According to a study by Ocean Tomo LLC, Intellectual Property (IP) accounts for as much as 84 percent of the market value of S&P 500 companies. With so much value at stake, companies often look to an IP audit to inform corporate directors, executives, and legal counsel about the status of the company’s IP and to educate these decision makers on strategies to improve protection, maintenance, and enforcement efforts against infringers.
Let’s examine what’s involved in an IP audit and how one could strengthen the governance of your enterprise.
What Is an IP Audit?
The two most common types of IP audits are an IP inventory audit and a comprehensive IP audit. The purpose of an IP inventory audit is to identify the IP assets of a company: patents, trademarks, copyrightable works, and trade secrets. The resulting list of assets is crucial because it may reveal IP that is outdated, underutilized, or that no longer has value. Companies may undergo an IP inventory audit prior to a merger or other corporate transaction, or simply when leadership wants an updated IP status report.
The comprehensive IP audit begins with the compilation of IP assets, but the real purpose is to review and analyze how the company utilizes its IP. Effective IP management requires careful attention to protecting, maintaining, and enforcing IP, and the comprehensive IP audit can be a powerful tool in this regard.
IP protection involves securing rights, and how this is done depends on the type of IP.
• Trademark protection derives from use in the marketplace, and those rights can be enhanced upon registration at the U.S. Patent and Trademark Office (PTO).
• Copyright protection exists when an original work of expression is fixed in a tangible form, e.g., a contemporaneous speech is not protected but an audio recording of it is. Similar to trademarks, copyright protection can be enhanced through government registration (via the U.S. Copyright Office).
• Patent rights exist only upon registration with the PTO.
• Trade secret protection exists once the company has taken reasonable measures to safeguard the secrecy of information that gives it economic advantage, such as the formula to Coca-Cola.
The comprehensive IP audit can reveal gaps in protection and candidates for enhanced protection (e.g., trademarks or copyrightable works that the company uses but has not registered with the PTO or the U.S. Copyright Office). Also, if the company holds valuable trade secrets, the comprehensive IP audit helps determine whether the company has closely guarded them via employee nondisclosure agreements or other internal protocols.
The comprehensive IP audit will also reveal whether the company is meeting its periodic registration renewal deadlines, or, more formally, performing sound IP maintenance practices. It should also reveal whether the company is using its IP consistently and correctly (e.g., using a trademark as an adjective to describe a product or service rather than using it as the product name itself). In the case of trade secrets, the comprehensive IP audit should cover whether the company continues to adhere to whatever confidentiality protocols it used to establish trade secret protection in the first place.
A comprehensive IP audit can also help guide IP enforcement efforts. Effective IP enforcement includes policing against misuse and infringements and taking appropriate measures to stop violations.
A Comprehensive Report to Guide the Future
The comprehensive IP audit results in a written report that accompanies the list of IP. A good report will contain best practices and advice on ways the company can enhance, strengthen, and better protect the IP. This report acts as a roadmap for an effective long-term IP management strategy, and it can help the company proactively get in front of issues, implement changes in its IP policies and procedures, prioritize the company’s IP needs, and, importantly, budget for all of the above. This makes IP management more cost effective in the long term rather than waiting to put out fires when issues inevitably arise, and it is a positive risk management practice for boards to add to their oversight duties.
The written report can also provide insight into potential liabilities caused by the company’s current practices. Liability can occur for several reasons. For instance, a company can be held liable if it uses another’s IP without permission or beyond what may be permitted in a license agreement. Another common scenario that exposes a company to liability is if the company is not properly protecting itself when it allows users to post content to the company’s website. The audit report can highlight these issues and offer recommendations to curb and correct these behaviors.
Any time is a good time for a company to conduct an IP audit, especially if one has never been conducted or especially if new leadership has taken over and new strategies are being implemented. Preparing for an initial public offering, undergoing a merger or acquisition, or implementing a corporate restructuring are all prime situations that warrant an IP audit. An IP audit is a prudent next step in making sure that the company is doing everything it can to protect its valuable assets.
Adam W. Sikich, Esq. is senior counsel at Dunner Law PLLC in Washington, DC. Sikich specializes in all aspects of counseling in the areas of trademark, copyright, trade secrets, and licensing. He can be reached at firstname.lastname@example.org.
