Archive for 'Looking Forward'
Michael D. Moberly July 18, 2016 ‘A blog where attention span really matters!”
Among other things, I am most hopeful this piece prompts millennials educated – trained in IP (intellectual property) law to consider having engagements with companies and business persons operating in the conventions of Islamic (Sharia) law is an inevitability, not a distant or worrisome probability.
It’s easy to find law firms with current operational familiarity with G8 IP (intellectual property) laws. On the other hand, it is challenging to find firms’, particularly in the U.S., with IP practices that sense urgency to acquire comparable levels of (in-house) expertise with respect to Islamic (and Sharia) IP law. The rationales are obvious, but, to be sure, there are geo-strategic economic indicators aplenty that suggest acquiring even rudimentary familiarity how Islamic law treats intellectual capital, i.e., ownership – value of products of the mind in B to B (business) contexts. Through my lens, that’s precisely what horizonal thinking-looking IP law practices should consider preparing, especially in light of the universal economic fact that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, and sustainability globally lie in – directly emerge from intangible (IP-related) assets.
This globally universal and irreversible reality suggests there is prudence for law firms to achieve operational familiarity with Islamic IP and its Sharia interpretations. That’s because
IA’s (intangible assets) and their close cousins, IP, are now consistently integral and in play in overwhelmingly large percentages of transactions related to business development, operation, growth, profitability, sustainability especially when tactical, strategic, negotiation, and outcomes are critical.
Fortunately, there are a few academic papers that shed practical light on the fundamentals as well as the intricacies of Sharia influences on Islamic IP law. A particularly useful paper which I frequently reference is authored by Silvia Beltrametti titled ‘The Legality of Intellectual Property Rights Under Islamic Law’.
After studying Beltrametti’s paper, it is clear her work/research on these matters, was not intended to serve as an instrument to sort out the conventions of Islamic, western, and Asian IP (intangible asset) law for an imagined or presumed (future – eventual) convergence. There is little doubt in my judgment, law firms that choose to acquire a rudimentary understanding of Islamic (Sharia) IP law can, in an early adapter mode, set a high bar for (law firm) competitiveness.
I am confident there are few, if any, minds who believe a global convergence of IP law is an inevitable extension of (business) globalization. Of course, understanding the distinctions and practicalities of Islamic IP (Sharia influences and interpretations) law can lead to many useful and necessary insights going forward.
Among other important aspects of Dr. Beltrametti’s work is that Islamic IP rights are essentially, in their early stages of promulgation and/or regulation. Going forward, there are obvious issues that need to be resolved. A prominent issue is whether the current political and cultural-tribal turmoil, war, and rhetoric that envelope a significant percentage of the land mass – countries where Islam dominates can subside. At least long enough whereby relevant principles of Islamic (Sharia) and western WTO (World Trade Organization) IP law can find common ground intellectually, operationally, and legally to achieve a level convergence whereby IP and technology transfer can be accommodated on a routine basis.
To be sure, there are substantial challenges which, no doubt, will require time, trust, and political will to resolve, assuming of course, there will recognition at some point, perhaps born out of mutual economic – trade necessities to…
• ameliorate perceptions of dominance of western IP law.
• encompass Islamic perspectives regarding legal rights to outcomes of intellectual capital.
• incorporate interpretive flexibility and adaptability with respect to Sharia law’s primary sources; the
Qur’an, the Sunna, Ijma and Qiya, which are often applied synonymously with Islamic law.
It is conceivable, not Pollyannaish, to believe all could be respectfully achieved – applied, as it has in other countries – regions, as a reflection of global business – trade – technology transfer realities. And, recognition of the economic fact that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for growth, profitability, competitiveness, and sustainability today reside in or emerge directly from intangible and IP-based assets.
Silvia Beltrametti, (The Legality of Intellectual Property Rights Under Islamic Law, The Prague Yearbook of Comparative Law 2009. Mach, T. et al. (Eds). Prague, 2010. pp. 55-94).
Michael D. Moberly April 9, 2012
I am quite confident that devoting time and resources to developing a durable and resilient company culture focused on intangible assets can deliver some impressive returns. By durable, I mean circumstances in which employees, business units, and c-suites collectively recognize, respect, and are committed to building – acquiring a necessary base of intangible assets. This also includes all parties acquiring a current familiarity with intangibles to assume a level of responsibility toward intangible assets commensurate with their position that contribute to sustaining control, use, ownership of the assets and monitoring their value and materiality.
In the words of Dr. Edgar Schein, an organizational (company) culture consists of three progressive stages:
1st – there is a shared recognition – assumption that employee’s at all levels learn while solving problems…and, if those assumptions work well enough…
2d – employees will come to consider them valid and worthy of being taught and passed along to new employees, because…
3d – they represent the correct way to perceive, think, and feel in relation to addressing (internal, external) problems that their company routinely faces.
So, why is it important and what are the potential benefits that can accrue to a company by endeavoring to build a company culture focused on intangible assets…
First…65+% of most company’s value, sources of revenue, and building blocks for growth and sustainability evolve directly from intangible assets.
Second…a company culture focused on intangible assets can serve as an excellent vehicle to raise enterprise wide awareness about the most important and quite possibly, the real sources of company value and revenue.
Third…an intangible asset focused company culture can serve as a catalyst for internalizing incentives and identifying strategies to more effectively exploit and monetize intangibles assets.
Fourth…companies and their management teams and stakeholders must recognize the economic reality that there’s been a permanent and irreversible shift in company’s primary sources of value, revenue, growth, and sustainability, that is, from tangible (physical) assets to intangible (non-physical) assets!
A company’s initial step for developing a culture that’s focused on intangible assets involves determining…
What…attitudes and beliefs need to be established among employees and stakeholders that lend themselves to not just appreciating the role and contributory value of intangibles, but also internalizing the absolute necessity to sustain their control, use, ownership, and monitor their contributory value and materiality to the company.
How…those attitudes and beliefs will be translated by employees and stakeholders and ultimately become embedded themselves in employee, business unit, and c-suite behavior, i.e., having relevant procedures, policies, and practices in place to provide consistent and effective stewardship, management, and oversight of the intangibles.
