200+ Business & Legal Terms Defined

Formal recognition by an authoritative body that an organisation is competent, consistent, and impartial in carrying out specific certification or testing tasks.

A set of laws, regulations, and procedures requiring financial institutions to detect, prevent, and report suspected money laundering activities.

The normative reference in ISO 27001 listing 93 information security controls across four themes that organisations can implement to manage security risks.

The yearly meeting of a company's shareholders to review financial performance, elect directors, and vote on key resolutions.

A defined set of rules and protocols allowing different software applications to communicate, share data, and integrate with each other.

A prolonged, targeted cyberattack where a sophisticated actor gains unauthorised access to a network and remains undetected for an extended period to steal data or cause damage.

A set of restrictions enforced by Arab League members restricting trade and business relations with Israel and with companies that conduct business there.

A private dispute resolution process where a neutral arbitrator makes a binding decision, offering a faster and more confidential alternative to court litigation.

The constitutional document of a company setting out its internal rules, governance structure, and procedures.

A documented inventory of all information assets within an organisation's ISMS scope, including their owners, classification, and associated risks.

The practice of managing risks arising from mismatches between assets and liabilities on a bank's balance sheet, particularly interest rate and liquidity risk.

A systematic, independent, and documented examination to determine whether activities and results comply with planned arrangements and standards.

The official body representing commercial interests in Baghdad; endorsement from the Chamber is a mandatory step in foreign branch activation in Iraq.

The international regulatory framework setting standards for bank capital adequacy ratios, liquidity requirements, and stress testing to improve banking sector resilience.

A documented strategy defining how an organisation will maintain critical operations and recover key functions during and after a significant disruptive event.

Comparing a company's performance metrics against industry standards or best-in-class competitors to identify improvement opportunities.

The true owner of an asset or company, even when legal title is held by a nominee — subject to increasing global transparency regulations.

Extremely large and complex datasets that require advanced processing tools and techniques to store, manage, and extract actionable business insights.

A distributed, tamper-resistant digital ledger recording transactions across multiple computers simultaneously, ensuring transparency, security, and immutability.

A formal decision made by a company's board of directors, documented in writing and signed by the directors present.

A violation of any term of a legally binding agreement, giving the aggrieved party the right to seek damages or specific performance.

The level of sales at which total revenues exactly equal total costs, resulting in neither profit nor loss — a key metric for pricing and planning.

The difference between a budgeted financial amount and the actual amount spent or earned, used to monitor financial performance and control costs.

A process identifying critical business functions, the impact of their disruption, and the resources required to restore operations within acceptable timeframes.

A strategic template visualising a company's value proposition, customer segments, revenue streams, and key resources on a single page.

A measure of a bank's capital relative to its risk-weighted assets, used by regulators to assess financial stability and prevent insolvency.

Funds used by a company to acquire, upgrade, or maintain long-term physical assets such as buildings, equipment, or technology.

The specific mix of debt and equity financing used by a company to fund its assets, operations, and growth — affecting risk, cost of capital, and returns.

The net amount of cash moving in and out of a business over a period; a key indicator of liquidity and financial health.

Iraq's central monetary authority responsible for monetary policy, banking sector regulation, currency management, and oversight of the foreign currency auction window.

An accredited third-party organisation authorised to audit companies against ISO standards and issue certifications upon successful completion.

Regulatory measures requiring financial institutions to identify, freeze, and report transactions suspected of financing terrorist activities.

A contractual provision specifying which country's or jurisdiction's laws will govern the interpretation and enforcement of the agreement.

The on-demand delivery of computing resources — servers, storage, databases, software — over the internet on a scalable, pay-as-you-go basis.

The Iraqi regulatory body overseeing telecommunications, internet service, and media licensing — including the .iq domain registry and frequency allocation.

An independent party authorised to act on behalf of a foreign company to sell products or services in a specific market, typically for a commission.

The primary Iraqi legislation governing the formation, operation, and dissolution of companies, including the mandatory 51% Iraqi national ownership rule for LLCs.

A condition giving a company an edge over rivals, such as lower costs, superior quality, proprietary technology, or brand strength.

Adherence to laws, regulations, standards, contractual obligations, and internal policies applicable to an organisation and its operations.

A senior employee responsible for ensuring the organisation adheres to all applicable laws, regulations, internal policies, and industry standards.

