most of us recognize the reality that we engage – face risk each day, but we wish not to become paralyzed or unnecessarily encumbered, so we proceed. That said, large percentages of us remain inclined to couch – apply the term ‘risk’ in the context of activities – behaviors in which a risk or adversity can be the outcome, particularly when our elective decision to engage that risk is unresponsive to prevention, mitigation, or management strategies we may want to deploy, but materializes anyway.

Still, there are, to be sure, some business decision-makers who do not recognize there is generally some element of risk in most every action – inaction they take. Not infrequently, decision makers elect to dismiss – write off such realities because they assume a sufficient level of (risk) control and oversight can be sustained throughout the life – value cycle of the risk itself.

I am reminded though of the risk of becoming a victim to homicide in the U.S.  On the one hand should we consider only the numerical probability, i.e., x per 100,000 population, this may seem as acceptable odds particularly if we refrain from entering areas where the highest percentage of homicides are reported.  On the other hand, if we consider becoming a victim of homicide on the basis of whom our murderer is likely to be, i.e., spouse, relative, loved one, or close friend, such knowledge may influence us to re-frame our choices about engaging is certain risk producing behaviors with those individuals.

There are chronic risks and acute risks…

Examples of chronic risks include such things as consistent smoking of cigarettes or eating food with high levels of trans fats known to produce adverse health. As chronic risks, individuals so engaged, may not seem to give a great deal of consideration to the harm they are producing to their body. Such personal dismissiveness is frequently linked to their perception that continuing to engage in such risky food selection-consumption behaviors and the potential adverse affects those habits produce in their bodies and manifest as physical diseases may materialize over time – in the distant future, at which point the risk taker assumes they can be reversed by surgery or managed, mitigated, or controlled by ever sophisticated medical intervention. In the interim, acknowledged assumption – continuation of those risky behaviors are likely to continue.

Most are inclined to approach what they perceive as small risks, particularly risks which spread over a period of time before they begin to experience initial adverse reactions, i.e., the materialization a the flu attributed to not getting a flu vaccination.

Indeed, it would be interesting if we could construct a cigarette that would cause immediate adverse (physiological) reactions to smokers versus risks that manifest overtime and which many no doubt rationalize and assume they have some control over, i.e., can cease at will and reverse any previous adverse harm.

Examples of acute risks, on the other hand, include rather obvious high risk activities such as sport parachuting, scuba diving, running a marathon, or becoming a ‘wing suitor’ that jumps off high elevations. For each activity deemed acute risks, there is data that describes such risks in probabilities, e.g. one in one million probability if we engaged in one of these activities, we may experience serious injury or death. (BBC World Service, ‘The Why Factor’ hosted by Mike Williams program titled ‘why people take risks’, June, 23, 2015)

Risk media paradox…

We are in the midst of a risk – media paradox. For example, commercial air travel has become an increasingly safe mode of travel. However, as air travel safety increases, i.e., passenger air miles without crashes, there tends to be greater media coverage when a airplane catastrophe does occur. Thus, the more difficult it becomes to measure – assess human assessment of real risk

Understanding risk…

Ultimately, to effectively mitigate risk, one needs to genuinely understand the risk they or others are engaging. But risk understanding – assessment does not stop there. One also needs to understand (identify – assess) each component part to the risk, that is, the variables that can emerge once a risk activity or task is undertaken and should a risk materialize, will it alter the risks’ initial calculations, i.e., mitigation, prevention, management, etc.

Understanding risk also includes identifying and factoring any systemic risks present which could exacerbate the risk activity – behavior to the point it becomes multiples of the assessment of the initial vulnerabilities – probabilities of acceptable ranges of risk.

Receptivity for engaging in calculated risks…

Of course, there is a growing percentage of individuals who are receptive to engaging in what they perceive – assume to be ‘calculated risks’ an acceptable portion of which presumably can be controlled and mitigated through preparation, practice, and exceptional equipment.

When one does incur an adverse outcome as a result of engaging in a particular risky activity where reliance on the proper functioning of equipment, machines, or processes to achieve a successful (non-injurious) outcome, but there are equipment – process failures, i.e., parachute canopy not deploying, one’s concerns for their safety are likely to heighten substantially. No ‘rocket science’ here!

But, at what point do risk probabilities actually rise to the level of getting decision maker’s ‘go – no go’ attention? Generally, it’s very challenging for people to grasp risks when they are couched in say 4 chances per million contexts.

But, when risk-probability calculations lie in the 1 or 2 per one hundred thousand or lest, at this point, decision makers – risk takers often start to take more notice and may even back away from an activity or transaction that carries such success – failure calculations. Thus, for people engaging in acute categories of risk, there are brief periods of time when the risk taker – business decision maker retains the ‘go – no go’ option.

People tend to perceive – characterize risk on very emotional scales…

It’s probably far too much to assume people should assess each and every risk they engage. But, many argue that humans are inclined to approach most risk on very emotional levels, e.g., citizen willingness to engage in commercial flying following the U.S. terrorist attacks of 911 reduced significantly

So, as people act emotionally and perhaps quite rationally to such events when they sense too much risk to fly commercially, they revert to alternative modes of travel, i.e., driving their cars. Very respectfully, while the U.S. lost 3500+ citizens to the 911 terrorist attacks, the U.S. lost an additional 1500+ above what was forecasted to automobile accidents in the year following 911, but with no comparative, emotional or otherwise, adverse reaction. (The above was heavily adapted by Michael D. Moberly from BBC’s ‘The Why Factor’, Dr Mike Aitken, Lecturer, Experimental Psychology, Institute of Psychiatry. Psychology and Neuroscience. King’s College London. Professor David Spiegelhalter, Professor of the Understanding of Risk Statistical Laboratory, Centre for Mathematical Sciences, Cambridge University worked with BBC Lab UK to create the Big Risk Test, a mass participation survey into why some people are risk-takers and other are risk averse.)

Intangible Asset OPSEC

April 25th, 2014. Published under Due Diligence and Risk Assessments, Intangible asset protection. No Comments.

Michael D. Moberly  April 25, 2014   ‘A long form blog where attention span really matters’.

This post is written for entrepreneurs, researchers, and companies who recognize the importance and value of retaining some semblance of confidentiality regarding perhaps a pending merger, acquisition, R&D project, new product launch and/or public rollout. The following is one example.