Matthew Bunn and Anthony Wier point out that a ‘good corporate culture is comprised of 20% equipment and 80% people’ which I’m in general agreement. That said, it’s vitally important to recognize that even the best practices, policies, procedures, regulations, and standards cannot compensate for any apathy and/or dismissiveness regarding the relevance and contributory value of intangible assets insofar as successfully competing in this knowledge-based global economy.
Too, as thoughtfully pointed out by Dr. Kenan Jarboe in his Athena Alliance monograph appropriately titled ‘Intangible Asset Monetization: The Promise and the Reality’, there are six factors considered by financial markets (and presumably asset buyers and sellers as well) with respect to determining the ‘suitability’ of an asset. One of those factors is an assets’ transferability. For example, is a ‘company’s culture’ so specific that it cannot be replicated or sustained through a market change or significant economic downturn?
Now those are important questions to know and ask!
While visiting my blog, you are respectfully encouraged to browse other topics/subjects (left column, below photograph) . Should you find particular topics of interest or relevant to your circumstance, I would welcome your inquiry at 314-440-3593 or firstname.lastname@example.org
Michael D. Moberly January 26, 2012
What is a company culture? A company culture is a system of shared values and practices that define what is important to that company. Frequently, these values and practices become blended – embedded with other (already existing) norms and beliefs that convey (to employees, as well as management teams) acceptable attitudes, behaviors, and practices.
Schein, among others, points out that a company culture will frequently emerge as management teams, boards, and employees collectively recognize the beneficial outcomes that accrue to each group respectively, as they successfully solve problems by applying those shared norms, values, beliefs, and practices.
What is a knowledge-based economy? The phrase ‘knowledge-based economy’ was popularized, if not initially coined by Peter Drucker. In fact it’s the title of Chapter 12 in his book titled ‘The Age of Discontinuity’.
A knowledge-based economy, according to Drucker, refers to the use of an array of technologies and practices such as knowledge engineering and knowledge management, etc., to produce economic benefits, competitive advantages, and efficiencies for a company. In a knowledge-based economy, knowledge, Drucker says, becomes the tool to achieve and execute, not necessarily a product or a simple outcome.
The center piece of today’s knowledge-based economy are the intangible assets companies develop-produce and/or acquire. Simply stated, developing a company culture to effectively fit (reflect) an intangible asset rich business means acquiring a fairly high level of operational familiarity with intangibles. This starts of course with the simple phrase ‘know’em when you see’um’.
Such familiarity also permits management teams, boards, and employees alike, to develop, position, bundle, safeguard, and profitably exploit intangibles to bolster a company’s value, competitive advantages, and revenue streams, and do it ‘faster, better, cheaper’ than competitors. It also lays a compelling foundation (building blocks) for growth and sustainability.
Why is a company culture focused on its intangible assets necessary in a knowledge-based economy? First and foremost because it’s an irreversible economic fact that 65+% of most company’s value, sources of revenue, and building blocks for growth and sustainability lie in – directly evolve from intangible assets.
Far too frequently however, the existence and contributory value of intangible assets do not consistently appear on conventional mba oriented dashboards, in part because the dashboards remain tuned to tangible-physical assets vs. intangible (non-physical) assets.
Still, for some management teams and boards, intangibles:
- remain as somewhat of a managerial, financial, and exploitation mystery in terms of how to best utilize them to extract value and build competitive advantages
- present a reporting-accounting conundrum because they’re seldom, if ever, reported on company balance sheets or financial statements, yet they literally form the competitive, value, and revenue backbone for most companies.
The much desired objective is to build a resilient and self-perpetuating (company) culture that collectively understands intangibles’ value, revenue, and competitive advantage creation potential and processes, i.e., how ideas and innovation (intangible assets) evolve and can be fostered to the point they consistently deliver favorable returns for a company. Again, such an objective can materialize in many forms, e.g., newly created efficiencies, stronger competitive advantages and customer relationships, new knowledge, and/or greater reputational value.
(Some definitions contained in this post relating to knowledge-based economy were adapted by Mr. Moberly from Wikipedia.)
While visiting my blog, you are respectfully encouraged to browse other topics/subjects (left column, below photograph) . Should you find particular topics of interest or relevant to your circumstance, I would welcome your inquiry at 314-440-3593 or email@example.com
Michael D. Moberly January 24, 2012
Effectively managing a company’s intellectual capital (IC) encompasses three key responsibilities for management teams, c-suites, and business units:
- Acquire current knowledge and skill sets necessary to identify, assess, and distinguish where IC is developed-exist within a company
- Conduct an inventory of a company’s IC and develop practices to monitor its status to, among other things, determine what aspects are:
– In Use – i.e., determine what and where IC exists and if it can be used more effectively and profitably to create value, efficiencies, and other opportunities for company growth, etc.
– Not In Use – i.e., determine if existing IC remains relevant and useful to a company’s core mission and/or its business units vs. being a stagnant asset with substantial maintenance costs.
Interestingly, Davis and Harrison (authors of ‘Edison in the Boardroom’) estimate that only 30% of many company’s entire intellectual capital portfolio may actually be in use, with the remaining 70% likely found in various (other) forms, e.g., intellectual property that has become obsolete, and/or products or services that are no longer in the company’s inventory or relevant to a company’s core mission.
Personally, I urge advocates of Davis and Harrison’s estimates exercise caution to avoid pre-judging the outcome of an IC inventory or audit. That’s because growing numbers of company management teams and c-suites realizing their company has collectively developed and possess a variety of sometimes, very nuanced and company specific intellectual capital. All of which warrants identifying, unraveling, applying, and monitoring.
It is not my intent to be dismissive of or otherwise discount the Davis and Harrison estimates. They are important on many levels, one of which is that they hopefully draw much needed attention to the importance of intellectual capital as an intangible asset and to management teams, boards, and equally important, a company’s stakeholders.