Interest calculated on both the initial principal and accumulated interest from previous periods — causing debt or savings to grow at an accelerating rate.

A situation where a person's personal interests could improperly influence their professional judgment or actions on behalf of an employer or client.

An ISO requirement to understand the internal and external factors — including stakeholder needs — that are relevant to the purpose and strategic direction of the management system.

An ongoing, recurring effort to enhance products, services, or processes — a core principle embedded in all ISO management system standards.

The system of rules, practices, and processes by which a company is directed and controlled, balancing the interests of all stakeholders.

The legal separation between a company and its shareholders that limits personal liability for corporate debts and obligations.

Steps taken to eliminate the root cause of a detected nonconformity or undesirable situation to prevent its recurrence.

A relationship where one bank provides services (payments, clearing, trade finance) to another bank, typically in a different country or currency zone.

Central Organisation for Standardisation and Quality Control; the Iraqi body mandating product certification and pre-shipment inspection for all imported goods.

The minimum required return a company needs to justify a capital investment, blending the costs of debt and equity proportionally (WACC).

The risk that a borrower or counterparty will default on their financial obligations, resulting in loss for the lender or creditor.

The structured process of preparing for, responding to, and recovering from significant unexpected events that threaten an organisation's operations or reputation.

Software and strategies managing a company's interactions with current and potential customers to improve relationships, retention, and sales.

The practice of protecting computer systems, networks, programmes, and data from digital attacks, unauthorised access, damage, and disruption.

A centralised repository storing large volumes of structured and unstructured data in its native raw format, ready for analysis and machine learning.

A leverage ratio comparing a company's total debt to total shareholders' equity, indicating how much the company is financed by debt versus investor funds.

The systematic allocation of the cost of a tangible asset over its expected useful life, reducing taxable income and reflecting asset consumption.

A set of cultural practices and tools combining software development and IT operations to shorten development cycles and deliver higher-quality software faster.

The strategic integration of digital technology into all areas of a business, fundamentally changing how it operates and delivers value to customers.

A portion of a company's earnings distributed to shareholders, typically as cash or additional shares, at the discretion of the board.

An informal social gathering — traditionally Iraqi — used for relationship-building, networking, and quietly conducting business discussions outside formal settings.

A comprehensive investigation of a business, individual, or asset before entering into a transaction, investment, or partnership.

A formal document summarising findings from a comprehensive investigation into a business, individual, or asset prior to a transaction.

Earnings Before Interest, Taxes, Depreciation, and Amortisation — a proxy for operational cash profitability widely used in business valuation.

Cost advantages gained by increasing production volume, spreading fixed costs over more units and reducing average per-unit costs.

The process of converting data into a coded, unreadable format using cryptographic algorithms, ensuring only authorised parties can access the information.

The legal form chosen for a business, such as LLC, branch office, partnership, or sole trader — each with different liability, tax, and governance implications.

A contract type where a single contractor is responsible for all phases of a project — design, procurement, and construction — delivering a complete facility.

The value of ownership interest in a company, representing shareholders' residual interest after all liabilities have been deducted from assets.

Integrated software managing and automating core business processes including finance, human resources, supply chain, procurement, and manufacturing.

A financial arrangement where a neutral third party holds funds or assets on behalf of two parties until specified contractual conditions are met.

A holistic framework aligning security strategies, investments, and decisions with overall business risk management objectives and corporate governance.

Specialised security services provided to high-profile individuals including threat assessment, advance route planning, armoured transport, and close protection teams.

A planned approach for liquidating a stake in a business investment, such as through sale, IPO, merger, or management buyout.

The global intergovernmental body setting international standards for anti-money laundering and counter-terrorist financing measures.

A legal obligation requiring one party to act solely in the best interests of another, such as directors acting for shareholders or trustees for beneficiaries.

Building a mathematical representation of a company's financial performance, used for forecasting, valuation, investment decisions, and scenario planning.

Financial technology — the use of innovative software, algorithms, and platforms to deliver, improve, or disrupt traditional financial services.

A contract clause excusing one or both parties from performance obligations when extraordinary events beyond their control occur, such as war, pandemic, or natural disaster.

The conversion of one currency into another; also refers to the global decentralised market for trading currencies, the world's largest financial market.

An assessment comparing an organisation's current state against the requirements of a standard or target state to identify areas needing improvement.