I colleague of mine who very deservedly is a highly sought after ‘chief security officer’ (CSO) for Fortune ranked technology firms. In a previous CSO position he assumed enterprise wide responsibility for maintaining absolute secrecy regarding a newly developed product and its launch at the annual ‘consumer electronics’ show in Las Vegas. His efforts were successful, that is, there was no evidence of leakage or premature disclosure that would have provided fodder for analyst speculation that may have, at least partially, negated – undermined the company from experiencing a rapid 300% increase in its stock price following its public launch at the show.

In the U.S. Silicon Valley, where there are large numbers of extraordinarily sophisticated, and globlly predatorial competitor – business intelligence activities ongoing, coupled with the somewhat incestuous employee fire – hire – rehire environment, maintaining comprehensive project – product launch secrecy for any substantial length of time is, to be sure, is a significant responsibility and undertaking encompassing countless variables.  Though, my colleague is and remains an ardent advocate and practitioner of OPSEC.

The Origins of OPSEC

As a methodology, OPSEC (operations security) emerged in 1967, during the Viet Nam war, when a small group of U.S. Navy personnel were tasked to determine how the enemy was obtaining advance information about U.S. military combat (air, ground) missions. The enemy, in this instance, was the Viet Cong, the North Vietnamese Army and their various allies.

This group of Navy personnel learned that, in many instances, there was an abundance of unclassified ‘indicators’ that were readily observable by adversaries that, in many instances, signaled a pending military mission or operation.

The enemy’s intelligence collection and analysis methodologies were quite unsophisticated, generally relying on personal observations and understanding which indicators were relevant, which in turn allowed them to ‘connect the proverbial dots’ to develop a rapid and frequently accurate assessment of (a.) the capabilities of the particular combat unit involved, and (b.) it’s intentions, which included the missions’ intended target.

As the adversary’s honed their observation and analytical skills insofar as recognizing mission/operation ‘indicators’, the always desirable and preferred element of surprise was routinely being compromised, along with a reduction in mission effectiveness. More importantly however, the military personnel executing the compromised missions were now being exposed to greater risk.

In short, the U.S. Navy personnel charged with examining how missions – operations were being compromised came to learn that, even though mandated security and intelligence countermeasures were being used, reliance solely upon them, was insufficient to completely deny adversaries from surmising mission intentions and capabilities to their benefit.

It was ultimately concluded that, if military operations ‘were examined through the eyes of the adversary’, i.e., from the planning phase through execution, mission planners would themselves come to recognize and ultimately eliminate the myriad of subtle and often indirect indicators, i.e., actions, behaviors, etc., that ‘signal’ a pending operation.

Then, as now, operations security (OPSEC) is associated with the planning and executing operations in which…

  • secrecy
  • integrity, and the
  • element of surprise

…are absolutely essential to mission success and mitigating personnel  risk!

Since the Viet Nam war, the OPSEC process has undergone numerous revisions and refinements. Its benefits are now widely recognized and applied throughout much of the defense, public law enforcement and even certain corporate R&D environments.

What Is OPSEC?

OPSEC is a specialized security discipline. It focuses on discovering and eliminating the indirect ways in which information assets pertinent to the planning and execution of an operation and/or project can become known to and used by an adversary to undermine the mission’s success and elevate exposure to risk

OPSEC emphasizes the view that adversaries have a consistent interest in acquiring information that will aid them to evade (a.) detection, (b.) capture and arrest, and (c.) otherwise permit them to continue their intelligence collection activities unabated.

Insofar As The Private (Tech) Sector Is Concerned, The Key To OPSEC’s Success Is Examining Projects Through The Eyes Of Economic and Competitive Advantage Adversaries

To be effective in today’s global business environment, a company must be able to systematically examine all planning and execution related activities ‘through the eyes’ of their known economic and competitive advantage adversaries, which entails…

  • assessing the adversary’s motivations, intentions, and capabilities to actually detect and exploit relevant intangible assets, particularly intellectual, structural, and relationship capital.
  • eliminating, or, at least minimizing preparatory ‘indicators’ related to pending operations, projects, and R&D throughout the planning and execution stages.

In my judgment, each OPSEC principle is readily translatable to the private sector. It’s merely a matter of recognizing how military related goals fit a private sector initiative or transaction.

For example, companies, be they Fortune ranked or early stage start-ups, that are about to ‘go public’ with a new product, service, or technology have an interest in discovering and eliminating even the most subtle indicator that could become known and applied by competitors to undermine and/or deny success.

I am hard pressed to identify any circumstance in which it would be in a company’s interest to inadvertently or negligently provide a close competitor with advance notice. Given the aggressively competitive, globally predatorial, and ‘winner-take-all’ nature of most companies today, any advance notice would give competitors ample time to develop a counter campaign of sorts, to undermine the projected success of a new products’ rollout, merely because ‘the element of consumer surprise’ was absent.

There is little question that the combined elements of consumer anticipation and surprise are valuable commodities to the private sector!

But, in part because of how and why OPSEC originated, particularly perhaps its association with military (war) operations, there have been challenges to overcome (address) with business decision makers to render it a more appreciated application, not solely to new product launches, but also to various types of business transactions in which confidentiality and due diligence are essential, e.g., mergers and acquisitions, etc.

A key and very favorable factor, insofar as applying OPSEC to private sector transactions is concerned is the economic fact that 80+% of most company’s value, sources of revenue, and competitive advantage now lie in – evolved directly from intangible assets.

So, an initial step is for a company to recognize various ways in which valuable intangible asset shrinkage – compromise – misappropriation can prematurely occur to benefit a competitor and its market space. Company leadership must too recognize that some intangibles may not meet the six requisites of trade secrecy, but still they may be identified as proprietary and remain out of the public domain for as long as possible so the company is positioned to take full advantage – exploit their intangibles before any (global) competitor can mount a counter move designed to undermine and/or diminish any projected successes.

Translating OPSEC To The Private Sector

To security practitioners already well versed in the principles and practices of OPSEC, the safeguarding and preserving the value of the array of contributory intangible assets, while being (a.) integral to OPSEC and (b.) routinely part of conversations among company decisions makers, the term OPSEC itself, is rarely uttered because a significant percentage of business decision makers are far removed from any defense and/or military reference points on which OPSEC was founded.

Too, well practiced OPSEC is not reliant on any particular automated procedure. Instead, OPSEC is dependent on a high level of (user) internalization coupled with keen awareness and observation skill sets in which users and decision-makers consistently examine most all of their business-related activities through the eyes of global economic and competitive advantage adversaries

Broadly speaking, these OPSEC attributes are, in some respects, the antithesis of the very technical and procedural (disclaimer and liability influenced) rigidity associated with most computer/IT security (software) programs and/or enforcement provisions related to intellectual property law.