Let’s suggest, perhaps hypothetically, that a company’s management team and board determine it would be useful (profitable) to resource an individual or team to literally (help) manage a company’s intellectual capital. Should a company be sufficiently forward looking to execute this, the IC management team must, first and foremost, be absolutely dedicated to recognizing, managing, and utilizing a company’s full array of intellectual capital as genuine business assets!
Unfortunately, there remain far too many company management teams and boards who hold a mistaken perception that intellectual property (applications, registrations, and issuances) are synonymous with intellectual capital management. In reality, intellectual capital is a subset of intangible assets and it is only through the effective management and exploitation of a company’s intellectual property in which intellectual capital is embedded, that potential value, revenue, wealth, and building blocks for growth can be generated.
This post was equally inspired by ‘Intangible Capital: Putting Knowledge to Work in the 21st Century’ by Mary Adams and Michael Oleksak, a book which I encourage readers of this blog to study.
December 30th, 2011. Published under Looking Forward, Organizational resilience and business continuity/conti, Reputation risk.. No Comments.
Michael D. Moberly December 30, 2011
Company reputation is an intangible asset of the first order and, when effectively used and safeguarded, can be a major source of competitive advantage and sustainability. This is probably what prompted The Economist’s Intelligence Unit to produce a ‘global risk briefing’ titled Reputation: Risk of Risks arising from interviews with 269 senior risk managers. Aside from the fact that the report was produced in December, 2005, its relevance remains very much intact today.
Company reputation is certainly a prized, yet increasingly vulnerable and fragile asset in my view which the reports’ respondents agreed by stating that reputation represented a main concern for the majority of risk managers, ahead of, for example:
- regulatory risk
- human capital risk
- IT network risk
- market risk, and
- credit risk.
Interestingly, the priorities of senior risk managers have changed little since publication of The Economist’s report. It’s certainly fair to say then that company reputational risk also has become a very significant (fiduciary) concern, not just for senior risk managers, but for company management teams, c-suites, and boards as well. They recognize the many ways it can adversely affect their company.
Company reputation is defined (in the Economists’ report) as ‘how a business is perceived by stakeholders, including customers, investors, regulators, the media, and the wider public’. Company reputation, the report goes on to state, ‘declines when experiences of an organization fall short of expectations’.
However, before this definition can be fully translated into effective (reputation risk) countermeasures, it’s important for a company to bring operational clarity to:
- whose experience
- what experience, and
- which expectations.
Safeguarding a company’s reputation is, with few exceptions, probably the most important, but also, in my view, one of the more challenging tasks and (fiduciary) responsibilities a company can and should undertake relative to its overall management, stewardship and oversight. In large part I find it challenging because of the asymmetric nature how (reputational) risks and threats can materialize and cascade throughout a company.
For example, The Economists’ study identified three significant phenomena that individually and/or collectively contribute to elevating reputation risk, each of which remains relevant today:
- development of 24/7 global media and communication channels
- increased scrutiny from regulators, and
- reduced customer loyalty
A relevant, but not easily answered question though, about damages a company can sustain as a result of a materialized reputational risk, in terms of prevention, mitigation, or management, is whether reputation risks – threats should be characterized and addressed as:
- standalones, or
- the consequence of other, perhaps simultaneously converging risks?
As already noted above, reputational risk is often (highly) asymmetric in my view. This belief inclines me to address it not solely as a standalone or separate risk, rather a consequence (by-product or multiplier) of risks that can materialize sequentially and adversely affect a company simultaneously on multiple levels.
Respondents to the Economist’ study identified the three biggest risks/threats to a company’s reputation as:
- failure to comply with regulatory or legal obligation
- failure to deliver minimum standards of service and product quality to customers
- exposure of unethical practices
This elevates the importance of how company management teams, boards, and risk managers perceive reputational risks to their company…relative to the processes, procedures, and/or programs they (may/may not) have in place as forward looking monitoring and assessments of internal and external factors/variables necessary to prevent, mitigate, and manage reputational risks if/when they begin to materialize.
For example, when conducting a comprehensive (intangible asset) assessment of a company (which includes reputational risks) and there’s evidence that a company’s plans and/or attitudes for responding to reputational risks appear more closely aligned with crisis management than contingency and organizational resilience planning, I would engage the senior risk manager for clarity. If its revealed that the company genuinely addresses reputational risks/threats solely through a conventional ‘crisis management’ lens, its often an indicator, that the company may not be adequately monitoring – scanning their horizon and stakeholders for risks/threats which is so essential today, and is, my judgment a key underlier to quality contingency – organization resilience planning, not crisis management!
While visiting my blog, you are respectfully encouraged to browse other topics/subjects (left column, below photograph) . Should you find particular topics of interest or relevant to your circumstance, I would welcome your inquiry at 314-440-3593 or firstname.lastname@example.org
Michael D. Moberly and Dr. Jongpil Cheon December 17, 2010
Since security, risk management, and corporate defense (types of) programs began to achieve a semblance of professional standing beginning in the mid-to-late 1950’s, they have been variously characterized as being isolated, siloed, stand alone, and/or mere support functions operating at the fringes of a company. Collectively, their responsibilities were overwhelmingly directed toward protecting tangible (physical) assets with little or no attention being directed to intangible (non-physical) assets. And, while there have been consistent initiatives to connect – create relationships between the role and function of security and risk management to a company’s revenue, profitability, and/or sustainability they have largely been anecdotal and company specific.
Today however, as most security-risk management practitioners know, but specifically addressed here by Sean Lyon and Robert Liscouski, members of the Intangible Asset Finance Society, the role, function, and responsibilities of security, risk management, and overall corporate defense have changed and continue to change, for the better, at a fairly rapid pace.
For the most part, those changes are a reflection of the global economic reality that 65+% of most company’s value, sources of revenue, sustainability, and foundations (building blocks) for future growth and wealth creation now lie in – are directly related to intangible assets rather than tangible (physical) assets. This economic fact contributes to pushing security, risk management, and overall corporate defense, from operating primarily at the aforementioned fringes of a company, directly into board rooms, where both Liscouski and Lyon strongly agree it should be!