Iraq's federal tax authority responsible for assessing, collecting, and auditing corporate income tax, payroll taxes, and withholding tax obligations.

The legal system that will interpret and enforce a contract in the event of a dispute — typically specified in an explicit contractual clause.

The heavily fortified International Zone in central Baghdad housing embassies, government ministries, and major international corporate offices.

Revenue minus cost of goods sold, expressed as a percentage of revenue. A key measure of production and pricing efficiency.

Practical training preparing personnel to operate safely in high-risk, conflict-affected, or austere environments — covering first aid, checkpoint procedures, and security awareness.

An investment or financial strategy used to offset the risk of adverse price movements in an asset, currency, or interest rate.

Assets easily and quickly convertible to cash without significant loss of value that banks must hold under Basel III's Liquidity Coverage Ratio requirements.

A dedicated physical device providing secure cryptographic key management, encryption, and decryption for sensitive financial and data transactions.

The collective knowledge, skills, and experience possessed by employees that contribute to organisational productivity and performance.

A contractual obligation by one party to compensate another for specific losses, damages, or liabilities incurred as a result of defined events.

A court order requiring a party to immediately do, or refrain from doing, a specific act — often sought as emergency relief in IP or contract disputes.

Creations of the mind — inventions, designs, brand names, and artistic works — protected by law through patents, trademarks, copyrights, and trade secrets.

The discount rate at which the net present value of all cash flows from an investment equals zero — used to evaluate and rank capital projects.

Iraq's federal investment law offering approved projects up to 10 years of corporate tax exemption, customs-free equipment imports, and land-use rights.

The interconnected network of physical devices — sensors, machines, vehicles — embedded with software to collect and exchange data over the internet.

The official currency of the Republic of Iraq, issued and managed by the Central Bank of Iraq. Pegged informally to the US Dollar.

A systematic framework of policies, procedures, and controls for managing sensitive company information and minimising risk — the core of ISO 27001.

The global, independent body developing and publishing international standards covering virtually every industry and business function.

The international standard for Environmental Management Systems, helping organisations systematically manage and reduce their environmental impact.

The international standard for Business Continuity Management Systems, enabling organisations to prepare for, respond to, and recover from disruptions.

The international standard for Business Continuity Management Systems, providing a framework for organisations to prepare for and recover from disruptive incidents.

The internationally recognised standard for Information Security Management Systems (ISMS), covering cybersecurity, data protection, and operational risk.

The international standard for Occupational Health and Safety Management Systems, replacing OHSAS 18001 and focusing on worker health, safety, and wellbeing.

The world's most widely adopted quality management standard, focused on customer satisfaction, consistent process performance, and continual improvement.

A business arrangement where two or more independent parties pool resources for a specific project while maintaining separate legal identities.

The legal authority of a court or governing body to hear and decide a case, defined by geographic territory, subject matter, or monetary value.

Specialist insurance coverage and response services protecting individuals and organisations against kidnapping, extortion, and wrongful detention incidents.

A measurable value demonstrating how effectively an organisation is achieving its key business objectives.

The semi-autonomous northern region of Iraq governed by its own parliament and investment laws, allowing 100% foreign ownership and offering tax incentives.

The mandatory process of verifying the identity and assessing the risk profile of clients to prevent fraud, corruption, and money laundering.

A Basel III requirement that banks hold sufficient high-quality liquid assets to survive a significant 30-day financial stress scenario.

A bank document guaranteeing payment to a seller on behalf of the buyer, provided the seller meets the conditions and presents the required documents.

A document expressing one party's preliminary commitment to do business with another, outlining key terms before a formal contract is signed.

A legal obligation or responsibility to compensate another party for harm, loss, or damage caused by one's actions, negligence, or breach of duty.

A business structure providing limited liability protection to its owners while allowing flexible management and, in many jurisdictions, pass-through taxation.

A predetermined sum specified in a contract as fair compensation for a specific type of breach, agreed in advance to avoid complex damage calculations.

A contract structure where the EPC contractor delivers a complete, ready-to-operate facility for a fixed price, transferring execution risk to the contractor.

A branch of artificial intelligence enabling systems to learn from data and improve their performance over time without being explicitly programmed.

A periodic evaluation by senior management of the organisation's management system performance, suitability, and alignment with strategic objectives.