OPSEC compliance and its ultimate value – contribution to a company is, for the most part, dependant on people – user awareness, and alertness. Figuratively then, OPSEC may be more art than science, but it is quite successful.

Intangible Asset Due Diligence

April 23rd, 2014. Published under Due Diligence and Risk Assessments. 3 Comments.

Michael D. Moberly    April 23, 2014    ‘A long form blog where attention span really matters’!

Conducting intangible asset due diligence is essential because today, as much as 80+% of most company’s value, sources of revenue, and competitive advantages, etc., lie in – evolve directly from intangible assets. That’s a globally universal economic fact! Too, the various transactions a company routinely engages, one can be assured, intangible assets will inevitably be in play and therefore their status can affect any transaction outcome.

Intangible asset due diligence is not an exercise that is useful only after a company suspects or experiences the materialization of a risk, i.e., misappropriation, infringement, etc., or is notified they are a defendant to a lawsuit!

Equally important, intangible asset due diligence, given the complexities involved, should not be a mere confirmatory review that certain intangibles are present using a generic, one-size-fits-all checklist.

Intangible asset due diligence is obliged to provide decision makers with…

  • actionable recommendations for making sound business decisions about preserving, managing, positioning, and extracting value from the assets in play.
  • an objective sense of the targeted assets’ fragility, stability, defensibility, and value insofar as projections of deliverable revenue and competitive advantages.

When conducting intangible asset due diligence, a first responsibility is to understand the target company by becoming familiar with its intangibles, i.e., the underlying intellectual, structural, and relationship capital particularly.

When should companies conduct their intangible asset due diligence? In most circumstances, its best to engage in preliminary due diligence should be conducted as a prelude to any transaction in which specific, i.e., the sought after intangibles will be in play. Thus, intangible asset due diligence should be analogous to asset monitoring and conducted in both pre and post transaction contexts.

How will intangible asset due diligence benefit your company? In any business transaction in which intangible assets will be integral to the outcome, due diligence can enable and facilitate a more secure and profitable transaction (not impede it) by providing decision makers with clear and timely insights, i.e.,

  • Identifying embedded – under-the-radar risks, vulnerabilities, and operational complexities that contribute to impairing or entangling knowledge-based assets and serve as preludes to costly and time consuming disputes and challenges…
  • Identifying and unraveling internal centers, chains, or clusters of intangibles and competitive advantages and assess the adequacy of safeguards.
  • Bringing operational – economic clarity to the target company’s intangible assets, intellectual property, know how, brand, and competitive advantages, etc.
  • Identifying efficient – effective protection – value preservation measures that are aligned with a transactions’ objective and the company’s strategic business plan, i.e., projected returns, exit strategy, as well as the life – value cycle of the assets in play.

Reader comments and inquires are always welcome at 314-440-3593 (St. Louis) or

Intangible Asset Risk Assessments: Qualitative vs. Quantitative

February 27th, 2014. Published under Communicating Risk, Due Diligence and Risk Assessments, Enterprise risk management.. No Comments.

 Michael D. Moberly    February 27, 2014   ‘A blog where attention span really matters’.

As most readers of this blog recognize, generally through their personal – professional experiences, assessment and management of (company) risk has indeed become increasingly more complex and multi-faceted, particularly as we endeavor to guide our company’s and/or clients through the respective operational, audit, compliance, and budgeting obstacle course.

Throughout this so-called obstacle course, it is likely we will become inclined, at some point, to justify most, if not all of the factors used to assign a reasonably correct ‘risk rating’ to the various business units within our company or that of our clients.

But, and probably rightfully so, more company decision makers are requiring quantitative (data) driven findings to support a particular risk rating. So, no longer can security – risk management practitioners find comfort by focusing their attention almost exclusively the rather archaic latest zero-day risk materialization or exploitation events. To be sure, that landscape has changed so significantly that we must assume greater responsibilities.

So, in the security, asset protection, and risk-threat assessment and management arena, presenting a risk-threat rating that is simply or solely based on numbers may not result in the best (risk, threat) analysis that we are seeking. Thus, one path that gets us closer to arriving at a more accurate understanding of the actual risk-threat level necessary for business strategic planning and decision making, it’s necessary to introduce and factor multiple elements in the risk-threat analysis equation.

Thus, as we more routinely adopt a more inclusive and/or multi-dimensional view toward assessing risks and threats, additional complexity will likely be one outcome, e.g., quantitative and qualitative forms of measurement.

Quantitative risk-threat assessment…
Quantitative risk assessment surfaces as we develop the ability to assign a (specific) dollar amount/value to a specific risk or threat should it materialize. As an example, let’s apply quantitative risk assessment to a healthcare institution.

For simplicity, there are 1,000 confidential patient records and data that reside in a single database. This particular database is directly accessible by a web server which resides in a semi-trusted environment.  That of course, constitutes a vulnerability (risk) in itself, and any compromise of the method in which the web server communicates with the database would likely result in the exposure (comprise) of all 1,000 patient records holding confidential data as conveyed by HIPPA (Health Insurance Protection and Portability Act).

Too, for discussion sake, and to add further complexity, during a recent ‘business impact analysis’ or BIA, it was found that the replacement cost for each compromised patient record would be $30. This cost includes (a.) contacting each patient to inform them of the compromise, (b.) changing each patients account numbers, and (c.) printing new health cards.

From this, one can easily determine that the maximum quantitative loss associated with a full compromise of that system is conservatively estimated at $30,000, excluding of course, the inevitable litigation. No doubt, as readers already surmise, there is more to consider. But does quantitative risk always have to ‘map out’ the money (loss or cost) aspects associated with materialized risks-threats?, probably not, because in many instances controls are automated with internally consistent and repeatable numbers being generated that can be used to create an alert dashboard or report directed to business unit managers when breaches or other adverse events occur.

Qualitative risk-threat assessment

Qualitative risk-threat assessment, on the other hand takes a different form. To demonstrate qualitative risk-threat assessment it is important to introduce additional factors, i.e., threat-risk vectors into the above example.

The first is, we learn that the patient database that previously held 1,000 records will now hold 10,000 records, possibly rising to 500,000 patient records. We also learn that (a.) multiple groups and/or business units within the healthcare institution will have access, and (b.) the capability to modify patient records, and (c.) the database/system will now come under the control of a different unit, i.e., the company’s Operations Group.

Obviously, substantive changes like this elevate – bring additional complexity to the risk-threat assessment we are endeavoring to calculate.  Too add yet another layer of complexity to our risk-threat analysis, we are informed by the audit unit that the data in the database is (d.) neither encrypted in transit to the web server or at rest on the database. The coup de grace follows with the audit unit giving exactly ninety days to document and remediate these adverse set of circumstances, i.e., risks, threats, vulnerabilities, because, as it stands, this healthcare institutions IT system is not in compliance with HIPAA.  Collectively, the additional factors serve to expand the risk-threat equation.

