Institutional Review Processes

How I Review Contracts (Without Wasting Hours) Most people read contracts line by line from the start. I don’t. That’s the slowest way to catch red flags. Instead, I reverse-engineer them to spot risks first. Step 1: Get the Big Picture – What’s this contract actually about? Who has more power in the deal? This tells me what to watch out for. Step 2: Find the Risks – I jump straight to liability and termination clauses. Can my client walk away if things go south? Are they taking on unfair risks? Step 3: Follow the Money – I check payment terms, penalties, and refunds to make sure there are no vague or sneaky conditions. Step 4: Watch for Dispute Traps – Jurisdiction and arbitration clauses can quietly make legal battles expensive or one-sided. I flag them early. Step 5: Dig Into the Fine Print – Standard clauses like indemnification, non-compete, and amendments often hold surprises. I don’t skim them. Step 6: Read Line by Line – Only after flagging key issues do I read everything carefully, making sure nothing slips through. This method saves time, catches hidden risks faster, and makes contract review way more efficient. Want me to break down a contract using this? Let’s talk.

"This working paper will argue that standardization is the ideal route for establishing robust and adaptive AI governance for the research sector internationally. This is mainly because of the ability for standardization to engage multiple stakeholders with different interests while ensuring accountability and robust requirements through conformity assessment and certification within a standard. The first section of the paper will begin with an evaluation of the primary global risks posed by AI use within research institutions. The second section will discuss how these global risks require global governance structures and what that might look like in the research context. The third section will address some of the primary concerns or critiques of standardization as a method of governance and potential paths to ensure those shortcomings will not affect efficacy and robustness of an international standard for AI use in research. The fourth section will review the existing landscape of international standards for AI, the process of international standard development through the International Organization for Standardization (ISO) and other key institutions and organizations that might play a role in an ISO standard for AI in research. The fifth section will detail the essential elements of any ISO standard for AI in research. The final section will provide conclusions and recommendations for institutions to develop the CAN/DGSI 128 standard into an international standard." Great work from Matthew da Mota, Ph.D. at the Centre for International Governance Innovation (CIGI) #AI #AIgovernance 

3 Workflows I've Automated for in-house teams. ① Ask Legal ② Procurement ③ Contract Review (not just the review!) 1. Ask Legal [or any department for that matter 🤷🏼♀️] You've heard me talk about legal teams and knowledge management. Long story short, your legal team is answering the same 20 questions over and over 😵💫 A simple way to save a CHUNK of time answering questions from the business (enabling them to go faster) ALL while having complete control & keeping a human in the loop? ↪️ Set up an 'Ask Legal' bot in your comms platform. ↪️ Sync it with your knowledge base (e.g GDrive/Notion/Sharepoint). ↪️ Set up your custom instructions (Want it to tag Bob on privacy questions only, specifically on a Tuesday? No problem).  ↪️ Don't want the answer to go straight out to the business without reviewing it first? Cool, turn on co-pilot mode. The result? 60-80% fewer repetitive queries. Your team focuses on the high value things that need a human lawyer. 2. Procurement Businesses have 100's of tools, but when departments don't speak to each other you end up with duplicate tools & subscriptions 😭 💵 🚽.  What if there was a way for the business to find out in <1 minute if there was a tool available that covered their needs, before needing to spend some hard secured department budget? Moreover, what if I told you, they could kick off the internal procurement process from the comfort of your comms platform? Team member : “Do we already have a tool for X?” in Slack/Teams ✅ Bot checks knowledge base (policies, procurement tool). ✅ If a match is found, it shares the approved tool & owner to contact. ✅ If not, the bot can ask the user for more info and direct them with next steps to kick off the procurement process from inside Slack/Teams. Ensuring your users ACTUALLY follow the process, without adding friction. Did I just see your CFO cry tears of joy? 3. Third Party Vendor Contract Review & Project Management Getting AI to redline a contract (as a first pass) is a huge win, but there's still the other pieces of the process missing, like: 🤷🏼♀️ The business figuring out IF legal review is even needed (according to company policy). 📨 The business actually submitting the contract to legal. 😩 Managing review capacity within the legal team. 🖥️ Getting the legal team to log & update the PM tool. The list never ends. Legal reviews only what actually needs their eyes, turnaround times improve, and the business stops pinging the team for “update pls?” in Slack : ) TLDR; Most legal teams are drowning in admin work that could be automated. I've built all of these using simple processes and tools (that I've found most businesses have). You also know I love a good Figma flow. So I’ve built them for all three of the above (see a sneak peak below). Want the entire thing? Comment "FLOWS" and I'll send them over. Also, tell me what you want to see - more of the above or step-by-step how-to build videos?

