Intangible Assets – easily overlooked

I still remember performing my first ever Intellectual Property (IP) audit on my consulting journey. I had just graduated from business school which had opened my eyes to the world of commercialisation and IP assets, and how they could be exploited or misplaced. My client was a large player in global airport infrastructure services, and as part of their work the Executive Officer to the CEO thought it was important to identify and map their IP asset holdings. As I worked my way through the organisation, interviewing staff and cataloguing their IP, I still remember stumbling across the engineering laboratory hidden in one corner of a floor, out of sight.

As I spoke to the team members there, I discovered not only did they maintain specialised electronic components for equipment used in delivery of their services, but in their spare time and with discretionary budget the team of engineers worked to invent their own solutions to airport infrastructure problems. This activity flew completely under the radar of the organisation’s executive, meaning not only did their work potentially miss out on dedicated funding which might generate a revenue stream or licensing opportunity for the organisation, but the IP was not properly protected – including from theft should those employees decide to resign and move to a competitor or start their own business.

This type of situation is encountered time and time again in Australian businesses. Our level of awareness and maturity in relation to IP is relatively low in most sectors, and my experience has been that in sectors which are aware of the fundamental concepts, IP assets are either managed very selectively or in many cases not at all. As an advanced economy with a strong STEM-based population and research capability, we need to get better at protecting our IP if we are to compete and thrive as a nation in a knowledge-driven world. Completing an IP Audit is one of the first steps to doing this.

---

---

What are intellectual assets?

Intellectual Assets are intangibles that have value to an enterprise including but not limited to “information, intellectual property, credibility and reputation, and brand identity”. Whilst the term ‘intellectual property’ is often used to commonly refer to sensitive information, six types of IP are recognised by the World Intellectual Property Organisation (WIPO):

• Patents
• Trade Marks
• Copyright
• Industrial designs
• Geographical Indicators (e.g. ‘champagne’)
• Trade Secrets

In Australia, we have another category of IP called ‘Plant Breeders Rights‘, and Geographical Indicators are registered under our ‘Certification Trade Mark system‘. Unlike other jurisdictions such as the U.S., Australian law does not explicitly recognise ‘trade secrets’ as a category of IP – instead, ‘trade secrets’ are considered a category of ‘Confidential Information’ (Dighe & Lewis, 2020, Twobirds.com). More on this in a future post.

According to IP Australia, “a trade secret can be any confidential information of value. Unlike other IP rights, trade secrets are protected by keeping them a secret, and are not registered with IP offices. The protection of a trade secret will cease if the information is made public, and trade secrets do not prevent other people from independently inventing and commercialising the same product or process”.

What is an IP audit?

According to the Queensland Government, “an IP audit is a review of the IP owned, used or acquired by an organisation. It aims to find out what IP is within an organisation, who owns it, the value of that IP, its legal status, and what to do with it“. Once identified, in addition to focusing on the legal status of your IP, you also need to understand whether it is adequately protected. For example:

• Which threat actors might seek to steal or sabotage your intellectual assets? Employees, competitors, nation states (‘economic espionage’) or someone else?
• What are the actual risks posed by these threat actors? Examples include theft, sabotage and IP infringement.
• What internal controls do you have in place in terms of your holistic security programs to address the identified threats and risks? These may need to address insider threats, supply chain threats, and external threats (e.g. competitors).

How are IP audits performed?

Once you have decided to undertake an IP audit, you need to develop your scope and methodology. This starts with developing your audit plan and audit team. I find its easier to divide the audit into two or three parts, as follows:

• Step1 – data collection: systematically catalogue confirmed or potential IP and confidential information in a register. I use the organisation chart as a starting point for this.
  • Tip: its easy to get bogged down and start to catalogue every document. Instead, focus on categories of information (e.g. financials) and then narrow down in key areas.
• Step 2 – initial assessment: once you’ve compiled your initial register, assess it to remove all unnecessary content by ensuring each entry meets the criteria for an asset. If not relevant, delete it. Hopefully you’re left with a relatively small number of manageable entries, the output of which is your register of ‘critical information assets’.
• Step 3 – commercial evaluation: use your register of ‘critical information assets’ to review potential commerical opportunities (e.g. licensing), develop monitoring programs for infringement, or even sell the IP Rights to another party if no longer used or relevant to your strategy.
• Step 4 – risk management: review your register of critical assets to ensure the information is adequately protected. This includes legal provisions (e.g. patents), employment contracts (e.g. non-disclosure and IP assignment clauses), information security programs, and supply chain or third party risk programs. Make sure your critical information assets are appropriately marked, secured (e.g. encrypted), access is controlled, and unauthorised dissemination is limited.

Using the findings of your IP audit to better protect these assets

All to often, businesses take a purely legalistic approach to protecting their IP and Confidential Information assets. It is important to remember that just because your research is patented or because you have a non-disclosure agreement in place with your suppliers or employees it is not completely protected. Particularly in the case of confidential information, courts expect businesses to have implemented appropriate security programs to safeguard their information – it is not sufficient to rely purely on legal protections in the courts if something happens. Further, this sort of reactive response is not productive, is very expensive, and consumes substantial amounts of time from your board, executives and senior staff – time that could be more productively spent elsewhere.

Prevention and early detection is the key, but to do this you need to understand what your IP assets are (such as via the IP audit process), work out where their associated vulnerabilities or exposures lie (are they limited to your employees or do you divulge this information to your third parties too? if so, who has access…). Then you can wrap a combination of cybersecurity (e.g. networks, systems, encryption) and what I refer to as ‘non-cyber information security’ programs around this to build your protective bubble. These relationships are illustrated below:

As you can see, there is more to protecting your IP and Confidential Information than patents, copyright and design rights. If you’re unfamiliar with how to build a program to protect your confidential information, take a look at my previous post here.

Further reading

• ASIS International (2021). Information Asset Protection Guideline, ASIS Commission On Standards And Guidelines, Alexandria.
• Curwell, P. (2021). In business, confidential information is a critical asset, https://paulcurwell.com/2021/02/21/building-a-program-to-protect-your-sensitive-business-information/
• Dighe, R. and Lewis, L. (2020). An overview and update on the protection of trade secrets in Australia, https://www.twobirds.com/en/insights/2020/australia/an-overview-and-update-on-the-protection-of-trade-secrets-in-australia
• Gelles, M. G. (2016). Insider Threat: Prevention, Detection, Mitigation and Deterrence, Butterworth-Heinemann, Oxford.
• Moberly, M. D. (2014). Safeguarding Intangible Assets, Butterworth-Heinemann, Oxford.
• Queensland Government (2016). Conduct an intellectual property audit, https://www.business.qld.gov.au/running-business/ip/managing-ip/ip-audit

DISCLAIMER: All information presented on ForewarnedBlog is intended for general information purposes only. The content of ForewarnedBlog should not be considered legal or any other form of advice or opinion on any specific facts or circumstances. Readers should consult their own advisers experts or lawyers on any specific questions they may have. Any reliance placed upon ForewarnedBlog is strictly at the reader’s own risk. The views expressed by the authors are entirely their own and do not represent the views of, nor are they endorsed by, their respective employers. Refer here for full disclaimer.