Archive for 'Intangible asset risk tolerances and thresholds.'

Organizational Resilience, Building It Really Matters!

July 12th, 2017. Published under Intangible asset risk tolerances and thresholds., Organizational resilience and business continuity/conti. No Comments.

Michael D. Moberly Intangible Asset Strategist, Risk Specialist, Trainer, and Author July 12, 2017 m.moberly@kpstrat.com ‘A business intangible asset blog where attention span really matters’.

When 80+% of most company’s value, sources of revenue, competitive advantage, and sustainability today lie in – emerge directly from intangible assets…

It’s essential to know a company’s risk threshold – tolerance for every transaction and initiative undertaken, assess and mitigate the risks, and have contingencies in place to achieve rapid and more complete recovery when disruptive risks materialize!

In my judgment, it’s important for business leadership and management teams to acknowledge, that risk (i.e., to a company’s value, sources of revenue, competitive advantage, and sustainability, etc.) is not consistently synonymous with today’s notion of ‘threats’ even though they are routinely expressed as being interchangeable. Business risks are mercurial, that is, they manifest as market change and politically induced instability, supply chain fragility, interconnectivity challenges, problems associated with infrastructure in need of repair and maintenance, changing demographics and behaviors, and, of course, climate.

Ensuring your company is resilient and agile to accommodating – incorporating these and other challenges are key to preparing for risk and uncertainty.

Achieving organizational resilience should not be construed as a necessarily complex or costly undertaking. Companies today are obliged, approaching a fiduciary level responsibility…
• to not only identify potentially (business-wide) disruptive risks.
• but also, mitigate those risks, objectively measured as substantially
elevating probability that the activity, initiative, transaction
being engaged.
• will achieve the desired-projected outcome.
• and, a significant disruption, should it occur, will not cascade to
adversely – irreversibly affect a company’s ability to operate.

Again, the path toward achieving organizational resiliency includes recognizing-distinguishing…
• the various and particular, types and/or sets of risk which may
materialize.
• the various circumstances which cause – contribute to such risks
actually-materializing.
• objectively assess (measure) each relative to the company’s
vulnerability, the probability the risks will materialize, and their
criticality to the business operability should they materialize.

A common challenge company leadership experience in assessing business disruptive risks lies in…
• transcending the subjective (guesses, anecdotes) to the quantifiably
objective.
• effectively integrating the lesser intrusive measures to monitor,
preclude, and mitigate designated risks.
• preparing-allowing a business to effectively and rapidly respond to
and commence recovery from materialized risks, especially those which
can disrupt (adversely affect) a business’s value, revenue producing
capacity, and essential components to its supply chain.

Each organization (private, for profit, public, not-for-profit, startups, etc.) can seldom escape all risk. It’s prudent therefore to consider risk as being…
• ever and asymmetrically present.
• embedded with variables which affect how, when, where, why, and what
type of risk manifests.

In-order-to sustain a desired level of organization-wide (risk) resilience, competitiveness, and performance, organizations are obliged to have systems, practices, and procedures in place to…
• not-so-much manage, rather mitigate – suspend the most significant
risks, e.g.,
o objectively reaching consensus insofar as the level, type, duration
of risk and uncertainty a company can tolerate or is willing to
accept.
o how to (cost, resource) effectively the monitoring and mitigation of
specific risk and uncertainty, and
o recognize when either measurably rises above the tolerable –
acceptable level to warrant additional interventions.
o all-the-while, meeting the organizations’ operational and financial
objectives!

Given the usual resource parameters which most organizations operate, it is increasingly important that companies have (resiliency) options ‘at the ready’. This often translates as having sufficient layers-levels of resilience to monitor, mitigate, and recover from various hazards and risks a sector specific company may prudently assume it will encounter, particularly with respect to its intangible assets, which are invariably in play. Interestingly, national, professional association, and international standards will be playing an ever-increasing role in the management of operational risks organizations face, e.g., ANSI/ASIS American National Standard, Organizational Resilience: Security, Preparedness, and Continuity Management Systems— Requirements with Guidance for Use (ASIS SPC.1-2009).

