IP Risk Management Process and System

By Donal O’Connell

Intellectual Property (IP) Risk:

Risk is the chance of something going wrong, and the danger that damage or  loss will occur, whereas risk management is the process of analysing exposure to risk and determining how best to then handle such exposure. Risk mitigation means that you do something about it.

By its very nature, there are both rewards and risks associated with intellectual property (IP). This paper explores the IP Risk Management process and how the right system or tool can help underpin this process.

IP Risk Mitigation:

IPRiskMitigation(1)IP risk mitigation is about ensuring that the business really understands its IP related risks, and then mitigates pro-actively. The rationale for this may be driven by the need for freedom to use technologies already in use or being considered for use in the company’s products, but there are many other reasons why businesses need to take IP risk mitigation seriously.

The focus should be on risk mitigation and not just of risk evaluation. Risk mitigation covers efforts taken to reduce either the probability or consequences of a threat. Risk mitigation efforts may range from physical measures to financial measures.

IP Risks:

The obvious IP related risk is that a business may infringe the IP rights of a 3rd party. However, there may also be IP related risks associated with …

  • Having too narrow a definition of IP, and ignoring potentially valuable IP assets
  • The IP terms and conditions in some development or commercial agreements with 3rd parties
  • The publishing activities of the business
  • Embracing open source software
  • Being involved in certain interoperability standardisation activities
  • Getting involved in some open innovation initiatives
  • The use of subcontractors
  • One’s own IP out-licensing program
  • Etc.

To help you conduct risk assessment in a structured manner, I suggest that there are a number of specific areas which need to be analysed when considering IP related risks, and from where IP related risks may originate…

  •  The activities of your own company and its people
  • The activities of entities within your company’s own eco-system (suppliers, partners, distributors, customers)
  • The activities of your competitors
  • The activities of other entities such as NPEs
  • The activities of illegitimate entities such as hackers and counterfeiters
IP Risk Management Process:

A process is an interrelated set of activities designed to transform inputs into outputs, which should accomplish your pre-defined business objectives. Processes produce an output of value, they very often span across organisational and functional boundaries and they exist whether you choose to document them or not.

A process can be seen as an agreement to do certain things in a certain way and the larger your organisation, the greater the need for agreements on ways of working. Processes are the memory of your organisation, and without them a lot of effort can be wasted by starting every procedure and process from scratch each time and possibly repeating the same mistakes.

At a very top level, the IP Risk Management process involves the following key phases …

  • Identification
  • Analysis
  • Review
  • Mitigation
  • Monitoring
IP Risk Mitigation Techniques:

There are a variety of IP risk mitigation techniques available, but of course their effectiveness will vary from one business to another. Some of the IP risk mitigation techniques are listed here, but this list if not exhaustive by any means …

  • Leveraging technical cooperation with others
  • Using Standards with fit for purpose IP policies
  • Obtaining indemnities
  • Participating in patent pools
  • Licensing IP
  • Designing around
  • Finding prior art to invalidate 3rd party IP
  • IP acquisition
  • Taking out IP insurance

It is important that a company builds up a good understanding and appreciation of the various IP solutions which exist, and if and when they should be deployed.

IP Risk Management System:

“Good Risk Management fosters vigilance in times of calm and instils discipline in times of crisis.”
– Dr. Michael Ong

An IP Risk Management System is only part of the solution. I suggest that the components of a good IP risk management solution are as follows…

  • IP and IP related Risk awareness and education
  • IP Risk Management process
  • IP Risk Management system / tool
  • Data (IP related risks, actions, documents, reports)
  • IP Risk Mitigation solutions
  • IP Risk Management resourcing (people, budget)
  • IP Risk Management governance

With Awareness and Governance being like the bookends, keeping everything else in proper order.

That said, a good IP Risk Management System helps ensure that the process is an efficient and effective one. It can improve data integrity as well as better support how IP risks are articulated and reported.

IP Risk Management Tool:

A Risk Management Tool is commonly used in business in such areas as project management and organisational risk assessments. It acts as a central repository for all risks identified and, for each risk, includes information such as risk probability, impact, counter-measures, and risk owner and so on. It can sometimes be referred to as a ‘risk register’ or ‘risk log’.

An IP Risk Management Tool is no different and is an essential tool to be able to manage this particular risk area. It initially provides a way to articulate the various IP related risks in a very structured manner. It then acts as an important tool for the ongoing management of these IP risks.


Typically an IP Risk Management Tool should contain…

  • A description of the IP related risk
  • The impact should this event actually occur
  • The probability of its occurrence
  • Risk score (the multiplication of probability and impact)
  • A summary of the planned response should the event occur
  • A summary of the mitigation (the actions taken in advance to reduce the probability and/or impact of the event)
  • Links to any associated documentation


In a “qualitative” risk tool descriptive terms are used: for example a risk might have a “High” impact and a “Medium” probability. In a “quantitative” risk tool the descriptions are enumerated: for example a risk might have a “$1 Million” impact and a “50%” probability.

A clever feature is to allow some calibration of the tool as different levels of impact and probability will differ from one company to another.

Final thoughts:

The skills needed to succeed with IP risk mitigation do not match exactly those needed to be successful with the other key IP processes, such as IP creation, IP portfolio management, IP exploitation and IP enforcement. The mind-set is just different for those charged with IP risk mitigation.

Who should be interested in IP Risk Management? Anyone…

  •  Operating in an IP litigious environment
  • Coming up for exit or listing
  • Anxious to get IP risk management under control
  • Whose executive management team are demanding visibility of IP related risks
  • Experiencing major business changes
  • Facing a major IP risk and realising that they are unprepared
  • Interested in proper governance of IP

IPRiskManagement(5)Finally it is important not to underestimate or exaggerate the risks associated with IP.  As IP relates to innovation and creativity, it can sometimes be an emotive subject and some care is needed.

 “When dealing with people, remember you are not dealing with creatures of logic, but with creatures bristling with prejudice and motivated by pride and vanity.”                           ―Dale Carnegie

(Graphics are taken from the Alder IP Risk Management Tool)

[This post originally appeared at IP Finance.]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: