Audit of the Management of Intellectual Property at the Public Health Agency of Canada
Download alternative format
(347 KB, 9 pages)
Organization: Public Health Agency of Canada
Date published: August 2024
Final Report
September 2023
Prepared by the Office of Audit and Evaluation
Health Canada and the Public Health Agency of Canada
Table of Contents
- Executive summary
- Criteria 1 and 2: Policies, roles, responsibilities, and accountabilities are in place and followed to protect PHAC's intellectual property interests
- Criterion 3: Intellectual property interests are appropriately identified, assessed, protected, and monitored
- Criterion 4: PHAC conducts sufficient IP-related training and awareness activities
- Appendix A – Scorecard
- Appendix B – About the audit
Executive summary
Introduction
Intellectual Property (IP) consists of the intangible assets generated by employees and resources of the Public Health Agency of Canada (PHAC), such as inventions, new technology, and novel designs. The owners and creators of IP receive certain time-limited legal rights to control the use of their IP assets. PHAC IP is a Crown asset that should be protected and controlled, in order to promote the health and safety of Canadians, as well as the financial stewardship of Government of Canada resources.
The PHAC Policy on IP was issued by the Office of the Chief Science Officer in 2017. PHAC's IP portfolio consists of more than 75 patent applications, patents pending, as well as patents that are granted, expired, or abandoned. This represents a variety of technologies, including vaccines, therapeutics, bacteriophages (viruses that infect bacteria and have various applications), diagnostics, and software. There are also numerous educational materials and scientific publications under Crown copyright.
The Office of Intellectual Property Management and Business Development (OIPMBD) falls under the National Microbiology Laboratory Branch (NMLB) and is responsible for IP protection and technology commercialization. OIPMBD assists in licensing technologies, supporting research collaborations, and negotiating various agreements where IP may arise.
The Audit of the Management of IP was included as part of PHAC's approved 2021 to 2023 Risk-based Audit Plan, in response to potential risks related to the identification, protection, and monitoring of PHAC IP.
Engagement objective
The objective of this audit was to determine whether appropriate management practices are in place to protect PHAC's interests as they relate to intellectual property (IP).
Overall conclusions
Overall, PHAC has implemented certain key management practices required to protect the Agency's IP. For example, the Agency has established the OIPMBD, currently located within the NMLB, for the overall management and protection of the Agency's IP and technology commercialization. They have also developed an Intellectual Property Policy to govern the management of all Agency-generated IP. The audit found opportunities to improve IP management by clarifying the responsibility for maintaining and implementing the IP Policy, strengthening PHAC's oversight of IP and its ability to enforce compliance with the Policy, and considering the strategic organizational placement of the Agency IP function to promote and recognize the broader, Agency-wide expectation for sound IP management.
Recommendations
- The VP NMLB and the Chief Science Officer, in consultation with Agency senior management, should determine the appropriate organizational placement of the PHAC's IP function, aligned with its authorities, roles, and responsibilities.
- The VP NMLB and the Chief Science Officer, in consultation with Agency senior management, should review and update the IP Policy, taking the following into consideration:
- reflecting any updates to the structure, authority, roles, responsibilities, and requirements that stem from Recommendation 1.
- clarifying the requirements for the disclosure of IP.
- identifying the potential consequences of non-compliance with the Policy; and
- reporting to senior management on the Policy at regular intervals.
- As part of the IP Policy update, the VP NMLB and the Chief Science Officer, in consultation with Agency senior management, should consider mandating OIPMBD involvement in the management (establishment, drafting, and review) of collaborative research, licencing, and material transfer arrangements to promote greater awareness of the need for appropriate agreements to ensure the sound management (identification, assessment, protection, and monitoring) of PHAC IP.
- As part of the IP Policy update, the VP NMLB and the Chief Science Officer, in consultation with Agency senior management, should clarify OIPMBD's role and authority as the Agency's IP subject matter expert, specifically as it relates to IP training. Consideration should also be given to making IP training material compulsory for all IP-creating employees, contractors, visiting workers, and other relevant parties.
Criteria 1 and 2: Policies, roles, responsibilities, and accountabilities are in place and followed to protect PHAC's intellectual property interests
Context
The Government of Canada's Intellectual Property (IP) Strategic Framework for Science-Based Departments and Agencies (SBDA) was created to assist with the effective management of IP across the country. PHAC developed an IP Policy founded on a series of guiding principles intended to promote better management of IP from creation through deployment. The Policy includes responsibilities to assist PHAC employees in IP identification, protection, and management.