The following represents an account of the Intangible Asset Finance Society’s monthly meeting (September, 2010) titled ’Enterprise Security’ in which the very experienced thought leader’s Sean Lyon of R.I.S.C. International and Robert Lisouski of Implant Sciences served as speakers to discuss a variety of issues related to intangible assets in the context of enterprise security.
There’s little doubt that management teams and boards that make the prudent decision to act, and act now, on the sage counsel, herein offered by Lyon and Liscouski, will increase their company’s chances of achieving the desired level of success, profitability, and sustainability which shareholders and stakeholders, up and down their respective value and supply chain, are both expecting, and demanding.
On the other hand, management teams and boards that remain dismissive about or elect to ignore the very real and asymmetric risks and threats that exist, or, worse, wait until a risk materializes, many of which are more challenging to contain, yet carry the potential for immediate impact to a company’s most valuable (intangible) assets and the economic and competitive advantages those assets produce are, all the more likely to succumb to failure in one form or another.
Certain government sectors and agencies clearly play a role with respect to providing guidance and opportunities to directly aid the private sector in identifying, assessing, and managing certain business risks, and executing ‘corporate defense management’ types of programs. It’s certainly advisable for companies to examine and leverage all of the ‘guidance’ that’s freely evolving from an ever growing number of government agencies about security and risk management.
Thus, there is literally no need today for companies (CSO’s, CIO’s, risk managers, etc.) to wholly reinvent the security and risk management wheel because there’s an abundance of guidance that’s readily available. It is important to be able to know where and how to tweak such guidance however, to accommodate and reflect each company’s operational nuances and sometimes, industry sector.
While its highly unlikely that a government agency will ever (literally) show up at your company’s doorstep for the sole purpose of extending an offer of direct assistance, the private sector should not wait. Rather, there is an implicit responsibility for companies to (a.) take affirmative steps and actions now to identify, manage, and mitigate their risks to keep their company reasonably secure, and (b.) deploy some manner of corporate defense management (umbrella) program.
A Corporate Defense Management Approach Is…
Corporate defense management, according to it chief architect, Sean Lyon, of R.I.S.C. International, represents a company’s collective program (efforts) for ‘self defending’ against different hazards and risks for the primary purpose to accommodate its business objective. Examples of hazards-risks, Lyon suggests, include fraud, litigation, natural disasters, unacceptable risk taking, and reputation risks, among others.
He says this because he (Lyon) believes that today, (1.) boards are under steadily rising pressure to ensure their company can adequately defend itself against a growing array of increasingly sophisticated and asymmetric risks and threats, and (2.) that, companies take all reasonable steps, from a fiduciary responsibility perspective, to put appropriate security, risk management and ‘corporate defense management’ programs in place.
But, quite unfortunately, Lyon points out, in many companies, the corporate defense programs are ‘siloed’, that is, they are not aligned with one another, and often function independently and in isolation. In other words, there is little or no interaction, collaboration, or sharing of information (intelligence) amongst the business units variously charged with a particular aspect of corporate defense, i.e., security, risk
The ‘corporate defense management’ model factors different components with the objective being to meld those components together so they work/function in a coordinated fashion with each component interacting with other components so as to (1.) reduce duplications, (2.) create efficiencies, (3.) identify (security, risk, defense) gaps within a company, and (4.) identify actual responsibilities Absent this (corporate defense) management model, each component, would likely continue to function independently with little or no sense of inter-connectedness between the components.
Mr. Lyon characterizes the establishment of a ‘corporate defense program’ in an umbrella fashion that encompasses the following multi-dimensional components, (1.) corporate governance, (2.) risk management, (3.) compliance management, (4.) security management, (5.) resilience management, (6.) controls management, (7.) assurance management, and (8.) intelligence management. The key, Mr. Lyon says, is that each of these components becomes strategically aligned and tactically integrated.
So, by developing a corporate defense management model, as described by Lyon, companies can more readily minimize and mitigate risks without the almost assured inevitability today of experiencing a cascade of consequences, should certain risks-threats materialize.
The desired outcome of a ‘corporate defense program’ (approach) is that it collectively and adequately defends a company while uniting and aligning the heretofore, siloed components, thus rendering a company more resilient, while minimizing the potential for any security – risk management redundancies. This is achieved, Lyon points out by, integrating performance management techniques designed to converge what previously appeared to be cross-functional components, into becoming more inter-dependant, inter-linked, and inter-connected.
Adopting A Stakeholder’s View Is Necessary
Lyon also asserts that a successful and effective ‘corporate defense’ program, requires not solely coordination and integration, but perhaps, most importantly, a clear understanding of what’s necessary to safeguard the interests of (a company’s) stakeholders.
In today’s increasingly competitive, predatorial, and often times winner-take-all global business (transaction) environment, this point cannot be emphasized enough, i.e., that management teams and boards literally adopt a stakeholder view with respect to their security – risk management (corporate defense) programs and strategies. In other words, they absolutely must take into account all parties who carry a vested interest in their company, i.e., clients, shareholders, stakeholders, regulators, employees, etc.
The Corporate Defense Model and Conventional Risk Management: Is There Really A Difference?
Mary Adams, of I-Capital Advisors, posed a worthy question for Lyon and Liscouski; is the corporate defense management model and conventional risk management interchangeable, in other words, is there a substantial difference between the two? In response, Lyon suggests conceptually, the corporate defense management approach takes a more strategic view in which security and risk management activities are (ideally) coordinated under a single (enterprise wide) umbrella.
A fairly consistent challenge to incorporating this approach though, is that ‘risk management’ remains largely ill-defined as pointed out by Robert Liscouski of Implant Sciences. In other words, how risk management and its associated responsibilities are operationalized are often company and/or circumstance specific. This makes it somewhat difficult, Liscouski suggests, to talk about or address risk management with consistency and specificity.
Of course, a significant downside to this absence of across-the-board definitional and operational clarity (about risk management) Liskouski goes on to say, is that it often affects how a company, not only approaches risk, but assess its risks, and ultimately tries to manage its risks.
