Audit Trail

A systematic review of a company's intellectual property portfolio — including patents, trademarks, copyrights, trade secrets, domain names, and licences — to assess ownership, validity, enforceability, freedom to operate, and commercial relevance. IP audits are essential in M&A due diligence, technology licensing negotiations, and litigation preparation.

Adherence to the requirements of the Sarbanes-Oxley Act of 2002 (SOX), US federal legislation mandating rigorous financial reporting, internal controls, and audit standards for publicly traded companies. SOX Section 302 requires CEO/CFO certification of financial statements, while Section 404 mandates annual assessment of internal controls over financial reporting.

The policies, procedures, and mechanisms established by an organisation to ensure the reliability of financial reporting, effectiveness of operations, and compliance with applicable laws and regulations. The COSO framework provides the most widely adopted internal controls standard, defining five components: control environment, risk assessment, control activities, information and communication, and monitoring.

A structured process required under GDPR Article 35 to identify, assess, and mitigate privacy risks arising from data processing activities that are likely to result in high risk to individuals. DPIAs are mandatory before deploying new technologies, large-scale profiling, or processing sensitive personal data, and must document the necessity, proportionality, and safeguards of the proposed processing.

The documented lifecycle of data as it moves through an organisation's systems, showing its origin, transformations, dependencies, and destinations. Data lineage provides visibility into how data is created, processed, and consumed, enabling organisations to ensure data quality, comply with regulatory requirements (particularly GDPR's right to explanation), debug data pipeline issues, and assess the impact of system changes.

A mathematical model trained on data to identify patterns and make predictions without being explicitly programmed for each task. Machine learning models underpin many AI-driven business applications, from demand forecasting to fraud detection, and their development costs are increasingly recognised as intangible assets under IAS 38 when they meet the identifiability and future economic benefit criteria.

The policies, procedures, and controls organisations implement to ensure they do not engage in prohibited transactions with sanctioned countries, entities, or individuals. Sanctions regimes are administered by bodies including OFAC (US), OFSI (UK), and the EU Council, and violations can result in severe criminal penalties, asset freezes, and reputational damage.

The regulatory categorisation system that assigns medical devices to classes based on their risk to patients, which determines the level of regulatory scrutiny required for market approval. The EU MDR uses four classes (I, IIa, IIb, III) while the FDA uses three (I, II, III).