Within the IP Policy, PHAC's IP management relies on the cooperation of various stakeholders. The Policy does not include compliance or enforcement measures that will ensure invention disclosure forms are completed and mandate the need for, and use of, collaboration, material transfer, and non-disclosure agreements. This lack of measures impedes OIPMBD's IP management role.
What did we expect to find?
We expected to find an IP Policy that clearly detailed the management, oversight, compliance, and supporting responsibilities for IP among PHAC stakeholders. We expected to see the Agency's IP lead's roles and responsibilities identified in the Policy. We also expected to find overall compliance with these roles, responsibilities, and requirements
Findings
Although the Agency developed an IP Policy in 2017, it has not clearly established all of the roles, responsibilities, and guiding principles necessary for the sound management of IP from its creation through its management. For example, the Policy does not define the reporting requirements and relationships between IP creators, their respective management, and the Agency IP lead. The Policy also does not define the authority and expectations for its enforcement, nor the consequences for non-compliance. In addition, the IP Policy relies on linkages with external policies, such as Treasury Board IP policies and the Public Servants Inventions Act. These gaps make it difficult for all stakeholders to understand and respect their responsibilities and could hinder the Agency's ability to manage its IP effectively.
Since the 2017 IP Policy was issued, the organizational placement of the Agency's IP function and its role within the Agency have changed. The IP function was originally created within the National Microbiology Laboratory (NML; 2001), was transferred to Office of the Chief Science Officer (OCSO) in 2014 and was subsequently (2018) moved back to the National Microbiology Laboratory, which became a Branch (NMLB) in July 2021. This change in organizational placement has not been reflected in the PHAC IP Policy. The OIPMBD has no defined authority to compel managers to involve OCSO in the management and protection of the Agency's IP, and its location within an operational branch reduces visibility on science and potential IP occurring outside of the NMLB.
Currently, the Policy relies on PHAC managers' and employees' adherence to legislation, other policies and agreements, including the Public Service Inventions Act (PSIA), individual non-disclosure agreements (NDAs), Collaborative Research Agreements (CRAs), and various values and ethics codes as a control for protecting IP. Although the IP Policy includes a requirement to disclose potential IP discoveries, it does not specify that the disclosures should be made to the OIPMBD, and it does not define any consequences if the IP is not disclosed. This leads to a risk of unidentified IP and reduces the OIPMBD's ability to monitor and manage Agency-generated IP.
Ultimately, the PHAC IP Policy identifies the Office of the Chief Science Officer (OCSO) as being responsible for providing oversight of PHAC IP, a function supported by the OIPMBD in NMLB. The roles and responsibilities for identifying and safeguarding PHAC IP are shared across the Agency's IP generating activities and by all PHAC employees. The OIPMBD is responsible for providing authoritative and expert advice related to IP management, but these shared responsibilities increase the risk that IP could go undetected and be claimed, patented, and potentially commercialized by another organization.
Conclusion
Although the 2017 IP Policy outlines roles and responsibilities for IP management, it is outdated and does not accurately outline the current roles, responsibilities, and reporting structures of the Agency's IP function. It also does not adequately define accountability, nor provide authority for the IP lead to monitor IP management in the Agency. Before the Policy is updated to account for these considerations, the Agency should consider the organizational placement of the IP function, given its pan-Agency role, to ensure it has the ability to effectively monitor compliance with the Policy and to protect all of the Agency's IP.
Recommendation 1
The VP NMLB and the Chief Science Officer, in consultation with Agency senior management, should determine the appropriate organizational placement of the PHAC's IP function, aligned with its authorities, roles and responsibilities.
Recommendation 2
The VP NMLB and the Chief Science Officer, in consultation with Agency senior management, should review and update the IP Policy, taking the following into consideration:
- reflecting any updates to the structure, authority, roles and responsibilities, and requirements that may stem from Recommendation 1.
- clarifying the requirements for the disclosure of IP;
- identifying the potential consequences of non-compliance with the Policy; and
- reporting to senior management on the Policy at regular intervals.
Criterion 3: Intellectual property interests are appropriately identified, assessed, protected, and monitored
Context
The NMLB's OIPMBD is responsible for managing the Agency's inventions and related IP. The Office ensures that IP is protected through various types of agreements and advice on IP-related publications and copyright. These activities all rely on PHAC employees and managers voluntarily disclosing their work to the OIPMBD.