Most universities face a governance challenge hiding in plain sight: How do you bring together and coordinate your entrepreneurial ecosystem? Research, technology transfer, and entrepreneurship centres are often scattered across different portfolios and reporting lines. Sometimes, tech transfer sits outside as a university-owned subsidiary. Each part may be strong on its own, but without deliberate coordination, the ecosystem as a whole is harder to navigate for researchers, students, and external partners. The University of New England (US) has just taken a step to address this, and while it’s not the answer for everyone, it’s a case study worth considering. UNE has realigned its research and innovation enterprise by: 🔹 Creating the Office of Research and Innovation (signalling that innovation is core to research, not an add-on) 🔹 Bringing the Centre for Innovation and Entrepreneurship under the same umbrella (removing silos while preserving local strengths) 🔹 Coordinating the full continuum from discovery → application → commercialisation 🔹 Making it simpler for students, faculty, and partners to access the whole ecosystem The point isn’t centralisation or uniformity — it’s governance. Strengthening the connective tissue so the ecosystem can flourish: 🔹Researchers have clearer, supported pathways to move ideas forward 🔹Students find opportunities without hitting organisational walls 🔹External partners connect quickly to the right expertise and infrastructure UNE’s approach shows what’s possible when governance is intentional. Every university has to grapple with this in its own way, shaped by its structures, culture, and priorities, but the question they face is the same: How do you align research, entrepreneurship, and commercialisation so they reinforce each other rather than compete for attention? #UniversityGovernance #InnovationEcosystem #Entrepreneurship #ResearchImpact #HigherEducation #TechTransfer #Universities 👉 https://lnkd.in/gxUeTjmN

The legal technology landscape has never been more promising, yet I continue to observe fundamental disconnects between our tools and our workflows. After years of working at the intersection of law and technology, I've identified six critical gaps that deserve our collective attention as opportunities for meaningful improvement: 1. The Workflow Integration Challenge We invest in sophisticated AI-powered contract review platforms while basic document intake remains fragmented. The most advanced technology loses its impact when the foundation isn't solid. Success requires us to examine and optimize entire workflows, not just individual tools. 2. Demonstrating Value Beyond Intuition "It feels more efficient" doesn't satisfy stakeholders who need concrete metrics. We must develop better frameworks for measuring and communicating the value of legal technology investments. This means tracking not just time saved, but quality improvements, risk reduction, and business enablement. 3. Resource Allocation Reality Legal departments face increasing demands with static resources. The solution isn't always more headcount or bigger budgets—it's reimagining how work flows through our departments. Strategic automation and process optimization can multiply our impact without multiplying costs. 4. Empowering Business Partners The most effective legal departments enable self-service for routine matters. When business partners can confidently handle standard NDAs or basic contract questions independently, legal professionals can focus on higher-value strategic work. This shift requires intentional design and change management, but the payoff is substantial. 5. Measuring What Truly Matters While cost per contract provides one data point, we need metrics that capture our true business impact. Are we accelerating deal velocity? Reducing friction in the sales process? Enabling better business decisions? These outcomes matter more than pure efficiency metrics. 6. Meeting Users Where They Work The best legal technology integrates seamlessly into existing workflows. Rather than creating another portal or login, we should focus on bringing legal intelligence into the tools our colleagues already use daily. Invisible technology often provides the most visible results. Each of these challenges represents an opportunity to strengthen the connection between legal and business teams while leveraging technology more effectively. The path forward requires honest assessment, collaborative problem-solving, and a willingness to challenge traditional approaches. We have the tools and knowledge. We now we need to align them with how people actually work. Let's continue building a legal tech community that transforms these disconnects into opportunities for innovation and growth. #legaltech #innovation #law #business #learning

