S1.05 - IS_governance_origin
S1.05 ? IS governance origin
flowchart LR
A[IS governance tradition
decision rights, accountability,
controls, socio-technical oversight] --> B[RAIDT - run-level evidence framework]
H[GenAI operational pressure
need for practical governance] --> B
B --> C[[IS governance origin
governance-first framing for GenAI runs]]
K[Practical fields
user role, task, prompt,
model/version, approvals,
logs, exceptions] --> C
C --> D[Evidence pack]
C --> E[RAIDT score profile]
C --> F[Reviewability and contestability]
D --> G[Reviewer reconstruction]
E --> I[Governance readiness]
F --> J[Organisational learning and policy alignment]← Star S1 - Origins, Background and History
Star context: Explains why RAIDT emerges not only from Responsible AI debate, but from the Information Systems governance tradition of decision rights, accountability, control, oversight and socio-technical coordination in organisational work.
Academic picture
Definition / background
IS governance origin refers to the fact that RAIDT is rooted in the Information Systems governance tradition rather than in technical optimisation alone. In that tradition, the central questions are who has decision rights, how accountability is allocated, what controls apply, how oversight is exercised, and how technical systems remain aligned with organisational purpose. RAIDT inherits those questions and applies them to generative AI use in organisational settings.
This origin matters because the governance problem created by GenAI is not only whether a model can produce an output. The deeper issue is whether a specific use of that model happened under the right authority, with the right configuration, for an appropriate purpose, with reviewable evidence, and with a defensible human accountability structure. IS governance provides the conceptual language for that broader problem.
RAIDT therefore belongs inside IS governance because it treats the run as the unit at which organisational control becomes visible. The run-level evidence pack documents the socio-technical circumstances of use, while the five-pillar score profile translates those circumstances into a structured governance view across Responsibility, Auditability, Interpretability, Dependability and Traceability. This is different from generic AI governance language that often remains at policy level or model level without showing how a particular organisational use can be reconstructed and reviewed.
Why this concept matters
Without an IS governance origin, RAIDT could easily be misunderstood as a technical benchmarking tool, a compliance checklist, or a Responsible AI statement with added metadata. The concept matters because it clarifies that RAIDT is designed to govern the use of GenAI inside organisational processes. It frames GenAI outputs as part of decision structures, review pathways, accountability chains and control environments.
This helps avoid a common confusion in AI governance: the assumption that better governance is mainly a matter of better models or more principles. Organisations also need a way to show who used what, for which task, under which conditions, with what review path, and how that use can later be challenged or improved. If this governance lineage is missing, organisations risk adopting GenAI in ways that are technically impressive but operationally opaque, weakly controlled and difficult to defend.
Key idea: IS governance origin matters because it places RAIDT inside the tradition of accountable organisational control, then makes that control operational through run-level evidence.
What this item explains
- Why RAIDT should be understood as a governance framework for organisational GenAI use rather than only a technical AI assessment tool.
- How decision rights, accountability and control structures attach to a specific GenAI run.
- Why evidence for governance must include workflow context, human roles, approvals and exceptions, not only prompts and outputs.
- How run-level documentation supports reviewability and contestability when a GenAI-assisted action is questioned.
- Why the five RAIDT pillars express governance quality in an operational form rather than as abstract principles.
- How IS governance origin links RAIDT to audit readiness and organisational learning over time.
Practical example / likely audience question
Audience question
Is RAIDT an IS project or a technical AI project?
Answer
The concern behind this question is that governance frameworks are often treated as either technical or managerial, as if they must belong to one side only. RAIDT is primarily an IS governance project because its central object is the governed use of a system inside organisational work. Technical evidence remains important, but it is used in support of governance judgement rather than as a substitute for it.
A practical example is a university using GenAI to draft first-pass student-support case summaries. The key issue is not only whether the model can produce coherent text. The real governance questions are who may use the tool, what data are permitted, what template and model version were used, what human review is required, where the output is stored, and how a disputed summary can later be reconstructed. RAIDT handles this better than a generic AI governance approach because it ties those questions to a specific run, a specific evidence pack and a specific score profile, rather than leaving them as high-level policy claims.
Practical example in RAIDT terms
A retail bank uses GenAI to produce first-draft summaries for SME loan applications. The run-level issue is not simply whether the model can summarise documents accurately. The issue is whether one particular run used approved inputs, an authorised prompt template, the correct model and version, a named analyst, a defined reviewer, and a clear boundary that the lending decision remains human.