Knowing Your Company Is A Simple, But Very Essential Underlier To Success
Robert Liscouski, an experienced and well grounded expert in the risk management arena states, quite correctly, when it comes to a company assessing its risks the initial responsibility of management teams and boards is to clearly understand what type of business their company is actually in.
While Liscouski’s view may sound simplistic and even somewhat irreverent toward management teams, boards, and others charged with a company’s overall security and risk management, there’s a great deal of truth underlying his premise, inasmuch as it represents a far too often overlooked element of the larger picture. That is, its quite routine to see companies endeavoring to apply a generalist, one-size-fits-all risk management approach (template) to their company without fully taking into account or understanding their company’s special circumstances, the nuanced ways in which their company functions, the types of transactions it routinely engages, the company’s stakeholders and shareholders, and equally important, the company’s intangible assets.
Ultimately, Liscouski points out, it’s absolutely essential for all parties – business units that are part of a company’s security, risk management, and defense ’umbrella’ to really understand three key things; (1.) what contributes to the execution of the business, (2.) what are the company’s responsibilities to their shareholders, and (3.) how the company, as a whole, is executing on that (their) responsibility?
And here, Liscouski suggests, lie many opportunities to engage in education and awareness directed to company management teams and boards. That is, time and effort should be devoted to elevating their understanding and appreciation for (a.) what their fiduciary responsibilities are relative to risk management, security, and overall corporate defense management, and (b.) how company’s can effectively use those (corporate defense management) components to make consistent and substantive contributions to shareholder value.
Interestingly, Liscouski offers the view that he finds management teams and boards often hold discussions about shareholder value and security’s contribution, but, frequently, it’s just that, a discussion, with little substance, and seldom do such discussions include the necessary context for linking or aligning security, risk management, and corporate defense to ensure their respective contributions actually occur.
Ultimately, Lisouski suggests, when company’s look’s internally, at the various business processes that actually contribute to their market value, shareholder value, and market cap, management teams and boards also need to take a very hard look at those business processes, as a starting point of sorts, to really understand what (assets) warrant protection as requisites to business continuation and resiliency.
Differences In How Company’s Look At – Assess Their Risks
Both Liscouski and Lyon agree that the proverbial paradigm has definitely shifted in terms of how companies look at and assess their risks, which, by the way, both agree, has been for the better. That’s because many company’s now consider (identify, assess) risk, through a shareholders lens. By considering risk through the eyes of shareholders and stakeholders, different perspectives and probably more appreciation (for risk) will be the outcome, compared to the way most risk assessments have been conducted in the past. Previously, risk assessments were largely conducted absent any consideration relative to impacting, one way or another, shareholder value. In other words, security, risk management, and corporate defense practitioners in the past, have taken a fairly siloed – isolated approach themselves.
But, as more companies adopt a holistic (shareholder-based) view of security, corporate defense, and risk management, the benefits of doing so become obvious, such as being better positioned to foresee (anticipate, recognize) potential ‘cascade of consequences’ that will occur, with increasing frequency when certain risks remain unchecked and/or un-managed. Such revelations, of course, prompt an elevated interest in potential cascading affects of consequences, particularly those that can readily ripple through a company’s assets. Of course today, the speed which, in a growing number of circumstances, a single consequence can, quite literally, cascade (ripple) throughout an enterprise, producing along its path, both secondary and indirect (adverse) consequences and impacts is truly amazing.
Adverse cascading consequences, of course, can manifest themselves in various ways within a company, Lyon and Liscouski point out, among them being loss of competitive advantage, erosion/undermining of asset value, create compliance breaches, cause reduced company capabilities through downtime, influence customer/client dissatisfaction, reduced sales and market share, and ultimately, experience a reduction in a company’s overall market value.
Let it suffice to say, that in many instances, today’s asymmetric risks, left unrecognized or unchecked can literally ’creep’ into a company and embed themselves within a company’s culture, not unlike a computer virus or worm, to create, in many instances, a much higher level issue, which in turn, will likely carry more adverse and strategic impacts.
It’s About Processes: Re-Framing How Company’s Think About Security and Risk
To help mitigate, what many of us would refer to as risk inevitabilities, is the need to re-frame how we think about security and risks, particularly in the context of the potential for cascading (rippling) affects and consequences. Again, Mary Adams points out that risk management and corporate defense management need to have a strong focus on business processes. That’s because ’business processes’ are ultimately what twenty-first century knowledge-based, intangible asset intensive companies do, that is, they create and optimize their business processes.
Today, there must be, literally speaking, well coordinated processes that company’s put in place, to not merely engage (risk, security, corporate defense) but also, to ensure they are identifying and managing the right risks, Liscouski says. The right risks, are of course, those risks which, if they materialize, would (likely) produce the most adverse-negative effects along with bringing about a cascade of consequences that would ripple throughout an enterprise internally as well as externally.
So, a critical question Liscouski rhetorically asks is, what kind of business processes do companies need to protect? The answer, he says, lies in identifying (distinguishing) those business processes that (1.) may literally be missing, or (2.) could/should be enhanced. But first, he says, its important to understand the linkages – relationships between particular business processes and a company’s intangible assets.
To achieve this, a company needs well defined (business) processes whereby intangibles can be readily identified and distinguished and their performance (value, materiality, etc.) monitored, not solely for improvement, but to provide a better risk management environment overall.
Human And Relationship Capital, They’re Part Of The Security-Risk Management Focus
Is human and relationship capital part of the security-risk management focus, asks Adams? To be sure, the knowledge emanating from human and relationship capital represent increasingly important and valuable intangibles, where (security, risk management, and corporate defense) attention must not only be directed, but literally factored into the security – risk management equation, Liscouski and Lyon say.
So, as companies engage in more of a shareholder-stakeholder view of their security, risk management, and corporate defense responsibilities and needs, especially in the context of (avoiding, mitigating) the potential for cascading consequences, it’s likely their attention will also be drawn to the reality that when human-relationship capital are overlooked or dismissed, the adverse impacts that will surely result can take the form of reductions in morale and productivity which manifest themselves broadly throughout a comapny as reduced customer loyalty and sales, for example.