Now that these vulnerabilities (risks, threats) are known to exist relative to the institutions’ IT system, the next steps involve determining (a.) linking costs to any actual compromise, i.e., the materialization of a risk-threat or vulnerability being exploited, and also (b.) the probability that a specific or possible multiple vulnerabilities that have been identified will be discovered and adversely exploited by bad actors, or (c.) a single vulnerability materializing and cascading throughout the IT system.

Assessment process…

The assessment process commences by examining the cost(s) associated with potential compromises, as (a.) single acts, (b.) as multiple acts occurring simultaneously, and (c.) the potential for adverse cascading effects throughout the institution, well beyond perhaps the IT system itself.

Because we now know there may be in excess of 500,000 confidential patient records stored on the database, it’s often prudent to consider – factor absolute worst-case scenarios, i.e.,

500,000 records X $30 remediation cost per record = $15 million.

In most any company’s perspective, the possibility of $15 million dollars being ‘at risk’ is significant. One problem associated with relying solely on this formula is that it is largely one-dimensional. In other words, just because a banks has $100 million in cash in its vault does not translate that the money could be easily stolen from the vault.

So, being prudent security – risk management professionals, we must have other way in which to assign a particular level of risk to a particular vulnerability that fully considers multiple (known) risk factors, not just one, or absent the possibility multiple risks could materialize in some manner of sequence and cascade.  Such added (risk-threat-vulnerability) complexities should prompt practitioners to re-visit qualitative risk ratings.

One reason is because many companies, organizations, and institutions learn there is a necessity to have multiple, perhaps three to five qualitative risk levels which may be addressed in relatively simple, but in my view, ambiguous terms like low, medium and high.

Sources for quantitative and qualitative data…

Based on my own experiences, I, and many other security – risk management professionals information and insight related to quantifying probabilities for risk-threat materialization is acquired from such sources (a.) penetration tests, and (b.) vulnerability scanners.

Generally, these sources produce good and relevant information, but it’s important to acknowledge that it may be from delivering the necessary complete risk-threat-vulnerability picture because either can, and frequently does change rapidly and routinely. Consequently, in addition to conventional risk-threat-vulnerability assessments, each must be routinely monitored for the inevitable changes. A critical part of which is internal, that is information about the activities of legitimate and authorized users of the IT systems, i.e., such things as where do they go, what do they do, what do they click on, etc.

Welcome inspiration for this post is gratefully attributed to Stephen Sims of the Sans Institute  Other Related Articles in Audit and Governance


Company Culture Due Diligence

January 6th, 2014. Published under Company culture and reputation., Due Diligence and Risk Assessments. 1 Comment.

Michael D. Moberly    January 6, 2014    ‘A blog where attention span matters.

 A company initiating, or even contemplating, a merger or acquisition would be well served today if a company culture analysis was included in their overall due diligence strategy!

The reason, as conveyed here many times, is that increasing percentages, i.e., 80+% of most company’s value and sources of revenue either lie in or directly evolve from intangible assets, which company culture is one.  It’s correct to assume then, that a substantial factor in the rationale if the initiating company’s seeking an M&A evolve around merging or acquiring particular intangible assets which the target firm already has in place and collectively exist in the form of intellectual, structural, and relationship capital.

From an operational perspective, intellectual and structural capital constitutes the knowhow and processes which collectively underlie the revenue, competitive advantages, and efficiencies, etc., being sought.  So, in M&A transactions, acquiring unimpeded use and control of these valuable assets becomes the underlying starting point for achieving the projected (desired) transaction outcomes.

Unfortunately, for the uninitiated, a target company’s culture, as well as other intangible assets, may be overlooked, dismissed, or even deemed irrelevant to a transactions’ projected outcome.  It’s equally unwise to assume, should a proposed transaction, i.e., M&A, strategic alliance, etc., be favorably executed, that the sought after intangibles can be necessarily (individually) separated, extracted, and  exploited apart from a company’s culture. Today, transaction management teams are obliged to understand that are intangible assets quite indivisible from its culture, particularly intellectual, structural, and relationship capital which are generally embedded in various operational processes and integrated throughout an enterprise,.

Transaction management teams again, would be well served to recognize a company’s culture as being an invisible (intangible) temperament and/or attitude that connects and bonds companies, employees, and stakeholders together, says Grant McCracken, one, among several prominent company culture specialists today, specializing in the intersection of commerce and culture, i.e., where company culture sits at the intersection of anthropology and economics.

So, from McCracken and others’ work in this arena, we see perspectives emerging, that company culture is being likened to an ‘internal version of a company’s brand’.  That’s largely attributable to a broader recognition of the reality that company culture generally encompasses a company’s mission, its vision, its values, and its intangible assets.

Clearly McCracken understands how an effective (company) culture can impact a business, e.g., “culture is a company’s last mile” he often emphasizes as he makes a very compelling case that a company’s culture is marketing’s newest version of the proverbial ‘silver bullet’.  Certainly, no disagreement here!

But, before embarking on a company culture analysis, says Monica Mehta a writer for Profit and Profit Online, the target company should be distinguished on several cultural dimensions often conveyed as dimensions between two extremes as Ms. Mehta has portrayed so well here…

So, there should be less resistance to including company culture analysis as an integral component to transaction due diligence.  In my view, each of the dimensions above apply to corporate cultures, and can serve as effective starting points for culture assessment and due diligence. It is important to realize, as Ms. Mehta points out, there may be no, necessarily right or wrong (company) culture at the analysis stage.  The initial key is that due diligence teams are operationally familiar with the characteristics and features of their own company’s culture.
In Ms. Mehta’s example, the following can be observed with respect to Company #1…
  • it is engaged in public manufacturing with a strong western, primarily U.S. oriented, business culture.
  • the nodes confirm the company has an individualized (work ethic) orientation overall wherein employees have the opportunity to work in a meritocracy fashion.
  • is very rules-oriented, i.e., there is a process for most every function or task.
  • due in part to its public nature, the Company #1 has a relatively short-term focus, e.g., new business strategies need to pay off – produce a return on investment within each fiscal year.
  • tends toward a (McGregor) Theory Y perspective, wherein managers assume employees are (self) motivated to perform well providing their efforts are duly and appropriately recognized., i.e., the bonus program, based on over-performing on the goals, can be found on the company’s intranet, next to all other procedural descriptions
  • is relatively internally focused, and plans its business using a traditional – conventional budget scheme.
  • benefits from the best practices of performance management, i.e., a top-down strategy for task implementation, coupled with openly shared feedback with a ranking of the best-scoring people in sales.

On the somewhat opposite extreme, Company #2 would likely not be as successful because Ms. Mehta suggests…

  • it has been a family-owned business for multiple generations with senior management knowing most of the employees, many of whom have worked for the company their entire professional lives.
  • the next generation of ownership is growing up and the company needs to secure their future too.
  • the culture of the company is externally focused which suggests it can only survive in the market by sustaining its extreme customer focus.
  • of the company’s decision-making process, i.e., senior management ask for input only from a few trusted employees, and then the family will make a decision with information eventually being shared with the staff, but usually verbally and in informal meetings.
  • while the company has performance indicators, they are mostly aimed at how the company is performing in the eyes of the customers.
  • rewards are not directly tied to performance during a specific period, rather the family rewards loyalty and provides bonuses when deemed necessary.

In closing, while I am a strong advocate of company culture due diligence, standing alone, culture alignment does not guarantee a successful and profitable transaction, i.e., M&A.

For example, if Company #2 is realizing losses, perhaps some elements of the performance management practices of Company #1 need to be adopted.  Conversely, if Company #1 is experiencing a substantial growth phase, key people (and their respective intellectual, structural, and relationship capital abilities) need to be retained to manage that growth with these individuals becoming part of the company’s inner circle of strategic thinkers and decision makers.

Thus, the insight that a company culture analysis (due diligence) would bring to transaction oversight could ultimately set a strategic path how (culture) performance management should be conceived and implemented. But, transaction management teams should also recognize that (culture) performance management it can work as a measurement mechanism that drives employee behavior.

So, if there are particular aspects of a target company’s culture that appear undesirable or otherwise may impede a transactions projected milestones for success they may warrant change.

Otherwise if there is too much…

  • of a group focus, individual performance indicators may be useful, or
  • of a long-term focus, short-term targets may help, or
  • if relationship (capital) focus turns into nepotism, more uniform reward processes may be needed.

This post was inspired and adapted from work authored by Monica Mehta in a February 2009 piece in Profit and Profit Online.

This blog post has been researched and written by me with the genuine intent it serve as a useful and respectful medium to elevate awareness and appreciation for a wide range of issues related to intangible assets within the global business community.  My posts are not intended to be quick bites of unsubstantiated commentary or information piggy-backed to other sources.

Comments regarding my blog posts are encouraged and respected.  Should a reader elect to utilize all or a portion of my posts, full attribution is expected and appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance or business transaction.  I always welcome your inquiry at 314-440-3593 or






Business Culture Due Diligence

December 21st, 2013. Published under Due Diligence and Risk Assessments, Intangible asset focused company culture.. No Comments.

Michael D. Moberly    December 21, 2013   ‘A blog where attention span matters’.

Yes, through some practitioner’s lens, business culture due diligence is synonymous with human due diligence.  Agreed the term culture is one with sociological roots, and of course, sociology is the study of ‘people’ interactions.  And, understanding a company’s culture, in any type of transaction, is an important component that goes toward ensuring the desired outcome(s) will be achieved as planned.

I, on the other hand, as an intangible asset strategist and risk specialist hold the view that business culture due diligence in, let’s say, a merger – acquisition context, must go well beyond prognostications about how two distinct company cultures’ will or will not effectively merge or be receptive to being united and/or positioned to create greater efficiencies, maximize distribution channels and/or mitigate overlap, etc.

Instead, I hold the view that business culture due diligence, while being a very necessary element to any and every transaction, the term ‘business culture’ itself should be distinguished in intangible asset contexts, i.e., intellectual, structural, and relationship capital.  The product of the due diligence I advocate and practice actually drills down to and distinguishes the core assets which we know underlie a transaction delivering superior vs. mediocre returns, or utterly failing.

On the downside…

As noted in previous posts regarding due diligence at this blog, an undesired outcome of engaging in a business transaction, absent the benefits and insights of a business culture due diligence action that distinguishes the intangibles in play, is that there is a significant probability a substantial loss of talent in the form of intellectual, structural, and relationship capital, will commence once rumors of a merger are uttered.  Too, this downside reality will likely escalate following an official announcement of a pending (merger) transaction.

At the 30,000 foot altitudes of deal making, and deal makers who are operationally unfamiliar with or dismissive of the contributory role and value of intangible assets, the potential problems and/or challenges posed by intellectual (structural and relationship) capital attrition for both the near and long term, may initially appear as mere blips on their respective radar screen, and thus readily dismissed.

However, through countless studies, papers, and articles, a clear picture emerges which shows companies are likely to continue to lose disproportionate levels of intellectual capital, i.e., executives and management team members long after a mergers’ execution, due to, among other things, confusion over and differences in managerial styles and decision-making.

As noted in Jeffrey Krug’s piece in Harvard Business Reviews’ (February, 2003) Forethought, titled “Why Do They Keep Leaving?”, for those individuals (and their respective intellectual, structural, and relationship capital) that remain, post merger, differences in decision-making styles will inevitably produce infighting, causing decisions to be postponed or blocked altogether.

Thus, having some assurance that the effective integration of intellectual (structural, relationship) capital will neither stall nor prompt declines in productivity is essential.  Krug’s research states that nearly two-thirds of companies will lose market share in the first quarter following a merger. By the third quarter that figure may climb to 90%.  I suspect when such disastrous outcomes occur, if due diligence was undertaken prior to deal execution, it did not engage ‘transaction critical’ intangible assets.

On the upside…

On the upside, intangible asset focused due diligence for mergers, or most any business transaction, can help deal makers mitigate, if not avoid the above types of problems and challenges altogether.  Intangible asset based due diligence will reveal and unravel these and other potential and often times unforeseen fissures and friction points in advance and make them integral to the transaction negotiations and perhaps most importantly, distinguish them in intellectual, structural, and relationship capital contexts.

The value then of conducting pre-transaction (intangible asset focused) due diligence coupled with monitoring key – contributory value intangible assets for a specified period following execution of a transaction have become imperatives which no deal/decision maker should dismiss.  After all, it is an economic fact – business reality today that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability globally, either lie in or evolve directly from intangible assets!

Respectfully then, excluding intangible assets, that underlie the value and rationale for most mergers, as well as many other types of transactions, from due diligence, constitutes a substantial risk which I advise my clients to avoid.  And, if the targeted company expresses unwillingness, or otherwise is not receptive to intangible asset focused due diligence it may well be a harbinger or predictor of ‘on the horizon’ challenges.  Thus, demanding a comprehensive intangible asset focused due diligence would be especially insightful.