What did we expect to find?
We expected to find clearly defined roles and responsibilities surrounding IP management (disclosure, reporting, protection, and oversight) that includes all PHAC IP stakeholders. We expected that the OIPMBD would provide additional IP support and guidance to the Agency.
Findings
Overall, OIPMBD identifies, assesses, protects, and monitors all of the PHAC IP that is disclosed to them. However, there is a risk that there is IP that is not identified, nor voluntarily disclosed to the OIPMBD by PHAC employees and managers.
To examine how the OIPMBD identifies, assesses, and protects PHAC IP, the audit team reviewed the invention disclosure forms and related documents for the last five years. Of the five files received:
- two files were handled according to OIPMBD procedures and resulted in patents;
- two files were abandoned, one because it was reviewed and deemed not to constitute an invention, and the second due to the PHAC researchers' contribution being estimated to be only 5% of the total invention; and
- one file is in the process of being patented by another interested party, against the provisions of the PSIA, and despite the substantive work having been completed by Agency employees using its resources.
In the case of the patent filed by another party, we found that the researcher, a PHAC employee, had approached the OIPMBD several years prior and the invention wasn't deemed ready for patent. The researcher continued their work using PHAC facilities and government grants, via a collaborative work arrangement. However, the other party in the collaborative agreement filed to patent the invention once it was ready. The disclosure requirements of the current IP Policy do not require researchers to report on work progress and, as a result, there was no way for the OIPMBD to know the invention was ready to patent.
The OIPMBD's role in managing PHAC IP includes providing guidance and support for the licensing of IP, promoting research collaborations, assisting in negotiating agreements, providing invention disclosure resources, and supplying documents related to publication and copyright approval. However, this support and guidance is not a mandatory requirement of the Policy and is provided only on an as-requested basis. Additionally, there is currently no mechanism (i.e., listing of all ongoing science, listing of approved affiliations) to allow the OIPMBD to proactively seek out and identify potential sources of PHAC-generated IP that may need to be assessed, protected, and monitored. As a result, there is a risk that PHAC IP generating activities are not being identified, assessed, protected, nor monitored.
Conclusion
OIPMBD manages all PHAC IP that is disclosed to them in accordance with established policies and procedures. However, OIPMBD relies on PHAC employees to follow the policy and PHAC managers to ensure compliance, including reporting IP disclosures to OIPMBD. If these groups do not follow the Policy, OIPMBD cannot fulfill its oversight requirements, and there is an increased risk that PHAC IP will not be properly identified, assessed, monitored, nor protected.
Recommendation 3
As part of the IP Policy update, the VP NMLB and the Chief Science Officer, in consultation with Agency senior management, should consider mandating OIPMBD involvement in the management (establishment, drafting, and review) of collaborative research, licencing, and material transfer arrangements to promote greater awareness of the need for appropriate agreements to ensure the sound management (identification, assessment, protection, and monitoring) of PHAC IP.
Criterion 4: PHAC conducts sufficient IP-related training and awareness activities
Context
PHAC is responsible for providing employees with appropriate training and resources to promote better IP management. IP training provides foundational knowledge of the key definitions, roles, and processes involved with PHAC IP. The OIPMBD team is responsible for developing, managing, and delivering IP training. OIPMBD developed an Education Plan that includes initiatives to enhance awareness of the Agency's IP rights and responsibilities.
What did we expect to find?
We expected to find training activities that provide employees with the tools and knowledge required to safeguard IP. We also expected to find awareness efforts that increase the visibility of employees' IP obligations.
Findings
Overall, OIPMBD has implemented some IP training and awareness initiatives to support employees and managers in understanding their roles and responsibilities in IP management. OIPMBD has developed an Education Plan that outlines IP-related resources and training material made available to research scientists. The IP Education Plan initially limits Agency-wide implementation and prioritizes NMLB, which is a way to reach the largest audience of PHAC IP creators with the resources available to OIPMBD.
The IP Education Plan includes:
- Weekly IP info emails to NMLB staff that provide information on key terms, forms, etc.;
- On-request reference material;
- IP training modules available through MyLearning;
- Non-compulsory virtual IP training; and
- Process reference tools for MTAs, CRAs, NDAs, etc.