Security, risk management, and corporate defense programs really do then, in the twenty-first century, have to be holistically driven which, for the most part, is a significant departure from the past, but nevertheless, is a very significant key to making them work (more) effectively now. Back to the initial point however, company’s that elect to ignore or be dismissive about (their) human, intellectual, and relationship capital insofar as security and risk management are concerned, should not expect those programs to either function or produce the desired-intended results, that is, outcomes that have a bearing on shareholder value.
The Role Of A Strong And Focused Company Culture
A positively embedded (company) culture can set the overall tone, Liscouski suggests, with respect to (1.) how a company will actually manage its risks, and (2.) whether it will succeed by consistently avoiding and/or mitigating certain risks altogether.
So, the necessity (fiduciary responsibility) for management teams and boards to be fully engaged in not just knowing the risks their company faces, but also, the strength of those risks, i.e., the vulnerability, probability, and criticality, while simultaneously being alert to and knowing how best to mitigate certain risks lies, in a growing number of instances, in developing a strong company culture.
If a company is slow to respond to an impending risk, or their eventual response appears weak in the eyes of their constituencies, i.e., stakeholders, shareholders, etc., it will often become a determining factor in – have a bearing on how those constituencies ultimately interpret and respond to the company, internally, externally, publicly, or from within its supply chain, including market impacts.
Reasonable Expectations For Risk Management and Mitigation
An important and certainly timely, and again, mostly rhetorical question posed by Liscouski was, how do companies assess-calculate reasonable expectations about risk mitigation and management and also measure the value of the assets they’re protecting?
Measuring what’s being protected, can take the form of dollars, rankings, ratings, quality, or ranges, etc. Lyon adds though, it’s up to each company to identify their (a.) key performance indicators (KPI’s), and (b.) key risk indicators (KRI‘s). Based on a company’s KPI’s and KRI’s, both speakers agree its advisable to devise a course of action that both ‘fits best’ and compliments what a company may already have in place, i.e., dashboards, balanced scorecards, etc.
Liscouski noted though, there is no single means of measurement (metric) because measurement can be dependant on the nature of a company’s business, and he added, it’s not too difficult to identify, with some precision, the costs associated with an asset (value) loss or compromise, or the investment and/or resources required to protect a company from loss or risk. What’s difficult, he says, is putting an index around security and risk management programs in terms of what they actually contribute to sustaining control, use, ownership, and value of a company’s intangibles. At some point, Liscouski noted, it will be essential to describe a company’s investment profile, i.e., what’s required to actually achieve the desired, if not prescribed, level of security and risk management.
Liscouski advocated the use of financially oriented metrics to ’measure’ the contributions of security and risk management. Again, he suggests, this would more likely compliment any existing (business, performance) metrics a company may already have in use.
Further, financially oriented metrics are often designed to predict forward movement and/or progress, therefore, they would serve to provide greater validity for establishing a business case for security, risk management, and overall corporate defense program contributions. In other words, security, risk management, and corporate defense are not so much dependant on countering and/or mitigating a single (risk, threat) event as they are on producing a desired end result, because that’s what really counts to the profitability and sustainability of a company.
There’s considerable work currently being done in this arena Liscouski says, on three fronts; (1.) the probability (certainty) that particular risk/threats will actually materialize, (2.) strategies to mitigate any consequences, and (3.) the type/amount of investment that is necessary to manage-mitigate those threats/risks.
Still, both Lyons and Liscouski point out that it all evolves around a company’s ability to objectively analyze and assess the risks that are relevant to their key business processes, with company reputation being what ultimately warrants the most protection. A good source to examine this perspective further are Steel City Re’s ‘reputation indexes’.
Again, Lyon and Liscouski agree, we’re really very early yet, globally speaking, in the maturity (level) of companies insofar as being able to recognize and execute on the necessity to adopt a holistic (umbrella) approach to risk management, security, and corporate defense. The likelihood that companies will place (appoint) a single individual in a position to oversee this entire ‘umbrella’ is currently quite rare. Two key factors, Liscouski says affect whether or if companies will begin moving toward more holistic (security, risk management, corporate defense) approaches are (1.) company size, and (2.) the reality that such positions are often (highly) ‘personality driven’.
Both Lyon and Liscouski also agree that today, it remains more art than science with respect to being able to effectively articulate what (1.) a company really needs to protect, and (2.) what level of protection is sufficient relative to managing-mitigating particular risks-threats. One of the challenges is that a company’s investment profile, necessary to achieve a full compliment of security, risk management, corporate defenses, would likely be so exorbitant, that companies could not afford to execute it, let alone, give it the serious, reasoned, and objective consideration it was due.
So, that leaves practitioners with essentially the same, time honored and increasingly risky conundrum, what constitutes enough security for a company? If, for example, a company adopted a five point scale (i.e., 5 = high security, 1 = low security) for describing level’s of security. Under what circumstances could we conceive a company management team and/or board reaching consensus that a 3.5 security level is sufficient relative to a company’s vulnerability and the probability and criticality (consequence cascade) should a particular risk or threat materialize?
A Paradox? When Can Doing Nothing Become A Greater Risk Than Doing Something?
While Liscouski and Lyon are proponents, like many of us, of metrics, they recognize the paradox of ‘doing nothing is sometimes a greater risk than doing something’. They make special note of a position not infrequently conveyed by corporate general counsel’s, e.g., that the company should not do anything because there is too much risk and potential for liability.
For starters, both Liscouski and Lyon urge practitioners to not engage company legal counsel only when problems or challenges arise, rather remain engaged with counsel as consistently and robustly as possible to the point that the relationship evolves as part of – integral to a company’s overall solution tract, particularly when significant problems and/or challenges do arise. As many management teams, boards and security/risk management practitioners know however, on occasion, legal counsel can become an impediment or obstacle to certain initiatives, which is often, in part driven, pure and simple, by a risk averse orientation (predisposition). When this occurs, Lisouski suggests a ‘cultural change’ may be in order, in which an effort is made for counsel to become not merely a legal advisor, rather a genuine business partner (i.e. facilitator, enabler) to company initiatives.