This blog post has been researched and written by me with the genuine intent it serve as a useful and respectful medium to elevate awareness and appreciation for intangible assets throughout the global business community.   My blog posts focus on a wide range of issues related to intangible assets and intellectual property.   Respectfully, each post is not intended to be quick bites of  unsubstantiated commentary or information piggy-backed to other sources.

Comments regarding my blog posts are encouraged and respected.  Should any reader elect to utilize all or a portion of my posts, attribution is expected. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance or business transaction.  I always welcome your inquiry at 314-440-3593 or

Company Culture, Intangible Assets, and Due Diligence

December 20th, 2013. Published under Company culture and reputation., Due Diligence and Risk Assessments. No Comments.

Michael D. Moberly     December 19, 2013    ‘A blog where attention span matters’!

Company culture is a powerful and lucrative intangible asset, but it requires consistent due diligence, i.e., stewardship, oversight, and management, that is, if a company’s leadership wish it to remain intact.

Throughout the past 15+ years, particularly following the 2001 Brookings Institution publication of…

  • ‘Intangibles: Management, Measurement, and Reporting’ authored by Baruch Lev, and
  • ‘Unseen Wealth’ authored by Margaret Blair and Steven Wallman.

the economic fact that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, sustainability, and profitability globally, either lie in or evolve directly from intangible assets is being minimally acknowledged as a business reality, but unfortunately, seldom executed!

Of course, there have been equally thought provoking books, articles, studies, and position papers written by subject matter experts such as Dr. Nir Kossovsky and ‘reputation risk’, Mary Adams and ‘intellectual capital’, and Jonathan Salem Baskin and ‘brand’ and many others, including my own that is scheduled to be published in Spring, 2014 on the ‘management and safeguarding of intangible assets’.

A small, but never-the-less integral component to each of these books, plus numerous other works by colleagues in the intangible asset arena, addresses the role and value of the ‘company culture’ as a powerful, lucrative, and brand building intangible asset.

For some management teams, c-suites, and boards, ‘company culture’ are elusive and imprecise which are well suited (applied) in San Jose, California’s ‘silicon valley’ technology firms which carefully manage and hype their respective work environments’ as constituting somewhat of a ‘spiritual’ environment, i.e., culture, purposefully designed and intended to be a consistent and positive driver for collaboration, creativity, and productivity.

The relevance of a positive company culture in terms of its collective ‘contributory value’ to that collaboration, creativity, and productivity, too many, is very clear and rational.

The passing of Steve Jobs (Apples’ founder) has rejuvenated interest among academics and management analysts alike to articulate a ‘before and after’ (longitudinal) picture of Apple’s culture and its potential for replication through a feature film and various documentaries that endeavor to capture his self-characterized maniacal interest in sustaining Apple’s culture of annual technological breakthroughs and product marketing instincts.

In other words, I suspect there will be numerous, presumably well intentioned initiatives to gauge the permanency, relevance, and value of a ‘company culture’ comparable to that which was obviously embedded throughout Apple.  Another film, ‘J Edgar’ depicts the evolution of an institution’s culture which lasted for 50+ years is, which of course portrays the deeply held beliefs and style of oversight of the U.S. Department of Justice’ Federal Bureau of Investigation’ long time Director, J. Edgar Hoover.

Given these two, perhaps, extreme examples, please don’t overlook the positive reality that a finely tuned and managed ‘culture’ can be a powerful revenue producing and much respected intangible asset attribute to a company.  On the other hand, a company culture that emits arrogance, which admittedly there may be a relatively fine line between arrogance and confidence, can stifle receptivity to incorporating new practices and inhibit much needed – essential introspection by company management teams.  Irrespective of Steve Jobs’ and J. Edgar Hoover’s respective maniacal managerial styles, somehow, room remained for the former at least, for linking individual and collective creativity as an expectation of performance.

In a January, 2012 article titled “Apple Without a Core,” (Report on Business) author Timothy Taylor asked how valuable ‘taste’ is, as an asset, which readers know was a consistent refrain of Steve Jobs.  Consistently projecting ‘taste’ in a product marketing and consumer context, is again, in my view, a powerful and lucrative intangible asset which many business leaders aspire and/or purport to possess, but again can be stifled or suppressed altogether by managerial arrogance or over-confidence!

To support Jobs’ perspective of ‘taste’ as constituting a valuable (intangible) asset, Taylor identifies three attributes of Apple’s brand, i.e., Jobs’

  • own sense of taste.
  • personal energy, and
  • himself, as constituting a unifying symbol to and for the company.

Having visited the Apple campus on several occasions, I found it evident, as I’m confident others did as well, ‘Jobs’ taste, energy, and unifying symbol, were truly embedded (intangible) features which much importance was attached.  As to Jobs’ sense of taste, a quote attributed to him is…

“the only problem with Microsoft is they just have no taste. People like symbols. So I’m the symbol for certain things.”

Without Jobs, Taylor suggests, Apple’s brand (and, presumably its culture) would be vulnerable to competitors.  We already see some evidence of this occurring now, whether it can be correctly attributed to the absence of Steve Jobs, various 2013 litigation outcomes, or some combination will, I’m confident, be subject to much debate for years to come. (The above piece was inspired by articles respectively titled ‘Defining the Value of Culture Within An Organization’ authored by Bill Bliss and ‘Apple Without A Core’, authored by Timothy Taylor.)

However, in many respects, what occurs at Apple, with respect to the sustainability (legacy) of the company culture largely attributed to Steve Jobs, reflects a common business problem. That is, c-suites, boards, and management team members frequently underestimate the significance of employee originated assets, i.e., intellectual, structural, and relationship capital as constituting underliers to a company’s culture.

Again, with respect to Apple, and Steve Jobs in particular, there is no shortage of articles, books, and papers that put forth various descriptions of the ‘apple experience’.  But, few, if any have addressed Apple, post-Steve Jobs, in an ‘intellectual, structural, and relationship capital’ due diligence context.  That readers, is what’s missing, but absolutely must be done!

This blog post has been researched and written by me with the genuine intent it serve as a useful and respectful medium to elevate awareness and appreciation for intangible assets throughout the global business community.   My blog posts focus on a wide range of issues related to intangible assets and intellectual property.   Respectfully, each post is not intended to be quick bites of  unsubstantiated commentary or information piggy-backed to other sources.