Due to the current organizational placement of the IP function within the Agency, OIPMBD does not have the Agency-wide authority to manage and ensure compliance with IP training initiatives or requirements, and OIPMBD has stated that human capacity limits the ability to implement Agency-wide training and awareness initiatives, given the broader roles and responsibilities of that division.
The IP Policy governs the management of all IP generated by PHAC activities; however, it does not reflect the structure and roles of NMLB and OCSO regarding PHAC's IP training and awareness activities. The IP Policy assigns the responsibility for providing employees with training and resource materials to the Agency overall as part of its guiding principles. This does not provide the OIPMBD with specific authority or responsibility for training within the Agency. The communication of, and compliance with the Policy, as well as ensuring participation in training activities, falls to PHAC managers. OIPMBD had developed IP guidance material for PHAC managers and employees; however, these training activities are not mandatory for all staff that may be generating IP.
Conclusion
OIPMBD conducts training and awareness activities and has developed a detailed IP Education Plan. However, training is not mandatory, nor part of any employee onboarding package, and the current Policy does not provide the authority to ensure PHAC employees participate in the Education Plan. As a result, PHAC employees may be unaware of their responsibilities and may not be properly protecting PHAC's IP.
Recommendation 4
As part of the IP Policy update, the VP NMLB and the Chief Science Officer, in consultation with Agency senior management, should clarify OIPMBD's role and authority as the Agency's IP subject matter expert, specifically as it relates to IP training. Consideration should also be given to making IP training material compulsory for all IP-creating employees, contractors, visiting workers, and other relevant parties.
Appendix A – Scorecard
Criterion | Risk rating - Residual risk without implementing the recommendation | Risk remaining without implementing recommendation | Rec # |
---|---|---|---|
Policies, roles, responsibilities, and accountabilities are in place to protect PHAC's IP interests. | Moderate risk | The current IP policy does not accurately reflect the current assignment of responsibility for IP within the Agency, nor does it provide sufficient authority for OIPMBD to protect IP. | 1 |
Policies, roles, responsibilities, and accountabilities in place to protect PHAC's IP are followed. | Moderate risk | The duties currently being performed by OIPMBD are not currently reflected as roles and responsibilities in the IP Policy. This does not allow OIPMBD to proactively encourage and support IP disclosures and protection, or to ensure that all IP generating employees follow the established rules. | 2 |
IP interests are appropriately identified, assessed, protected, and monitored. | Moderate risk | Most of the research undertaken by PHAC scientists that may be subject to IP protection are undertaken as part of collaborative research, licencing, and material transfer agreements. Without the advice of IP experts, inventions resulting from these arrangements are at risk of not being adequately protected. | 3 |
PHAC conducts training and awareness activities. | Minor risk | Adherence to the IP Policy is currently the responsibility of Agency managers and employees. Without adequate training and awareness activities, there is increased risk that employees and managers may not be aware of their responsibilities under the IP Policy, and consequently, PHAC-developed IP may be at increased risk of not being properly disclosed, nor protected. | 4 |
Appendix B – About the audit
Audit objective
The objective of this audit was to determine whether appropriate management practices are in place to protect PHAC's interests as they relate to intellectual property (IP).
Audit scope
The scope of the audit focused on the intellectual property processes, practices, and controls in place at PHAC.
The audit did not examine conflict of interest processes, as these will be the subject of a separate OAE audit.
Audit approach
The audit was conducted in accordance with the Government of Canada's Policy on Internal Audit, which requires examining sufficient and relevant evidence, and obtaining sufficient information and explanations to provide a reasonable level of assurance in support of the audit conclusion.
The audit approach included, but was not limited to:
- Interviews with management, committee members, and key stakeholders within corporate and branch organizational units.
- Review of processes and methodologies and examination of outputs and other relevant supporting documentation; and
- Testing of controls as required.
Statement of conformance
This audit was conducted in conformance with the International Standards for the Professional Practice of Internal Auditing and is supported by the results of the Office of Audit and Evaluation's Quality Assurance and Improvement Program.
Audit criteria
- Policies, roles, responsibilities, and accountabilities are in place to protect PHAC's IP interests.
- Policies, roles, responsibilities, and accountabilities in place to protect PHAC's IP are followed.
- Intellectual property interests are appropriately identified, assessed, protected, and monitored
- PHAC conducts sufficient IP-related training and awareness activities.
Page details
- Date modified: