Overview of an Intellectual Property Risk Register
Risk management:
Risk management involves understanding, analysing and addressing risks to make sure organizations achieve their objectives. Proper risk management is an integrated and joined up approach to managing risks across an organization and its extended networks.
Risk management is about ensuring that the business really understands its risks, and then mitigates pro-actively.
The focus should be on risk mitigation and not just on risk evaluation. Risk mitigation covers efforts taken to reduce either the probability or consequences of a threat.
Risk registers in general:
A Risk Register is a tool for documenting risks, and actions to manage each risk. A Risk Register is essential to the successful management of risk. As risks are identified they should be logged onto the Risk Register as well as the actions to first analyse and then respond to the risk.
A Risk Register is an important component of the overall risk management framework. It can be viewed as a management tool for monitoring the risk management processes. A Risk Register is used to identify, assess, and manage risks down to acceptable levels through a review and updating process. The purpose of a Risk Register is to record the details of all risks that have been identified along with their analysis and plans for how those risks will be treated.
Intellectual property has both value and risk:
By its very nature, there are both rewards and risks associated with IP. For anyone involved in IP, then IP related risks are part of working life.
Any business professor will tell you that the value of companies has been shifting markedly from tangible assets, "bricks and mortar", to intangible assets like intellectual property in recent years.
Research has indicated that intangibles now account for about 80% of the total value of many companies. There is no data available on the scale or size of the risks associated with IP facing companies, but one can assume that it is significant.
IP risks:
Any company faces a variety of IP related risks, some foreseen others unforeseen. I have yet to meet a company who does not have one or more IP related risks to consider.
Not all IP related risks are the same and they may be broken down into a variety of different categories, such as the form of IP involved (e.g. patents, trademarks, copyright, trade secrets, etc.); the impact and probability of the risk; the source or origin of the IP related risk; the date when the risk is likely to materialise; the IP activity impacted; the geographical nature of the IP risk; whether they are generic or specific in nature; the group or sub-group most impacted by this risk in the organisation; etc.
IP litigation is a threat to all businesses, large and small but it is by far not the only form of IP related risk. There are indeed many different types of IP related risks that a company may face.
IP risk management:
IP risk management is a practice that deals with processes, methods, and tools for managing IP risks in a project, business unit or organization. It is initially about the identification, assessment, and prioritization of IP related risks followed by the coordinated and cost-effective application of resources to reduce or eliminate the probability and/or the impact of these IP related risks to the organization.
IP risk management involves understanding, analysing and addressing IP related risks to make sure organizations achieve their objectives. Proper IP risk management is an integrated and joined up approach to managing IP related risks across an organization and its extended networks.
IP risk management is about ensuring that the business really understands its IP related risks, and then mitigates pro-actively. The rationale for this may be driven by the need for freedom to use technologies already in use or being considered for use in the company’s products, but there are many other reasons why businesses need to take IP risk mitigation seriously.
The focus should be on risk mitigation and not just of risk evaluation. Risk mitigation covers efforts taken to reduce either the probability or consequences of a threat. Risk mitigation efforts may range from physical measures to financial measures.
The IP Risk Register:
The IP Risk Register is much more than just a simple list of IP related risks. It is much more sophisticated than that. The IP Risk Register will also contain IP risk metadata. Metadata is a set of data that describes and gives information about other data. Metadata is simply data that describes other data. Meta is a prefix that in most information technology usages means ‘an underlying definition or description’. IP risk metadata summarizes basic information about the risk, which can make finding and working with particular instances of data easier.
An IP Risk Register should ideally also log the actions to analyse these IP risks and the actions to mitigate these IP risks plus metadata associated with these actions.
It should also contain a document management component to help track the various documents associated with IP related risks, IP risk analysis actions and IP risk mitigation actions. Metadata associated with these documents should also be logged into the IP Risk Register.
A cost module should definitely be included, to help track the costs associated with the IP risks if and when they materialise and the costs associated with the actions to first analyse and then mitigate these IP risks.
Good search and reporting functionality should also built into the IP Risk Register if it is going to be a truly value adding IP management tool.
Where is this IP Risk Register located?
Typically the IP Risk Register will be located within the in-house Legal / IP function and operated by people within that function. Given the nature of some IP related risks, access to and access control of the IP Risk Register are crucial issues for consideration.
However there are a number of Legal and IP Firms who have designed, developed and deployed an IP risk management service offering for their operating company clients and these Firms locate and operate the IP Risk Register within the Firm but on behalf of their clients.
Final thoughts:
An IP Risk Register is a crucial tool to support the IP risk management process. A robust fit for purpose IP Risk Register which underpins the IP risk management process is key. A good IP Risk Register helps ensure that the process is an efficient and effective one. It can improve data integrity as well as better support how IP risks are articulated and reported. It should be easy to install, easy to configure and easy to take into use, otherwise there is a great danger that the system become a ‘white elephant’.
As stated initially, IP related risks are an issue of concern for most businesses. It is therefore critical that the company’s IP Risk Register is fit for purpose, ensures the effectiveness and efficiency of its IP risk management process, brings great value to those using the system, allows the user to convert the IP risk related data contained therein into information, and ultimately helps add value to the business.