Comments regarding my blog posts are encouraged and respected.  Should any reader elect to utilize all or a portion of my posts, attribution is expected. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance or business transaction.  I always welcome your inquiry at 314-440-3593 or

Entrepreneurs and Patents…

June 22nd, 2013. Published under Due Diligence and Risk Assessments, Enterprise risk management., Intangible asset protection. 1 Comment.

Michael D. Moberly    June 21, 2013     ‘A blog where reader attention span matters’.

There are and infinite number of interpretation to what is routinely referred to as what ‘the American dream’ and an equal number of paths how to achieve it.  The notion of ‘the American dream’ has certainly embedded in political rhetoric as one need only watch C-SPAN and listen to countless elected politicians consistently apply those three words to produce – elicit a myriad of emotions, imaginations as well as anger and frustration among their so-called target audience at the time.  The lingering effects of the 2008 economic recession are still very much evident in most sectors as many Americans and certainly citizens in numerous other countries struggle to find sustainable paths to surface from their own economic breakdowns.  Collectively, these persistent downturns has made first, retaining, and second, re-achieving ‘the American dream’, however one wishes to personally characterize it, elusive.

But, this piece is not about painting a new or conventional portrait of ‘the American dream’, rather it’s about the one twentieth of one percent of those individuals engaged in entrepreneurism and R&D who are seeking their version of ‘the American dream’ which often commences with making application for and hopefully having a patent issued for their work and achievement.

Due largely to the nature of my business consultancy, I encounter entrepreneurs of all stripes engaged in some truly remarkable endeavors.  These very purposeful encounters over the years have lead me to conclude that while there are numerous rationales for entrepreneurs to seek a patent for their idea – innovation, one rationale seems to repeatedly surface, which is, seldom are they familiar with, nor have they been apprised of options or alternatives to the ‘conventional patent route’.  Instead, I often characterize entrepreneurs as being singularly focused on seeking and securing conventional intellectual property, i.e., a patent.

There’s little doubt, being in a position to seek and possible secure a patent is indeed a privilege and achievement which very few others can put on their resume.  Further, in many instances, obtaining an issued patent will shine a well deserved light on one’s expertise and assign instantaneous credibility, short-lived as it ultimately may be among colleagues, peers, and even competitors.

Too, once a patent is issued it provides the holder with well deserved grounds for expressing pride in their labors, which in many instances have evolved over many years, depending on the product, testing, re-testing, etc.  Of course some do in a singularly boastful manner while others are far more humble and even self-deprecating in their characterizations.

But, I often find it puzzling, particularly with individual entrepreneurs, who, for the most part are very thorough, objective, and ‘driven’ researchers, why and how they readily gravitate to ‘going the patent route’ versus taking time to genuinely explore perhaps just as viable alternatives and/or options.

For the countless entrepreneurs I have had the pleasure of meeting over the past 25+ years, is their seemingly innate penchant for ‘going the patent route’ while conveying little if any awareness or interest in exploring alternatives to safeguard and commercialize their innovation against the realities of the increasingly predatorial global business environment in which any idea, patented or otherwise, is in a constant state of risk of infringement, misappropriation, theft, counterfeiting or a target of economic espionage.

As readers know well, there are numerous variables and influences that come to bear on entrepreneurs with respect to the path they choose for safeguarding and commercializing their original idea.  Aside from the demands made by would-be investors, including venture capitalists, angel investors, etc., one influential variable, I’m quite confident, even though I have never heard it specifically expressed in these terms, is that ‘idea holders’ opt for the patent route because they mistakenly assume that if/when a patent is issued, the stewardship, oversight, and management of their intangible asset (idea, innovation) becomes magically guaranteed, thereby relieving them of absolutely essential chores, which of course, is simply not the case!

I respectfully and admirably recognize possessing an issued patent represents for many entrepreneurs the ultimate ‘brass ring’ if you will, that will define, in many instances, one’s professional career.  Any assumption though that ‘going the patent route’ is the only option to achieve the necessary protection, and thus serve as the singularly best path to successful commercialization of an idea and possible profitability, is one that numerous professions and institutions wish to preserve and are not so courteous to those who want entrepreneurs to at least be exposed to equally viable alternatives.  To be sure, part of the challenge lies in the reality that there is no intangible asset strategist available to objectively articulate viable alternatives and objectively describe, with no malice, the reality that all forms of intellectual property, i.e., patents, trademarks, and copyrights have been the victim of some major hits in the past 20 years.

Let’s be clear, intellectual properties, i.e. patents, trademarks, copyrights, etc., are merely one type or category of intangible asset. The primary difference is that a patent, once issued by the U.S. Patent and Trademark Office (USPTO) or other countries’ counterpart, will assume a tangible/physical property only insofar the issuance letter one receives which can be framed and hung on an office wall as a testament of one’s persistent and challenging work.

Too, I suspect, respectfully so, that deference is often attached to patent (only) strategies by entrepreneurs due to the time honored, but flawed assumption that an issued patent conveys a more personal sense of ownership and certain legally defensible rights of protection, technically speaking, over say, a trade secret.

Too, a constant source of nourishment to ‘patent only’ strategies is the widely held, but mistaken assumption that an issued patent constitutes a standalone deterrent to, or safe harbor from, would be infringers, misappropriators, counterfeiters, and economic espionage in general.  To that I say, in today’s increasingly aggressive, globally predatorial, and winner-take-all R&D and business transaction environments, ‘idea holders’ can be assured that depending on the nature and subject matter of their patent, it will likely be in a constant state of risk from a host of legacy free players, independent (information) brokers, and certainly state-sponsored entities engaged in economic (industrial) espionage.

Some years ago, I would characterize/frame the likelihood that an entrepreneurs’ idea, innovation (or patent) would be stolen, infringed, or counterfeited, etc., in the context of probabilities.  Since the early 2000’s, I believe I have taken a wiser and more reasoned and realistic approach by framing such likelihoods, not as mere probabilities, rather as inevitabilities if relevant precautions and safeguards are not taken that extend beyond the presumptive deterrents and safeguards in conventional intellectual property.

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of my posts, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance or business transaction.  I always welcome your inquiry at 314-440-3593 or

Transaction Analysis For Intangible Assets!

December 21st, 2012. Published under Business Transactions, Due Diligence and Risk Assessments, Intangible asset assessments/audits.. No Comments.

Michael D. Moberly    December 21, 2012

As stated here on numerous prior occasions, it’s absolutely essential for business decision makers to recognize that in a vast majority of transactions they either initiate or otherwise become engaged, correctly identifying and assessing intangible assets plays an increasingly significant role in achieving a desired, presumably profitable and sustainable, outcome!