🔒 CONTROL TESTING: Turning Assumptions into Evidence Designing internal controls is essential—but proving they work is where real assurance lies. Control testing is the bridge between theory and reality, showing whether detective, preventive, and corrective measures actually protect your organization. 1️⃣ Why it Matters • Detective controls (e.g., reconciliations) must flag anomalies. • Preventive controls (e.g., approvals) should stop errors before they occur. • Corrective controls (e.g., backups) need to restore operations swiftly. If these fail under scrutiny, risk hides in plain sight. 2️⃣ Essential Control Testing Cycle 1. Define Control Objective – What risk does the control tackle? 2. Test Design – Does the control, in theory, cover the risk? 3. Test Operating Effectiveness – Does it work in real life? Sample transactions, observe processes, interview owners. 4. Document Results – Evidence speaks louder than opinions. 5. Report & Remediate – Highlight gaps, assign fixes, and track closure. 6. Retest & Improve – Controls evolve as processes and threats change. 3️⃣ Real-World Example Imagine a monthly vendor payment review meant to prevent duplicate payments. Testing uncovers that the reviewer only checks high-value invoices, leaving small duplicates undetected. Insight gained? Adjust the review scope and automate a report for all invoices. 4️⃣ Tips for Effective Testing • Risk-Based Prioritization: Focus on controls guarding material risks first. • Cross-Functional Teams: Auditors, process owners, and IT build a fuller picture. • Continuous Testing: Embed into workflows—don’t wait for year-end audits. Remember: good controls are useless if unproven. Test them early, test them often, and turn risk management into actionable evidence. 🔖 #ControlTesting #InternalControls #RiskManagement #Audit #GRC #Compliance #OperationalRisk #ProcessImprovement #Governance #Assurance #ISO31000 #SOX

✨ While everyone is talking about the GCP R3 revision and its new annexes, the World Medical Association quietly made a major decision in October: The Declaration of Helsinki was renewed and strengthened – exactly 60 years after its first publication, once again in Helsinki. 🌍 The new version of the Declaration emphasizes updated ethical standards essential to today’s clinical research landscape. Here are the key changes: 🔅 Transparency in Reporting Results: All clinical study results should now be made publicly accessible, regardless of whether they are positive or negative. This change strengthens public trust in science and ensures a complete data foundation for future research. 🔅 Enhanced Responsibility and Oversight: The role of independent ethics committees has been expanded. They are now required to provide more comprehensive pre-study reviews and ongoing oversight throughout a study’s duration, ensuring participants are better protected and ethical standards are consistently upheld. 🔅 Improved Informed Consent and Participant Protection: Clearer guidelines for participant information and consent now place additional focus on vulnerable populations. This ensures that all participants are fully informed and willingly involved in research. 💡 This update has become necessary as the clinical research landscape evolves with digital technologies and global interconnectivity. The Declaration responds to these changes and sets a modern standard that ensures ethical conduct in research. 🔗 You can read the full list of updates here: https://lnkd.in/ee74P39w #GCP #DeclarationOfHelsinki #Research #Ethics #Medicine #ClinicalTrials #Science