The amount added to the cost price of goods or services to cover overhead and profit, expressed as a percentage of cost (different from margin).

A growth strategy seeking to increase market share for existing products in existing markets through competitive pricing, promotions, or improved distribution.

Medical evacuation — the process of transporting injured or critically ill personnel from a remote, hostile, or underserved location to appropriate medical facilities.

A non-binding dispute resolution process where a neutral mediator facilitates communication between parties to help them reach a voluntary settlement.

A non-binding agreement outlining the broad terms of a proposed arrangement between parties, expressing mutual intent before a formal contract.

Corporate transactions involving the consolidation of companies through purchase, merger, or takeover to achieve strategic growth or synergies.

The Iraqi ministry responsible for labour regulations, foreign work permit issuance, labour localisation ratio enforcement, and social security administration.

The Iraqi federal ministry governing the oil and gas sector, responsible for contractor pre-qualification, service contracts, and upstream oil development policy.

A shareholder holding less than 50% of a company's voting shares, typically with limited influence over major corporate decisions.

An Iraqi expeditor — a specialist professional who navigates government ministries on behalf of companies, physically walking documents through bureaucratic processes.

The difference between the present value of cash inflows and outflows over a project's life — a positive NPV indicates value creation.

The 1958 international treaty enabling the recognition and enforcement of foreign arbitral awards across 170+ signatory countries, including Iraq (ratified 2021).

The Iraqi body responsible for approving and licensing investment projects under Investment Law No. 13, and issuing investment licences and associated incentives.

A person who holds shares on behalf of the true beneficial owner, often used in jurisdictions with foreign ownership restrictions.

A contractual restriction preventing a party from working for competitors or starting a competing business within a defined geography and time period.

A legally binding contract requiring parties to keep specified information confidential — available as mutual (both parties) or one-way (one party discloses).

A loan where the borrower has not made scheduled interest or principal payments for 90 or more days, indicating credit quality deterioration.

A failure to meet a requirement — whether of an ISO standard, legal obligation, or internal procedure — requiring documented corrective action.

A Basel III metric requiring banks to maintain stable, long-term funding relative to their asset base over a one-year horizon.

Ongoing activities and contracts required to keep infrastructure, equipment, and systems running effectively after initial installation or construction.

Data, records, or statements — quantitative or qualitative — that can be verified and are based on observation, measurement, or testing during audits.

Technology that converts images of printed or handwritten text — such as scanned documents — into machine-readable digital text for processing and search.

A goal-setting framework linking ambitious qualitative objectives to measurable quantitative key results, used to align teams and track progress.

Day-to-day expenses incurred in running a business, such as salaries, rent, utilities, and supplies — expensed in the period incurred.

The risk of financial loss or harm resulting from inadequate or failed internal processes, people, systems, or from external events.

A legal right granting the inventor exclusive use of an invention for up to 20 years, preventing others from making, using, or selling it without permission.

Plan-Do-Check-Act; the iterative four-stage management methodology underlying all ISO management system standards for achieving continual improvement.

A fixed place of business through which a foreign company conducts operations, triggering local corporate tax obligations in that jurisdiction.

A cyberattack using deceptive emails, messages, or websites to trick individuals into revealing sensitive information such as passwords or financial data.

A brief presentation providing an overview of a business plan, product, and financial projections — typically used when seeking investment.

State-sanctioned Iraqi paramilitary forces with significant political influence and operational presence across the country, particularly outside Baghdad.

A legal document granting one person the authority to act on behalf of another in specified legal, financial, or business matters.

Proactive steps taken to eliminate the cause of a potential nonconformity or other undesirable situation before it occurs.

The percentage of revenue remaining after all costs are deducted; a key measure of business profitability at gross, operating, or net levels.

A cybersecurity exercise where offensive Red Team attackers and defensive Blue Team defenders collaborate in real time to identify vulnerabilities and improve security controls.

Malicious software that encrypts a victim's files or systems and demands payment (ransom) in exchange for the decryption key.

The process of adhering to laws, regulations, guidelines, and specifications relevant to a business, its industry, and the jurisdictions in which it operates.

The process of converting foreign-currency earnings back to the home country's currency and transferring the funds back — subject to central bank regulations.

The potential for negative publicity, association with scandal, or adverse events to damage an organisation's brand, stakeholder trust, and commercial relationships.

