Accountants Should Think Like Lawyers When Confronting Cybersecurity, Big Data and Intellectual Assets

The Public Company Accounting Oversight Board (PCAOB) apparently is about to confront some potentially significant issues involving intellectual assets (IA’s), including intellectual property assets (e.g., patents).

More specifically, the PCAOB “is a nonprofit corporation established by Congress [through the Sarbanes-Oxley Act of 2002] to ​oversee the audits of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, accurate and independent audit reports.” (www.pcaobus.org)

Reportedly, the PCAOB soon will be considering or, perhaps in some respects, reconsidering how companies account for cybersecurity, big data and IA’s.  (December 16, 2014 Wall Street Journal, B5)  Certainly, those are significant issues that deserve careful consideration.

The PCAOB could propose new or revised cybersecurity, big data and IA valuation standards or rules, which would be subject to review and approval by the Securities and Exchange Commission (SEC).  Regardless of the ultimate work product, the PCAOB and SEC hopefully will be mindful of three points.

First, only so much about a company’s cybersecurity should be disclosed.  Revealing too many details could highlight a vulnerability or even motivate a cyberattack in one form or another.  Indeed, certain cybersecurity disclosures might be the equivalent of ringing the dinner bell for hackers.  Recognizing that, one should question whether meaningful cybersecurity information can be disclosed to investors or serve the public interest without unduly compromising the viability of at least some of the company’s assets.

Second, big data is a dynamic, multi-layered and complex topic.  In other words, big data can positively impact a company’s bottom line, but realizing such an impact requires that a company diligently and intelligently make sense of pertinent data.  Akin to cybersecurity, one should question whether meaningful information about a company’s big data procedures can be disclosed to investors or serve the public interest without unduly compromising the viability of at least some of the company’s assets.

Third, IA valuations might be used by parties to, and impact, litigation or transactions where the IA’s are at issue.  As such, any IA valuation rule or standard should account for the possibility, if not probability, that a typical IA valuation has not accounted for all factors that can or should be considered in determining damages in litigation or establishing monetary terms in a transaction.