One strategy for business leadership and management teams to become better acclimated to today’s aggressive and predatorial ‘go fast, go hard, go global’ transaction environment, is to periodically remind themselves that it is an irreversible economic fact, that 80+% of most company’s value, sources of revenue, future wealth creation, and sustainability today lie in – directly emerge from intangible assets. Thus, those engaged in achieving ‘organization-wide resilience’, conceptually and practically, are obligated to factor intangible assets in their resilience planning and practice.

Similarly, it’s important to recognize the principles – foundations of organization resilience are not merely superficially tweaked versions of conventional (business) ‘continuity and contingency planning’. Admittedly, the latter variously remains a common framework that many business leaders and management teams conceptually rely, irrespective of its reactive, and far less proactive inclination. Whereas, organization resilience, in principle and practice, is embedded with a singularly proactive mantra through its execution as an informed ‘management system’.

It’s surely (increasingly) self-evident, that an organizations’ ability to quickly, efficiently, and rapidly adapt to change, whether the change manifests as market forces, environmental factors, or various types-levels of risk, or a host of other potentially disruptive acts – events, that simply being more organizationally resilient is one of those good, better, best options. Of course, and again, the organizationally resilient options any company should undertake, should be durable, monitorable, responsive, and provide for comprehensive and rapid recovery. In other words, organizational resilience should no longer be dismissed nor subordinated to convention, i.e., a tweaked version of continuity – contingency planning.

In today’s predatorial, go fast, go hard, go global business (transaction) environment in which risks are numerous, asymmetric, and ‘coming at your company 24/7’, taking time to objectively examine the benefits of becoming more organizationally resilient in posture and practice can indeed, be a worthy use of time for any business leader, management team, board, and stakeholder.

Intangible Asset Risk Mitigation vs. Risk Management

June 30th, 2017. Published under Enterprise risk management., Intangible asset risk tolerances and thresholds.. 2 Comments.

Michael D. Moberly June 30, 2017 m.moberly@kpstrat.com ‘A business intangible asset blog where attention span really matters’.

In my judgment, a not insignificant percentage of the business community and service providers, have become piously complacent insofar as assuming the terms risk management and risk mitigation are interchangeable. Through my lens, there are important distinctions with differences!

The terms risk management and/or managing risk, in my view, suggest these are actions taken to manage adverse events – circumstances which likely have already materialized., i.e., sort of managing risk ex post facto. Whereas, risk mitigation, assumes effective action will be taken to abate and minimize the probability that adverse effects of particular-risks known to emerge – coincide with specific actions and/or transactions in which IA’s will be – are in play.

I am suggesting there is a bright line that distinguishes managing adverse events-actions-behaviors which have already occurred vs. having specific policies, processes, and procedures in place to mitigate events-actions-behaviors before and/or at the earliest stage of their materialization. In other words, in advance of adversities manifesting to the level of business destabilization or lethality.

Of course, the strategic underlier to this argument is recognizing that 80+% of most company’s value, sources of revenue, and ‘building blocks’ for future wealth creation and sustainability today lie in intangible, not tangible assets. This translates to rapid growth in the number of companies in every sector now operating with high levels of intangible asset intensity and dependency. Accordingly, far more risk mitigation – management initiatives and services should be focused on intangibles than tangibles.

As most risk mitigation – management professionals recognize all too well, a helpful prelude to executing either is for a relevant – comparable risk to materialize and adversely impact another company (preferably, a competitor) and produces…

• sudden and significant hemorrhaging of value, revenue, brand,
reputation, image, goodwill, and competitive advantages, etc.

• adverse public, political, and/or regulatory spillovers that lead to
long term hemorrhaging of market share, and erosion of customer-
client base, company value, and revenue generation capability.