I feel privileged and proud to have shared in the development, drafting and launch of the Good Research Management Practice (GRMP) Standard – ARS 1024:2025, co-developed by the Science for Africa Foundation and the African Organisation for Standardisation - ARSO It was a proud moment to witness the culmination of 7 years of hard work and input from 150 experts from over 20 countries, defining what research ecosystem excellence looks like for us and for our contexts. What was most special was sharing this moment with my colleague Thato Tantsi. This global standard, developed for Africa by Africa, establishes a robust framework for strengthening governance, ethics, infrastructure, and compliance across the research lifecycle, a major step in positioning science as the pillar of Africa’s transformation. Allen Mukhwana (SFA Foundation) emphasized that “Modern research demands more than scientific expertise, it demands systems that ensure quality, trust, and impact.” The GRMP Standard provides institutions with tools to enhance transparency, accountability, and sustainability, strengthening the systems that funders can trust and that enable research to translate into societal impact. Some key messages that really struck me: “We don’t just fund research. We build the systems that make great research possible.” Tom Kariuki, CEO, Science for Africa Foundation “Good Research Management is good governance. Good governance is good research. And good research builds nations.” — Prof. Shaukat Abdulrazak, Principal Secretary, State Department of Science, Research and Innovation, Kenya “For years, due diligence frameworks were imported from the Global North. This standard is catalytic; it aligns assurance and accountability with African realities.” Yolisa Nalule, Research Ecosystems Lead, Wellcome As Jordan Kyongo, PhD (FCDO) reminded us, funders seek trust and value for money. This standard ensures both. Let’s continue building the strong, credible, and responsive research ecosystems that Africa needs and deserves; and let's shape a continental system of Science, Technology and Innovation. Mmakgabo Maheya Allen Mukhwana Vincent Nkundimana Research at Nelson Mandela University Mandela Institute for Sustainable Futures (MISF) Nelson Mandela University 🔗 Access the GRMP Standard here: https://bit.ly/4n5vItb #ResearchManagement #ScienceForAfrica #ARSO #GRMP #ResearchExcellence #AfricaRising #ScienceForDevelopment #GoodGovernance #SFAFoundation

Institutional Ethics Committee (IEC) vs. Institutional Review Board (IRB) Pick up a clinical paper and you will see that some authors talk about the study getting approval from the IEC while others mention the IRB. Why so? While both aim to ensure ethical and responsible research, they focus on slightly different aspects. IEC is all about ensuring that research meets the highest ethical standards, focusing on the moral integrity of the study. They’re the ones asking, “Is this fair? Is this just?" Their goal is to protect participants' rights and ensure that clinical research is socially responsible. IRB is more like a legal watchdog that is concerned with the scientific and regulatory aspects, ensuring the study is methodologically sound, compliant with regulations, and minimizes participant risk. Think of them as the research’s compliance and legal experts. The real twist? The terminology is also geographic. IEC is commonly used in Europe, Asia, and parts of Africa, while IRB is the standard in North America, especially in the U.S. and Canada. Despite the different names, both have the same mission: to safeguard research participants and ensure studies are conducted ethically and responsibly. #ResearchEthics #Compliance #IRB #IEC #ResearchIntegrity #Science #ScientificCommunications #ClinicalAffairs #ClinicalResearch #EthicsCommittee

Dear IT Auditors, Testing change management for production systems Production incidents rarely start with a system failure. They start with an uncontrolled change. Your audit should reveal to leaders where discipline breaks down and risk enters the environment. You focus on execution, not policy language. You test how changes move from request to deployment. You look for proof. You look for accountability. 📌 Start with the change inventory You obtain a complete list of production changes for the audit period. You include emergency, standard, and normal changes. You confirm the list matches deployment logs and system activity. You flag gaps early. 📌 Validate approvals You test if approvals occurred before implementation. You confirm approvers had the right authority. You review timestamps. You identify rubber-stamp behavior. You highlight changes approved after deployment. 📌 Test segregation of duties You verify that developers do not approve their own changes. You confirm production access aligns with role expectations. You focus on high-risk systems like financial platforms and customer data stores. You show where one person controls the entire process. 📌 Review testing evidence You check if changes passed testing before production release. You review test results and environments used. You confirm testing reflects real production conditions. You flag missing or reused test artifacts. 📌 Analyze emergency changes You isolate emergency changes. You confirm justification and approval timing. You check if teams completed the post-implementation review. You identify emergency processes used as shortcuts. 📌 Inspect deployment methods You review how changes enter production. You compare manual releases with automated pipelines. You verify logging and traceability. You flag deployments with no audit trail. 📌 Validate backout and recovery plans You check if rollback steps exist. You confirm that teams tested them. You identify changes deployed without recovery options. You show leaders where outages become likely. 📌 Close with risk-focused reporting You group findings by impact. You link control gaps to downtime, data exposure, or compliance failure. You give leadership clear actions and ownership. #ITAudit #ChangeManagement #InternalAudit #CybersecurityAudit #DevOpsRisk #GRC #CloudAudit #RiskManagement #ITGovernance #AuditLeadership #ProductionSystems #CyberVerge