A performance metric calculated as net profit divided by total investment cost, expressed as a percentage to evaluate efficiency.

The process of identifying, analysing, and evaluating risks to an organisation to determine appropriate treatment measures and prioritise resources.

The person or function accountable for managing a specific risk within an organisation's risk register and ensuring treatment actions are implemented.

The process of selecting and implementing measures to modify risk — including options to avoid, reduce, transfer, or accept the risk.

A structured method for identifying the fundamental underlying reason for a problem or nonconformity to ensure effective corrective action.

A software distribution model where applications are hosted in the cloud by a provider and accessed by users via subscription over the internet.

A leading global enterprise software platform widely used for ERP, financial management, and integrated business process management across large organisations.

The capacity of a business or system to handle growth — more customers, transactions, or volume — without proportional increases in cost.

The defined boundaries and applicability of a management system — specifying what products, services, sites, and functions are included in certification.

The total value of shares a company has issued to shareholders in exchange for capital, forming the equity base of the business.

A private contract between a company's shareholders governing their rights, obligations, dividend policy, and relationship with each other.

A contract defining the expected level of service between a provider and client, specifying metrics such as uptime, response times, and resolution targets.

A centralised facility housing a team of security experts who continuously monitor, detect, analyse, and respond to cybersecurity threats and incidents.

The legal doctrine protecting a state or government from being sued in foreign courts without its explicit consent.

A subsidiary created for a specific, limited purpose — commonly used to isolate financial risk, hold assets, or structure project finance.

A preliminary ISO certification audit reviewing documentation readiness, scope definition, and organisational understanding before the main on-site audit.

The main on-site ISO certification audit verifying that the management system is fully implemented, operational, and achieving its intended outcomes.

Any individual, group, or organisation with an interest in or affected by a company's decisions, actions, and performance.

A mandatory ISO 27001 document listing all Annex A controls and justifying each control's inclusion or exclusion from the ISMS.

The maximum time period within which legal proceedings must be initiated after an event — after which claims become time-barred.

Exposure to disruptions, failures, or malicious interference within a company's supply chain that could affect the availability, quality, or cost of goods and services.

An annual audit conducted between three-year recertification cycles to verify that the management system continues to meet ISO requirements.

Society for Worldwide Interbank Financial Telecommunication; the global secure messaging network used by financial institutions to transmit payment instructions internationally.

A strategic framework assessing internal Strengths and Weaknesses alongside external Opportunities and Threats facing an organisation.

A contract clause allowing one or both parties to end the agreement without cause, typically upon giving a specified period of written notice.

An independent audit conducted by an external accredited body to provide objective verification of compliance with standards or regulatory requirements.

A registered symbol, word, phrase, or design legally distinguishing a company's products or services from competitors' in the marketplace.

The pricing of transactions (goods, services, IP licences) between related entities within a multinational group — a major focus of international tax authorities.

The management of a company's liquidity, cash flow, investments, and financial risk to optimise returns and ensure obligations are met.

The practice of detecting and neutralising unauthorised electronic surveillance devices (listening bugs, hidden cameras) in offices, meeting rooms, and vehicles.

A structured assessment identifying threats to a facility or operation, evaluating vulnerabilities those threats exploit, and determining the resulting risk level.

A security process requiring two distinct forms of identity verification — typically a password plus a code sent to a device — before granting system access.

Iraq's main deep-water seaport in the south, serving as the primary gateway for commercial imports and a key logistics hub for the country.

The analytical process of determining the current or projected worth of a company, asset, or investment using methods such as DCF, comparables, or asset-based approaches.

The full set of activities a company performs to deliver a product or service — from raw materials procurement to after-sales support.

Financing provided to early-stage, high-growth potential companies in exchange for equity, typically by specialised investment funds.

A contractual promise that certain facts are true, or that goods and services will meet a specific standard of quality for a defined period.

An Arabic concept describing personal connections, influence, and intermediary power — essential for navigating business, government approvals, and contracts in Iraq and the wider MENA region.

A tax deducted at source from payments made to foreign entities — including dividends, royalties, and interest — and remitted directly to the tax authority.

The difference between current assets and current liabilities; the capital available for day-to-day operations and a key indicator of short-term health.

A cybersecurity architecture requiring continuous verification of every user, device, and connection — regardless of location — before granting access to any resource.