It’s certainly not uncommon, when a significant business risk does materialize to adversely affect a company’s intangible assets, that previous c-suite unresponsiveness and/or expressions of indifference often give way to receptivity for substantive commitments to mitigate-manage business risk, preferably before they materialize.

Too, my experience notes, management team interest in risk will now likely include sustaining control, use, ownership, and value of the company’s intangible assets which are in the probable risk paths in the future, should they materialize.

Experience has also led me to conclude there are (generally) two key factors that influence how business risks will be received (interpreted, assessed) by c-suites, management teams, and boards and ultimately influence their propensity for action, e.g.,

• if the risks’ adverse outcomes are presented in objective-
quantitative contexts vs. subjective-qualitative contexts?

• if a risk is presented-characterized as being responsive to
prevention, mitigation, or management practices-techniques?

• if the risks, and their potential materialization are characterized
as single occurring, perhaps, one-off events, absent conveying
vulnerability-probability for multiple risks materializing
simultaneously?

• if characterization of the risk includes potential for producing
enterprise-wide cascading affects that significantly elevate both the
cost and challenge to adversely affect business value and sources of
revenue, and stop competitive advantage hemorrhaging?

• if the risk advocate is inclined to over-dramatize vulnerability and
probability that certain risk will materialize, to the exclusion or
minimalization of criticality, i.e., near-long term adverse impacts.

As an intangible asset strategist and risk specialist, I seek consensus on matters of risk and try to avoid circumstances in which there are competing interpretations and assessments of particular- risks in terms of the company’s vulnerability to, the probability of, and a risks’ criticality to the company, should it materialize. An essential requisite to making a business risk presentation is to recognize that while management team and board may not be familiar with the intricacies of current business risks/threats, they typically grasp a ‘big picture’ and may have already framed certain perspectives about how best to address a risk, albeit from a managerial – financial position or an assumption regarding a company’s risk tolerance and/or risk threshold.

Intangible Asset Risk Thresholds and Tolerances

May 6th, 2017. Published under Intangible asset risk tolerances and thresholds.. No Comments.

Michael D. Moberly May 6, 2017 ‘A intangible asset business blog where attention span really matters’.

Intangible asset (IA) risks that materialize will, in most instances, be cause for adjusting a businesses’ tolerances – thresholds for IA risk, irrespective of size, sector, maturity, and/or financial health.

Too, many businesses, whether acknowledged or not signal, in advance, their thresholds and tolerances for IA risk. This is especially relevant to risks that materialize near ‘keystroke speed’ ala social media, that produce adverse impacts to IA value, revenue, competitive advantage, sustainability, and equity.

Anecdotally, I find a significant variable lies in learning whether (how) business leaders conceive of their asset risk exposure (i.e., vulnerability, probability, criticality) in threshold and/or tolerance contexts. A company’s thresholds-tolerances for IA risk should seldom, if ever be executed in a one-size-fits-all context. That’s because IA materiality, value, revenue generation, competitive advantages produced, including the assets’ fragility, stability, defensibility, sustainability, and contributory values ratios fluctuate. Business-company leadership are obliged to assess – factor variables affecting risk to their IA’s, e.g.,

• speed of (risk) materialization and its expansion – embeddedness
throughout an enterprise.
• criticality of risk materialization to all or specific parts/units of
a company, its products and services.
• a company’s capabilities to and the speed which it recognizes and
mitigates (neutralizes) risk(s).
• a company’s overall resiliency, ala recuperative capabilities
relative to compromised, undermined, or lost IA’s vis-à-vis
customers, clients, consumers, and suppliers, etc.

Business leadership and management teams are obliged to factor IA risk tolerances – thresholds as being integral to structuring (undertaking, negotiating, and executing) any new business initiative, transaction, product-service rollout, or R&D, etc. Clearly, the manner-in-which companies – businesses approach, prepare for, and ultimately respond to (IA) risk potential and materialization, varies considerably.