Because board members set their own pay, director compensation is a wide-open opportunity for shareholder litigation. In this BoardVision interview–moderated by NACD’s Publisher and Director of Partner Relations Christopher Y. Clark—Marty Coyne, experienced director and chair of NACD’s New Jersey chapter, and Dan Laddin, partner at Compensation Advisory Partners, discuss ways boards can limit exposure to litigation when it comes to director compensation:
Both the compensation committee and the governance committee are involved in determining director pay.
Director compensation aligns with that of company peers.
Director compensation is based on the responsibility of directors—which may see little change from small to large companies.
Companies may consider adopting a shareholder-approved limit for director compensation.
Here are some highlights from the discussion.
Christopher Y. Clark: Do you think that the [nominating and governance] committee or the compensation committee should [have primary responsibility for setting director pay]?
Dan Laddin: Chris, if we look at the market, it’s pretty mixed—a little bit leaning towards [the] compensation committee versus [the] nom/gov [committee]. At the end of the day, I think it really comes down to the principles you use for compensation of your directors overall. One, you may want to make sure you have an objective committee, which obviously you would [with]…either. You also want to make sure that compensation for directors aligns with the philosophy of the directors, and so in that sense, maybe the compensation committee is a little closer to that. At the end of the day, there’s a lot of cross-pollination usually across those two committees, so either works fairly well. We do see a little bit [of] leaning towards the comp committee though.
Clark: Thanks, Dan. Marty, you’ve been on all types of boards. What is your take?
Marty Coyne: I prefer the compensation committee…mainly because the comp committee is much more familiar dealing with the compensation consultant and much more familiar with the peer group. And so when you look at all of the data inputs, the comp committee understands the source, where the weaknesses are, and the strengths. I think one of the key things, though, is the full board approves director compensation. So regardless of which committee brings it forth, and brings forth the recommendation, the full board has to vet it and approve it.
Clark: In many cases, for leading governance practices, company size does matter. [Companies] are affected by different policies and regulations. The boards are occasionally very different; occasionally they are not. But when it comes to director compensation, it is a hot button and it certainly affects that board’s reputation [and] the company’s reputation, but most importantly, that individual director’s reputation. So, Dan, again, let me start with you. Do you feel that there is a company size factor here when it comes to compensation and reputation?
Laddin: I think reputation risk exists regardless of the size of the company, and that’s somewhat borne out by the compensation data we would take a look at. … [T]here’s a basic responsibility of directors that doesn’t really change, regardless of company size, and that’s really reflected in the compensation data.
Coyne: There is a scale that the bigger the company [is], the more the directors are paid. The exposure potential for larger-company directors is far greater than the smaller-company directors because they just make better news than the smaller companies. There is a point though; it’s almost like a minimum size where, when you hit it,…the director workload is pretty much the same regardless of the size of the company. And, to attract and retain good directors, you’ve got to pay a fair compensation for those individuals.
Clark: Many companies have director compensation limits. My question would be why, and what is a fair compensation limit?
Laddin: Sure. So this concept of the limits really [has been] coming to play in the last few years, as there were a few lawsuits against companies that said directors are inherently conflicted when they are setting their own pay. And in those specific companies, the view was that they set it well above any credible norm… The attorneys came in and said, “We can basically put in a shareholder-approved limit on directors’ compensation,” which then gets us back within this business judgment rule.
Clark: For the shareholder-approved limit, what’s the status today?
Laddin: We’re seeing most companies, as they go back to shareholders to renew their plans in the normal course, that that’s when they go back and put in a limit. When they go back for new equity plans or just general approval from shareholders, that’s when it’s happening. I wouldn’t say there’s a mad rush to do it, but it is normal course.
Clark: Well, Marty, what has been your experience? You’ve been on public boards, [and] you’ve been on private boards.
Coyne: I think…having a limit is very, very valid—and it’s necessary. I don’t see any resistance to putting limits on directors’ compensation. If I were a shareholder, I would expect my compensation plan that I’m approving to have limitations for director compensation.
Clark: When we look at the umbrella of business judgment and compensation, I’ve got to ask you, is the litigation environment lukewarm or is it red hot?
Laddin: I would say it’s lukewarm at this point. The lawsuits have really been at the extremes where director compensation was well above the norm.
Coyne: I think…there’s been a quantum step forward on the nom/gov side in choosing the right directors sitting around the table. I think the next step is going to be how do you compensate your directors? What is your philosophy to attract and retain good directors? How does director compensation correlate with company performance? Is there potential pay at risk? I think there will be some…comparisons of director comp to the TSR. And if a company is not performing well, I think directors are going to have to answer a lot of tough questions about why are we paying you when the company performance is so poor? But I don’t see any dramatic changes in the next couple of years.