Risk Management and Due Diligence In The Investment Community
Interestingly, both Lyon and Liscouski voiced very candid perspectives about the investment community with respect to security, risk management and corporate defense in due diligence contexts. One perspective offered was that, rarely, if ever does the investment community inquire about a company’s (business) processes either when conducting their due diligence or evaluating a company for possible lending structures.
It’s no particular secret that a significant percentage of prospective lenders and investors simply don’t know about, nor do they receive a sufficient – complete picture about a prospective investment, in terms of whether aspects – components of the investment under consideration are, at risk, Liscouski points out. In other words, they have little or incomplete information about the (intangible) assets that will be in play, i.e., their status, stability, or sustainability. That’s largely because the investment community still tends to apply a classic P&E and/or very conventional due diligence approach to their invest – don’t invest decision making process, in which intangibles are generally overlooked altogether, seldom addressed separately, or in some instances, the words ’intangible assets’ appear no where on any lending form.
Today’s Business Transaction Environment Is Highly Competitive, Predatorial, And Winner-Take-All
In today’s extraordinarily competitive, predatorial, and often times winner-take-all global business (transaction) environment, the opportunity to raise and ability to clearly and succinctly articulate these important (asset security and risk management) issues to management teams and boards is an increasingly essential element to a company’s success, profitability, and sustainability.
Management teams and boards who possess the foresight and receptivity to fully assume the fiduciary responsibilities addressed here, e.g., the stewardship, oversight, and management of their company’s intangible assets, represent coveted starting points for executing and achieving effective enterprise-wide security, risk management, and corporate defense programs.
There remains however, a propensity for many management teams and boards to frame the need for security or risk management only in contexts of large, Fortune 500, multi-national types of corporations, thereby, being dismissive about either the need or relevance of such services for small or mid-size companies. Of course, the reality is, the materialization of risks-threats, Liscouski says, to small and mid-size firms can certainly be more acute and carry far greater and more immediate consequences and criticality compared to their Fortune 500 brethren who are presumably, more able to absorb asset losses, erosion of sales, market share, brand, customer loyalty, etc.
Michael D. Moberly November 9, 2009
I have yet to find a company that does not want to survive this recession. While that statement is self-evident and may sound literally obsurd to most, similarly, I’ve come across countless companies and management teams who have yet to fully realize that perhaps the key, to sustaining, even strengthening their business in this recession, is to understand their cheese has been moved.
For those unfamiliar with this notion, a very brief, but reflective book by Spencer Johnson titled ‘Who Moved My Cheese’ may be worthy of the 30 minutes it requires to read.
The ‘cheese that’s been moved’ in this instance, are company’s tangible assets! That is, for a vast majority of company’s (their) tangible (physical) assets, i.e., property, buildings, equipment, inventory, etc., have been permanantly moved. Tangible assets no longer, as they did in previous decades, represent the dominant drivers or sources of most company’s value, revenue, and/or foundations (building blocks) for future growth, wealth creation, and sustainability.
Instead, for most company’s, their primary sources of value and revenue have irreversibly transitioned, in the increasingly ‘knowledge-based’ economy, to intangible assets. Intangible assets include such (intangible) things as brand, reputation, image, intellectual property, employee intellectual-human capital, and internal/external relationships, etc. (For a comprehensive list of intangible assets see http://kpstrat.com and ‘click on’ brochure and scroll to ‘what are intangible assets’.)
If you elect to read Johnson’s book, one suggestion to make the concept of ‘who moved my cheese’ more palatable and relevant to business decision makers and management teams, is to substitute the words ‘tangible’ or ‘intangible assets’ every time the word ‘cheese’ appears in the (book’s) narrative. This will help the reader identify with intangible assets and the importance of recognizing their (individual, collective) role and contribution to company value, revenue, and sustainability.
To bring further clarity to this point, I recently I attended a gathering of entrepreneurs. The keynote speaker was a well known and highly successful area restauranteer. For those listening carefully to the 30 minute presentation, at least 20 minutes included the speakers’ obviously heart felt and experienced sense of the internal culture that underpins the sustained success of this 35+ restaurant enterprise. Without exception, each of the factors the speaker addressed (including the internal culture) as contributing to building and maintaining this company’s success (even during the current recession, and the ever broadening competitive dine out market space) were, in fact, intangible assets!
Interestingly however, the words ‘intangible assets’ were never uttered during the presentation, nor in the Q&A that followed, to contexualize this restauranteer’s success. Clearly, another instance of c-suites’ genuinely needing to know how they and their company should best react ‘when their cheese is moved’. That is, its an economic fact – business reality that 65+% of most company’s value, sources of revenue, and foundations for future wealth creation today lie in – are directly related to their intangible assets, not their tangible assets. To be sure, that is the case for restaurants.
For those dedicated to elevating awareness, alertness, and accountability for intangible assets throughout the business and financial community, the process often starts with management teams literally acknowledging (verbalizing their) success and profitability is routinely attributed to, in large measure, by the effective and sustained utilization of intangible assets, i.e., development, execution, delivery, quality assurance, etc.
June 15th, 2009. Published under Analysis & Commentary: Studies, Research, White Pap, Looking Forward. No Comments.
Michael D. Moberly June 15, 2009
Information asset safeguards must be flexible and maneuverable! Most information asset safeguard initiatives are one dimensional. They tend to remain constant throughout the life – value cycles of the assets being protected and do not fluctuate with gradational (routine, periodic) changes in their value, relevance and/or currency to on-going or future company programs or projects. Exacerbating this, in today’s hyper-competitive and nanosecond global business environments, is the reality that the value and relevance of information assets, in general, is becoming increasingly compressed and short-lived relative to their support for and/or linkage-contribution to specific (company) tasks, processes, or operations. Therefore, business information asset safeguards must be sufficiently flexible and maneuverable to reflect fluctuations in, not only value and relevance, but also, risks, threats, and vulnerabilities as well.