To my recollection, I have been engaged in only a handful of conversations over the course of 25+ years in the IA arena, in which insurers and insureds were part, and the words ‘intangible assets’ were applied. I find in many instances, business-company leadership operationally unfamiliar with IA’s they have control, use, and ownership, equate or assume their threshold and/or tolerance for risk is magically reflected in the insurance plan and/or the insurer’s explanations. Obviously, there is far more attention paid to the cost -price of (risk insurance) premiums and the total dollar (value of) losses to physical-tangible assets than IA’s.

My experiences suggest that ‘risk’ remains largely oriented to tangible-physical assets, and as such, is likely to be-a-reflection of subjective, pre-determined (risk) thresholds and/or tolerances calculated by insurers and underwriters. These conventions are generally weighted toward the type, content, and (replace) value of an insureds’ physical-tangible products and services vs. the contributory role and value of IA’s.

There are indeed, numerous forward looking – thinking business leaders and management teams who recognize the absolute importance of anticipating and trying to mitigate IA-specific risk, which is what this book will focus. It is after all, an economic fact that 80+% of most company’s value, sources of revenue, and competitive advantage lie in – emerge directly from IA’s, so it’s prudent that risk thresholds and tolerances fully encompass relevant IA’s.

It is after all, the manner-in-which the company’s IA’s are integrated and applied to its products and/or services that individually or collectively elevate their value, competitiveness, and revenue generation capacity. Ironically, it is those same intangible features, characteristics, and inputs which find attractivity-appeal to global cadres of ultra-sophisticated economic and competitive advantage adversaries.

This leads to another (second) facet of IA risk management which is emerging with consistent frequency and is a consequence of a management team’s felt obligation and/or necessity to ‘get to the market space first’ with their innovation, product, or service. In other words, the go fast, go hard, go global phenomenon is itself a driver of risk to IA’s.

As always, comments are encouraged and most welcome.

Business Transaction Due Diligence Intangible Assets

April 21st, 2017. Published under Due Diligence and Risk Assessments, Intangible asset risk tolerances and thresholds.. No Comments.

Michael D. Moberly April 21, 2017 ‘A intangible asset business blog where attention span really matters’.

Transaction due diligence is, most always warranted, particularly in today’s ‘always on’, aggressively competitive, predatory, and often ‘winner-take all’ global business environment in which asset loss, erosion, and undermining can occur at ‘keystroke speed’. However, when transaction due diligence is framed – conducted through a conventional, IP only (intellectual property) lens, opportunities to recognize and exploit the value of embedded IA’s and (proprietary) competitive advantages can be, and frequently are, under-estimated, overlooked, dismissed, or considered redundant, or irrelevant to the presumptive deterrent effects associated with conventional IP enforcements, i.e., a registered patent, copyright, trademark, or designating specific knowledge and/or knowhow (intellectual, structural, relationship capital) as a trade secret.

Today, business transaction due diligence must be far more than a cursory review of (legal, accounting) documents and the status of IP, i.e., P&L’s, financial statements, and/or balance sheets. Through my lens, these documents often constitute little more than ‘snap-shots-in time’ as incomplete glimpses into a company’s financial – competitive advantage circumstance.

Too, its unlikely such conventional ‘snap-shots’ will surface-reveal the contributory role, value, sources of revenue, and competitive advantages produced – generated by IA’s, which are embedded and interwoven in various levels of a company’s intellectual, relationship, competitive, and structural capital. More specifically, in conventionally practiced-conducted business transaction due diligence, these, and other characteristics and attributes of IA’s, are unlikely to be recognized as having actual dollar value and competitive advantages, or otherwise have a bearing on a transactions’ outcome, that is, for the IA ‘operationally un-familiar’.

Be it an acquisition, merger, alliance, partnership, buy-sell transaction, or new market entry initiative, each circumstance can quickly become mired in impediments if-when the IA’s in play are overlooked or not effectively unraveled relative to their origins, ownership, control, and the manner-in-which they are utilized and exploited. This-is-why, I recommend transaction due diligence be IA-centric and conducted in pre, and post (transaction) contexts.