The reason of course, is that steadily rising percentages, at least 65+% of most transactions’ value and potential resides exclusively in the effective stewardship, oversight, and management of the intangible assets in play, and, as noted above, critical to achieving a favorable transaction outcome. So, if a transaction management team overlooks or dismisses the intangible assets, it’s tantamount to excluding how and where deal/transaction value is created, revenue is generated, and further strategic planning will be executed.

This makes it all-the-more-important, and, according to many, rising to a level of fiduciary responsibility insofar as transaction management teams’ incorporating intangible assets in their task of strategic oversight. When executed effectively, a transactions’ intangible assets will be collectively addressed in due diligence, inventory, audit, and valuation contexts. On the otherhand, if transaction management teams are deaf to the intangibles underlying most any deal, i.e. by doing neither, it’s quite fair to say it’s time to either change transaction management teams or engage them in relevant training to elevate their operational familiarity with intangible assets, i.e., their ability to identify, unravel, make quantitative-qualitative judgments regarding their status, stability, fragility, contributory value cycle, and overall sustainability.

As readers know, there is an abundance of research that consistently paints a very convincing picture that if and/or when a merger, acquisition, strategic alliance, or other type of transaction ‘goes south’, evidence of impending problems and challenges will surface quite early and will very likely be determined to be rooted in mishandling or disregard for the relevance or contributory value of one or more intangible assets necessary for achieving sustained transaction success.

One technique to mitigate or even remedy the probability that the latter will occur is for decision makers to require (receive) a ‘heads up’ from their transaction management team in the form of what I broadly describe as a ‘before transaction consumation asset impact analysis’. As the phrase implies, this specialized analysis should bring greater (business) clarity, i.e., a more definitive picture of the stability and strategic contributory value of key assets, particularly should certain risk(s), reputation and others, materialize that carry a high probability for adversely affecting one or more of the intangible assets integral to achieving a favorable transaction outcome. The most usable analysis (report) will address

  • the inter-relatedness of intangible assets’ contributory value and associated risks and threats as well as key assets identified as being impaired in some manner, or are found to be already misappropriated, infringed, and/or counterfeited.
  • the probability that particular risks/threats will materialize to adversely affect the projected economics, competitive advantages, and/or synergies of a transaction
  • strategies for mitigating and containing certain risks/threats relative to the resiliency and sustainability of the transactions’ key intangible assets.

The obvious rationale for incorporating a  ‘before transaction consumation asset impact analysis’ is for decision makers to be apprised of circumstances and scenarios that should be revealed which can (may) influence decisions and outcomes.

I am a strong advocate of  ‘before transaction consumation asset impact analysis’ because I believe the three, most challenging intangible assets to sustain and preserve their contributory value (pre/post transaction) are, (a.) intellectual, (b.) relationship, and (c.) structural capital because they are individually and collectively highly mobile and attitudinally based.

Too, a ‘before transaction consumation asset impact analysis’  can reveal other cautionary circumstances/scenarios while retaining the option to proceed with a (a.) plan for risk mitigation, or (b.) re-negotiate a deals’ terms in light of the risk(s) and/or asset impairment(s) that have been identified.

But, the objective remains the same, that is to facilitate a more secure and profitable transaction going forward, not impede it!

Comments regarding my blog posts are encouraged and respected. Should any reader elect to utilize all or a portion of this post, attribution is expected and always appreciated. While visiting my blog readers are encouraged to browse other topics (posts) which may be relevant to their circumstance. And, I always welcome your inquiry at 314-440-3593.

Intangible Asset Specialists: The New Business Transaction Analyst!

June 27th, 2012. Published under Business Transactions, Due Diligence and Risk Assessments, Intangible asset protection. No Comments.

Michael D. Moberly    June 27, 2012

Context…today, 65+% of most company’s value, sources of revenue, and ‘building blocks’ for growth and sustainability directly evolve from intangible assets usually, intellectual property.  One must, and I might add, correctly conclude then, that proportionately, similarly increasing percentages of (global) business transactions will involve either the buying, selling, or trading of intangible assets and IP.

As intangible assets become more recognizable and play more integral roles in business transactions, their value and exposure (vulnerability) elevates.  So now, it’s not merely prudent, but rapidly being quite correctly characterized as a fiduciary responsibility for transaction management teams to:

  • include intangible asset specialists and strategists skilled in the art and science of conducting due diligence on intangible assets that are increasingl in play and/or part of a deal.
  • be alert to an ever increasing and sophisticated array of risks and threats when materialized, can rapidly undermine and/or erode asset value, competitive advantages, and projected synergies and efficiencies,  or, worst case, cause certain intangible asset values ‘to go to zero’.

Perhaps it’s worth repeating, it’s no longer merely prudent, rather, it’s essential, if not a fiduciary responsibility for transaction initiators to recognize that in most, if not all deals, intangible assets, e.g., IP, competitive advantages, proprietary information and know how in the form of intellectual, structural, and relationship capital are critical to transaction value and achieving a positive and sustainable outcome.  It is in this context then, that I urge transaction management teams to include, at the outset, a high degree of specialization and expertise, particularly with respect to intangible assets, i.e., professionals who…

  • are additionally skilled in identifying, unraveling, and safeguarding those intangible assets identified as being integral to transaction success.
  • can identify transaction risks, which, if materialized, can stifle a deals’ momentum and/or undermine important assets’ projected value, competitive advantages, and synergies.
  • can articulate relevant-favorable (off-setting, mitigating) modifications to the terms of a transaction when risks are revealed that jeopardize asset value projected synergies, expected efficiencies, etc.
  • can readily put in place effective, yet unobtrusive measures that compliment re-negotiated transaction-contractual codicils to retain control, use, ownership, and monitor value and materiality of key assets in both pre and post transaction contexts.

One could make an effective argument then that intangible asset specialists and strategists today are comparable to industry sector (Wall Street) analysts who assess and monitor relevant-key variables, e.g., trends, events, cycles, and risks to  intellectual and structural capital, innovation pipelines, and the full range of intangibles relative to their near – long term stability, sustainability, fragility, and volatility.

The premise here, of course, is that intangible asset specialists and strategists should be early and consistent invitee’s to the ‘transaction management and decision table’. And, once ‘at the table’, their assessments and recommendations should be given due attention relative their contributions to facilitating more secure, stable, and profitable transactions as they were initially envisioned.

While visiting  my blog, you are respectfully encouraged to browse other topics/subjects of interest.  Should you find particular topics of interest or relevant to your circumstance,  I would welcome your inquiry or comment at  314-440-3593 or