The surface shows that consent risk is often a versioning and downstream reset defect, not just a capture problem.
Audit events become operational only when owners, policy versions, and suppression blockers are mapped into the same stream.
Revocation posture makes privacy and patient-trust risk visible before stale consent state propagates into outbound workflows.