Again, conventional ‘check the box’ conceived templates of due diligence are unsatisfactory because they are seldom inclusive, comprehensive, or sufficiently forward looking to capture, unravel, and monitor the (risk and value) relevant to the IA’s in play and are often constrained by unwarranted anxieties and requests for speed. Too, it’s worth noting again, it is a globally universal economic fact – business reality today that 80+% of both a company’s and a targets’ value and sources of revenue lie in – emerge directly from IA’s. This makes it all-the-more essential that any business transaction due diligence fully address IA’s.

The primary objective for any IA due diligence activity is unraveling the circumstances pertinent to the IA’s in play, which, in turn, serve as a basis for providing superior knowledge about a target and the transaction being undertaken in a manner that contributes to decision makers’ determination about whether the targets’ IA’s can sustain the terms and objectives of the proposed deal.

Specifically, IA due diligence should describe, for decision makers, the status, fragility, stability, and defensibility of about-to-be-purchased and/or exchanged IA’s, including IP, and other forms of proprietary competitive advantages, by revealing, among other things, any evidence of:

• over confident – embellished representations.

• purposeful or premature disclosures, or open source leakage that
leads to assets being compromised.

• internal/external entanglements involving the IA’s in play.

• probing by and/or adverse impact from business intelligence,
competitive advantage adversaries, or economic espionage.

A thorough pre-post IA-specific due diligence conveys a strong and important message to actual or prospective (transaction) targets, by zeroing in on their centers of value, competitiveness, revenue generation capacity, brand, and sustainability, etc., while minimizing non-essential – (irrelevant) information drawn from conventional and gratuitous ‘check-the-box’ actions which seldom provide the level of specificity that’s essential for today for IA intensive and dependent businesses and transactions in which IA monitoring is critical to lucrative, competitive, and sustainable outcomes. That’s because IA value and competitive advantage fluctuation, erosion, and/or undermining can commence at ‘keystroke speed’.

Thresholds – Tolerances For IA Risk Management…

February 16th, 2017. Published under 'Safeguarding Intangible Assets', Intangible asset risk tolerances and thresholds.. No Comments.

Michael D. Moberly February 15, 2017 ‘A business intangible asset blog where attention span really matters’!

The manner-in-which companies – businesses, and their leadership, approach, prepare for, and ultimately respond to the potential for and/or the materialization of risk(s) to their IA’s, as one may expect, varies considerably. Practically speaking, I find the most significant variable is learning whether business leaders I have engaged even conceive of risk (exposure) in threshold or tolerance contexts. With little doubt, there is far more attention paid to the cost of premiums and total dollar limits to the occurrence of a specific adverse event. So, it becomes more of a matter of business-company leadership equating or assuming their threshold and/or tolerance for risk is reflected in the insurance plan and/or insurer in which they have struck a deal. However, truth-be-told, in a large percentage of conversations between insurers and insureds, the words ‘intangible assets’ seldom, if ever, are a distinct-separate aspect to such discussions.

Of course, there is a percentage of forward looking – thinking business leaders and management teams who recognize the absolute importance of anticipating and trying to mitigate IA-specific risk, which is what we are about here. After all, it is economic fact that 80+% of most company’s value, sources of revenue, competitive advantage, and reputation lie in – emerge directly from IA’s. Experience suggests however, that IA specific risk, if-when it is distinguished from other (general) types-categories of risk, many of which remain fixated on tangible-physical assets, is likely to be-a-reflection of and addressed relative to (subjectively) pre-determined (risk) thresholds and/or tolerances of insurers and underwriters. This conventional approach of course, is generally weighted toward the type and content of a company’s physical-tangible products and services vs. the contributions of intangibles.