The evidence needed would include the business purpose of the run, the identity and role of the user, the model and version, prompt template identifier, data classification, source documents used, approval checkpoint, reviewer sign-off, exception log and retained output. The most affected RAIDT pillars are Responsibility, because ownership and review must be explicit; Auditability, because the run must be reconstructable; Interpretability, because the rationale for using the output must be understandable; Dependability, because the workflow must operate consistently; and Traceability, because the output must be linked back to inputs and decision records.
IS governance origin improves governance readiness here because it positions the run inside a controlled organisational process. The GenAI output is not treated as a free-floating technical artefact. It is treated as an event inside a lending workflow that must be authorised, reviewable and contestable.
Detailed link to RAIDT
IS governance origin links to RAIDT in four ways.
First, it links to RAIDT's core idea by defining GenAI governance as an organisational control problem, not merely a model-performance problem.
Second, it links to the run because a run is the point at which decision rights, user roles, configuration choices, workflow context and review obligations become concrete and inspectable.
Third, it links to the evidence pack and score profile because those outputs make governance claims demonstrable. The evidence pack records the relevant socio-technical facts of use, and the score profile translates them into a structured judgement across the five pillars.
Fourth, it links to reviewability, contestability, audit readiness and organisational learning because a governance framework becomes credible only when reviewers can reconstruct what happened, question it, compare cases and improve controls over time.
IS governance origin -> Run-level evidence -> Evidence pack -> RAIDT score profile -> Governance readiness
This chain shows why the item matters. IS governance origin gives RAIDT its framing, run-level evidence gives it granularity, the evidence pack gives it documentary substance, the score profile gives it evaluative structure, and governance readiness gives it organisational purpose.
Link to the five RAIDT pillars
Responsibility
IS governance origin strongly affects Responsibility because it starts from the allocation of decision rights, ownership and answerability in organisational work. A run should always sit within a named authority structure rather than an informal pattern of tool use.
Example evidence / implication:
- Named run owner, user role and reviewer role are recorded.
- Approval boundaries show what the GenAI output may inform and what remains a human decision.
Auditability
This item strongly affects Auditability because IS governance assumes that actions taken through information systems should be reviewable after the event. RAIDT operationalises that assumption by requiring enough evidence to reconstruct the run.
Example evidence / implication:
- Run logs, prompt template identifiers and output retention support reviewer reconstruction.
- Exception handling and escalation records show how unusual or risky runs were managed.
Interpretability
IS governance origin affects Interpretability by insisting that system-supported actions must be understandable to organisational actors, not only to technical specialists. In RAIDT, the meaning of a run must be intelligible in relation to business purpose and decision context.
Example evidence / implication:
- Purpose statements explain why the run was initiated and how the output was intended to be used.
- Reviewer notes explain how the output was interpreted, accepted, amended or rejected.
Dependability
This item affects Dependability because governance is undermined if similar tasks are carried out through unstable, unapproved or inconsistent configurations. IS governance pushes RAIDT towards repeatable and controlled use.
Example evidence / implication:
- Approved templates, model versions and workflow checkpoints reduce arbitrary variation.
- Control evidence shows whether the run followed the expected operating process.
Traceability
IS governance origin also strongly affects Traceability because accountability depends on linking outputs back to inputs, actors, systems and decisions. Without traceability, responsibility and auditability remain weak.
Example evidence / implication:
- Input sources, timestamps, model/version data and storage location are connected to the run record.
- Decision records show how the GenAI-assisted output related to downstream action.
This item affects all five pillars, but it is especially foundational for Responsibility, Auditability and Traceability.
Why this item is more than a generic concept
In general AI governance discussion, IS governance origin may appear as background lineage or a literature positioning move. In RAIDT, it has a more operational meaning. It means that governance is anchored in specific organisational uses, specific actors, specific controls and specific evidence requirements.
The RAIDT meaning is more practical because it does not stop at saying that AI should be accountable. It asks what evidence would allow a reviewer to see accountability in a particular run. It does not stop at saying that AI should be auditable. It asks what records make the run reconstructable. That is why IS governance origin is more than a generic concept here: it becomes a design principle for run-level evidence.
Common misunderstanding
Misunderstanding
If RAIDT comes from IS governance, it is just another IT governance checklist.
Correction
That is too narrow. Traditional checklist approaches often focus on static controls around systems, policies or assets. RAIDT uses IS governance logic for dynamic GenAI use events, where the relevant unit can change by task, prompt template, model version, user role, data sensitivity or review path.
A practical example is a communications team using the same model for both internal drafting and public-facing content. A static checklist may say that the model is approved. RAIDT asks whether each run used approved settings, appropriate inputs, the right review path and a reconstructable evidence trail. The IS governance origin therefore leads to finer operational control, not to a generic checklist.