Avoid ‘pushing the future off the table’! Each day company’s are presented with urgent, near term challenges that create pressure to push the future off the table. One consequence is that, lacking effective strategic planning, disproportionate weight is given to the persistant chorus of sources offering largely speculative and worst-case scenario snap shots about particular risks and threats to business information assets and/or information systems. While the potentially devastating consequences of these pronouncements should not be dismissed, neither should they serve as the exclusive rationale for the design and execution of business information asset safeguards. Instead, adopting capability and value-based strategies represents more forward looking, efficient, and holistic approaches for safeguarding valuable and (company) critical information than those sometimes narrowly focused and time-bound mini-risk/threat assessments.
Safeguarding business information assets should also be about fostering relationships! Any company initiative to sustain control, use, ownership and value of their business information assets must include efforts to foster positive relationships by engaging the originators, developers, users, and owners of that information. One reason for a company’s lack of emphasis on fostering such relationships is the perception that computer/IT system security equates with information asset security when, in fact, it does not! Computer/IT security, while critical to most every company, would best be characterized as complimenting, rather than dominating, strategies to safeguard company information assets.
Familiarity With Company Intangible Assets Can Produce Multipliers and Risk Mitigators For Companies!
Michael D. Moberly March 24, 2009
All too frequently contributions’ intangible assets make to a company are overlooked, neglected, or outright dismissed, and sometimes obscured by the assets’ (a.) absence of physicality, and (b.) not knowing precisely where and how intangibles ‘fit’ on balance sheets. With equal frequency, their proprietary and competitive advantage features go unrecognized and certainly undervalued, or not valued at all.
In most company’s, intangible assets are akin to the proverbial ‘hand in front of our face’. That is, they’re often embedded in (a company’s) routine operations, processes, and functions that, in many instances, tend to fall under the conventional ‘mba – tangible (physical) asset oriented radar’. Just as frequently, company’s engage in HR and/or othe types of business transactions in which the intangible asset components of those transactions go unnoticed and may never be effectively exploited.
So, why is it beneficial for company c-suite’s, board’s, D&O’s, business unit manager’s, etc., to acquire a familiarity with intangible assets and how will that familiarity produce (translate as) multiplier effects and risk mitigators? The objective, of course, is to position – exploit a company’s intangible assets in order to extract as much value as possible by:
1. Adding predictabiliy to transaction outcomes by being able to recognize and assess the stability, fragility, sustainability, and defensibility of the assets and their relevance to achieving (a.) projected returns, (b.) competitive market position, (c.) anticipated synergies and efficiencies, and (d.) exit strategies, etc…
2. Elevating the insightful quality of transaction due diligence by recognizing how to rapidly identify and unravel (potentially) valuable – revenue producing assets…
3. Reducing the probability that intangible assets (and IP) will become entangled and/or ensnared in costly time consuming, and momentum stifling legal challenges that can erode and/or undermine asset value, performance, or competitive advantages…
4. Contributing to building a ‘company culture’ that recognizes – is more attuned to intangible assets, their value, and contributions to sustainability and profitability by treating them as business decisions rather than solely legal processes…
5. Providing a foundation for more effective application of (a.) knowledge management initiatives, and (b.) balanced-scorecard approaches…
6. Providing a strong foundation for aligning continuity-contingency and risk management planning with strategic business objectives…
7. Strengthening the convergence of computer/IT security and intellectual property (protection) enforcements to achieve more timely awareness/pursuit of IP rights violations!
December 17th, 2008. Published under Analysis & Commentary: Studies, Research, White Pap, intangible assets, Looking Forward. No Comments.
Michael D. Moberly December 17, 2008
Why would it be a good idea now for companies to seriously consider devoting (minimal) time, resources, and committment to developing a culture that recognizes, produces, and sustains control, use, ownership, and value of (their) intangible assets? Perhaps the biggest reason is because today, its an economic fact that 75+% of most company’s value, sources of revenue, and future wealth creation lie in – are directly linked to intangible assets!
Why then, given this ‘business reality’, would there be decision maker resistance to putting forth that time, those resources, and the committment to building an internal (company) culture to achieve this end? For starters, here are four truthful, but increasingly less prudent reasons, i.e., intangible assets (1.) lack physicality, (2.) don’t appear on balance sheets, (3.) tend to fall outside conventional ‘mba’ precepts, and (4.) require ‘outside-the-box’ strategies to monetize and extract value!
One of my goals-objectives when serving clients is to, among other things, lay a foundation for building a company culture that builds upon Dr. Edgar Schein’s work in which he suggests a company culture begins with ‘shared assumptions that employee’s learn while solving (internal) problems’. Standing alone, Dr. Shein’s point sounds very academic for the real world of globally operating companies and business transactions. But, when decision makers factor 75+% of (their) company value, revenue, and future sustainability likely lie in intangibles, one could rightfully conclude that devoting that minimal time, resources, and committment to building such a culture would be an exercise that would not only deliver favorable results, but, equally important, likely produce additional intangible assets that would, in turn, contribute to (company) value, revenue, and sustainability.
But, how would decision makers know when their efforts for building such a culture would actually produce the intended results, i.e., a fully functioning (intangible asset) company culture? According to Dr. Schein’s work it would be evident at the point in which ’employees (are observed) expressing (manifesting) it as being valid and worthy enough to be taught to new employees as the correct way to perceive, think, and feel in relation to (addressing) persistent challenges and problems they and the company face’. So, when 75+% of most company’s value and revenue evolve from intangible assets, it would be prudent – make good business sense to assume that a significant percentage of those ‘persistent challenges and problems companies face’ are, in fact, variously related to their intangible assets.
So, what’s a bottom line to building a company culture that recognizes, produces, and sustains control, use, ownership, and value of intangible assets? It’s a shared and linked (enterprise wide) set of characteristics, beliefs, assumptions, and behaviors about intangible assets, i.e., (1.) they’re real, credible, and convertible sources of value, revenue, and future sustainability, and (2.) should guide – underlie decisions, actions, and strategic planning!