Emerging risks can be like smoldering embers that can be seen and smelled before erupting into flames. Unlike a fire, these risks may take months or even years to manifest themselves as business challenges. For example, aging populations, growing income disparity, and sustained underemployment are long-unfolding changes affecting the world’s population. Unabated, they eventually will alter the social and political landscape and affect consumer demand for goods and services. It’s not a matter of if, but when.
Emerging risks are triggered by unanticipated changes in the environment and include events ranging from catastrophic events that make an immediate impact (e.g., a tsunami or terror attack), the realization of existing risks accelerated by external factors (e.g., changes in customer preferences or new competitor actions), and the emergence of internal business factors that have materialized over a longer period (e.g., a breakdown in the internal control environment or risk culture).
The identification of these and other emerging risks is important to boards that value early warning. The uncertainty around their ultimate impact on the organization make it difficult for senior management and risk executives to assess their relevance and formulate an appropriate enterprise response, and may make management feel reluctant to assign ownership of the risks. Most importantly, these factors make it hard for management to decide what to communicate to directors, given the board’s crowded agenda.
The following are practical principles for boards to consider with respect to how the organizations they oversee should identify and communicate emerging risks.
Expect management to inform the board of relevant emerging risks and trends on a timely basis. Executive management and risk executives are responsible for communicating significant emerging risks and changes in critical enterprise risks to the board. The timing and frequency of these communications are dictated by the severity of the risk’s impact on the organization, the velocity (or speed of onset) at which the risk impacts the organization, and the uncertainty regarding if and when the risk will manifest itself. The board should expect management to review, monitor, and understand the most significant emerging risks and determine appropriate responses as the nature of the risks and their impact become clearer over time.
Consider the potential consequences of newly planned actions. When new strategic objectives, research and development initiatives, mergers and acquisitions, and other opportunities are undertaken, it is important that management understands their impact on the entity’s resources, business infrastructure, and culture. In addition, the potential impact of the planned actions on customers, suppliers, regulators, competitors, and other external parties should be considered.
Challenge critical assumptions using plausible and worst-case scenarios. The performance of a scenario analysis exercise will help to identify opportunities and avoids unacceptable losses and surprises. Management should assess relevant scenarios that could render invalid the critical assumptions underlying the business case and economic justification supporting proposed strategies, investments, acquisitions, and other key decisions. This assessment informs the board’s risk oversight by positioning executives and directors to challenge the key assumptions that matter. With respect to worst-case scenarios, the question is not “Can it happen?” but “What is the impact if it does happen, and how will we respond?”
Use key risk indicators (KRIs) to identify new and emerging risks or changes to existing risks. KRIs are qualitative or quantitative measures used to monitor the critical risks, responses to them, and facilitate risk reporting. While key performance indicators (KPIs) are generally retrospective in nature, KRIs are typically forward-looking lead metrics. When KRIs are focused on successful execution of the strategy, we have seen them used effectively in conjunction with board reporting, particularly when they are linked to the critical risks and assumptions underlying the strategy.
Look far enough forward to spot emerging risks and megatrends. Today, we see evidence of transformational change on a number of fronts. The digital technology revolution that’s increasing interconnectedness of people and things, the risk of cyberattacks, aging populations, income disparity (as mentioned earlier), increased urbanization and resulting new large markets, environmental decline (e.g., quality of air, soils and water), increasing nationalist sentiment, and geopolitical tensions in different regions are important dynamics of change. In the past, longer time horizons (say, 10 years) usually were needed to notice these risks. But today, many of these risks are becoming more imminent. Ignore them at the risk of an irrelevant strategy.
Monitor the threat landscape driving known critical enterprise risks closely. Regulatory, cybersecurity, economic, talent acquisition and retention, identity and privacy, financial markets, and other top-of-mind issues pertinent to executive management and the board merit close attention to ascertain whether changes in these risks are occurring for the worse, leaving the organization in a vulnerable position. Metrics reported to the board for critical enterprise risks should focus on changes in the risk profile and whether such changes warrant an updated risk response.
Applying the above principles will help executive management and boards face the future with confidence through greater awareness of the risks that matter.
Jim DeLoach is a managing director with Protiviti, a global consulting firm.