Boundary and limitation
IS governance origin does not by itself prove that a GenAI system is fair, safe, lawful or technically robust. It provides a governance lens, not an automatic validation result. It also does not replace sector-specific regulation, model testing, cybersecurity assurance, records management, or expert human judgement.
Its value depends on disciplined evidence capture, role clarity and genuine integration into organisational workflows. If organisations treat the concept as a label without collecting run-level evidence, the governance benefit is weak. RAIDT handles this limitation by tying the governance lineage to evidence packs, scoring routines, reviewer reconstruction and continuous improvement rather than relying on abstract governance claims alone.
Implementation levels
Manual implementation
A researcher or small team can apply this concept manually by using a structured RAIDT template for each GenAI run. They can record the task, user role, purpose, model/version, prompt, data sensitivity, reviewer, outcome and any exception. Manual implementation is slower, but it already makes accountability visible.
Semi-automated implementation
A semi-automated implementation can use forms, metadata capture, document templates and review workflows to standardise evidence collection. Prompt template IDs, user roles, timestamps and reviewer decisions can be captured automatically while analysts still complete contextual fields. This reduces omission risk and supports more consistent scoring.
Fully automated implementation
A fully automated implementation would place RAIDT inside a platform, wrapper, orchestration layer or governance pipeline. The system would log configuration and context at run time, require mandatory fields, enforce approval rules, generate evidence packs, calculate score profiles, flag exceptions and support dashboards for governance oversight at scale.
Practical use in the RAIDT project
In Paper 08 Foundations, this item provides the conceptual justification for presenting RAIDT as an Information Systems governance framework for GenAI use rather than as a narrow model evaluation toolkit. In Paper 09 Empirical Validation, it helps define what evidence reviewers should expect when assessing whether a run was governed adequately. In Paper 10 Policy Pathways, it helps explain how high-level AI principles can be translated into operational routines, review checkpoints and evidence expectations.
The concept is also useful across sector playbooks, scoring rubrics, evidence-pack design and governance interventions because it clarifies why RAIDT needs ownership structures, review paths and retained records. For supervisor explanation, viva defence and journal positioning, it is especially valuable because it answers a recurring question directly: RAIDT is governance-first, but technically informed.
Key audience questions to prepare for
Q1. Why does RAIDT need an IS governance origin instead of standing only on Responsible AI?
Responsible AI provides important normative direction, but it often remains principle-oriented. IS governance origin helps RAIDT explain how those principles become operational through decision rights, controls, oversight routines and evidence at the level of actual organisational use.
Q2. Does this mean RAIDT is not a technical framework?
RAIDT uses technical evidence, but it does so in service of governance. Model/version details, prompts, logs and outputs matter because they support accountability, reconstruction and review rather than replacing organisational judgement.
Q3. How is this different from IT governance?
IT governance often focuses on broader portfolios, architectures, service management and control environments. RAIDT borrows that lineage but concentrates on the governed run of a GenAI system, where socio-technical context, evidence and contestability must be captured case by case.
Q4. Why is the run the right unit for applying IS governance logic?
Because the run is where configuration, context, user role, purpose and decision consequence come together. Governance is most defensible when it can be shown at the point where action actually occurred.
Q5. What organisational risk appears if this origin is ignored?
The main risk is that GenAI adoption becomes technically active but governance-poor. Organisations may have policies and approved tools, but still be unable to show who did what, under which conditions, with what review and how a contested case should be examined.
Suggested citation concepts to support this item
- information systems governance decision rights accountability
- IT governance socio-technical alignment organisational control
- AI governance operationalisation in organisational settings
- auditability and accountability in generative AI use
- socio-technical governance of enterprise AI adoption
- reviewability and contestability in AI-assisted decisions
- evidence-based governance for AI systems
- organisational oversight of AI-enabled work processes
Short explanation for presentation
IS governance origin explains why RAIDT should be read as a governance framework for organisational GenAI use, not just as a technical assessment method. The framework comes from the Information Systems tradition of decision rights, accountability, controls and socio-technical oversight. RAIDT takes that tradition and makes it operational at run level. A run becomes the point where governance can be seen, evidenced and reviewed: who used the system, for what task, under which configuration, with what data, and with what review path. That is why RAIDT produces evidence packs and score profiles rather than only principles. The value of the framework is that it converts broad governance expectations into reconstructable, contestable and auditable evidence about real GenAI use in organisational work.
One-line takeaway
IS governance origin is the reason RAIDT treats each GenAI run as a governed organisational event that must be evidenced, reviewed and made audit-ready.
Related items in origins, background and history
Anchored questions
- Audience question: Is RAIDT an IS project or a technical AI project? Answer: it is primarily an IS governance project supported by technical evidence fields.