It is after all, the manner-in-which the company’s IA’s are integrated and applied to those products and/or services that individually or collectively elevate their value, competitiveness, and revenue generation capacity. Ironically, it is those same intangible features and characteristics, i.e., inputs, which simultaneously find attractivity-appeal to global cadres of ultra-sophisticated economic and competitive advantage adversaries.
This leads to another facet of IA risk management which is emerging with consistent frequency and is a consequence of a management team’s felt obligation and/or necessity to ‘get to the market space first’ with their innovation, product, or service. In other words, the go fast, go hard, go global phenomenon is itself a driver of risk to IA’s. In these circumstances, risk is likely to materialize at a very rapid pace commensurate with the accelerated investment, innovation, and product development-launch cycles, etc., which are necessary to the race to be first. Therefore, IA risk is indeed relevant to the globally predatorial and ‘legacy free’ entities, operating at each stage of product-service development functions, which includes drawing economic-competitive advantage information from targeted-companies’ value, supply, and distribution chains, which…

• adversely affects the fragility, stability, and defensibility of
(targeted) IA’s.

• renders IA’s more distinguishable and thus, their content, more vulnerable
to (specific, targeted) compromise, infringement, competitive advantage
undermining, and value dilution.

• creates more fertile ground for reputation risk(s) to materialize.

Still, another (third) facet of IA-specific risk management lies within company leadership who (mistakenly) assume IA’s constitute infinite resources which are readily and fully renewable, retrievable, recapturable should they be subject to compromise, infringement, or undermining, etc. Those holding such perspectives usually find fewer distinctions between IA’s and tangible assets, even, sometimes, espousing the former are mere extensions of the latter which presumably can be repaired, restored, and returned to productive – operational status in relatively brief periods of time following an adverse act or event. In this reality, IA’s exist primarily-variously in the form of intellectual, structural, and/or relationship capital and often are more fragile and diverse. Thus IA’s tend to be more challenging, costly, and time consuming to replicate, i.e., develop and exploit in a manner that is equally collaborative, competitive, and profitable as before.

For these reasons, I am suggesting, it would be prudent to characterize any one, or combination of the risk management issues cited above, not in contexts of if, rather, in context of when they will materialize and the specificity, depth, and/or breadth which the risk will manifest. Corollaries to these particular-characterizations of IA risk management is another aspect which I call ‘risk illiteracy’. I define ‘IA risk illiteracy’ as an absence of operational awareness-familiarity for the need of having, at the ready, rapid and effective mitigation – intervention measures specific to a company’s valuable and competitive advantage IA’s.
IA risks that do materialize will, in most instances, alter the parameters of a businesses’ tolerance, threshold, and literacy of risk, irrespective of a companies’ – businesses size, sector, maturity, and/or financial health.

To be sure, risks to IA’s, representing most all types and categories, are persistent and can materialize even in circumstances in which experienced and talented management teams are in the lead. Of course, a percentage of business leaders, whether they acknowledge it, or not, signal their thresholds and/or tolerances for risk to the IA’s under their (company’s) control, use, and ownership. Of late, this is especially relevant to IA risks that can materialize at ‘keystroke speed’ to adversely impact (product-service) value, revenue, competitive advantages, sustainability, and equity, ala reputation risks.

Ultimately, a company’s thresholds-tolerances for IA risk, which each presumably signals or establishes, should never be of the one-size-fits-all variety. That’s because, in large part, the materiality of IA’s can fluctuate, ala their fragility, defensibility, sustainability, and contributory values. Instead, company leadership and management teams are obliged to consider (assess – factor) IA risk management variables such as…

• speed of (risk) materialization and its expansion – embeddedness
throughout an enterprise.

• criticality of risks to all or specific parts/units of a company and its
products and services.

• a company’s current capabilities and speed which it can mitigate –
neutralize risk(s).

• a company’s overall resiliency, ala recuperative capabilities as a target
of a materialized risk vis-à-vis customers, clients, consumers, and
suppliers, etc.

As such, business leadership and management teams are obliged to approach and engage IA risk mitigation and management as integral to structuring (engaging, undertaking, negotiating, and executing) any new business initiative, transaction, product-service rollout, R&D, etc.