S7.10 - IS_governance_theory
S7.10 ? IS governance theory
flowchart LR
A[Classical IS governance concerns
decision rights, control, accountability, coordination]
B[Traditional limitation
policy-level governance is too broad for situated GenAI use]
C[RAIDT
run-level evidence framework]
D[[IS governance theory
organisational logic for governing configured GenAI use]]
E[Governance move
evidence over assertion
reviewability, contestability, audit readiness]
F[Run-level evidence pack]
G[RAIDT five-pillar score profile]
H[Reviewer reconstruction and organisational learning]
I[Public services, healthcare, education, cybersecurity, enterprise productivity]
A --> C
B --> C
C --> D
D --> E
D --> F
D --> G
F --> H
G --> H
I --> D? Star S7 - Academic Theory and Design Logic
Star context: Positions RAIDT within Information Systems and organisational governance by showing how run-level evidence turns abstract governance principles into operational decision rights, controls, accountability, and reviewable digital work.
Academic picture
Definition / background
IS governance theory explains how organisations allocate decision rights, establish control arrangements, distribute accountability, and coordinate information-related activity so that digital systems support organisational objectives while remaining manageable and reviewable. In the Information Systems field, governance is not simply management, compliance, or technical administration. It concerns the formal and informal arrangements through which digital work is directed, monitored, justified, and corrected.
Within RAIDT, this theory matters because generative AI creates governance difficulty at the level of situated use. A policy may say that GenAI must be used responsibly, but that does not by itself show who authorised a given use, what configuration was applied, what evidence was retained, who reviewed the output, or how a questionable result can be challenged later. RAIDT extends IS governance theory by treating the run as the smallest meaningful unit at which these governance questions can be answered.
This distinguishes IS governance theory from adjacent ideas such as AI ethics principles, model risk management, or platform administration. Ethics principles state desirable values. Model governance often focuses on model development and deployment. Platform administration focuses on access and configuration. IS governance theory, as used in RAIDT, explains how organisational authority, accountability, and control are enacted around actual digital work. That is why it belongs inside RAIDT's conceptual architecture.
The relationship to RAIDT's outputs is direct. The run-level evidence pack records how governance operated in one use episode. The five-pillar score profile translates governance quality into structured assessment across Responsibility, Auditability, Interpretability, Dependability, and Traceability. Together, these outputs make IS governance visible in practice rather than leaving it at the level of policy aspiration.
Why this concept matters
IS governance theory gives RAIDT a publishable and defensible Information Systems grounding. It explains why the framework is not merely an AI checklist, an ethics overlay, or a documentation exercise. RAIDT addresses a governance gap: organisations increasingly rely on GenAI in everyday work, yet their governance mechanisms are usually specified at levels too broad to reconstruct what happened in a specific case.
Without this concept, organisations can confuse governance with generic principle statements, assume that technical access controls are enough, or treat GenAI use as too granular to govern meaningfully. The result is weak accountability, poor contestability, limited audit readiness, and little organisational learning when outputs are challenged. IS governance theory avoids that confusion by explaining why decision rights, review rights, evidence obligations, and accountability chains must be tied to the run.
For organisations using GenAI, this matters because governance failure often appears in the gap between approved policy and actual use. RAIDT closes that gap by operationalising governance at the point where work is performed. This moves organisations from principles to operational governance, where claims about responsible use can be examined against evidence.
Key idea: IS governance theory matters in RAIDT because it explains why responsible GenAI use must be governed through reviewable run-level evidence rather than through policy statements alone.
What this item explains
- Why the run is a legitimate governance unit for GenAI-enabled organisational work.
- How decision rights and accountability can be attached to specific configured uses rather than only to systems or teams in general.
- Why governance evidence must be produced at the point of use if later review, challenge, or audit is expected.
- How RAIDT connects organisational governance theory with practical outputs such as evidence packs and score profiles.
- Why GenAI governance in IS should include coordination among human actors, tools, prompts, data sources, review steps, and escalation paths.
- How governance quality can be assessed across the five RAIDT pillars without reducing governance to a purely technical control problem.
Practical example / likely audience question
Audience question
Why is RAIDT publishable in Information Systems rather than being just another AI governance framework or compliance checklist?
Answer
The concern behind the question is that many AI governance proposals sound normatively sensible but are not clearly anchored in an established disciplinary conversation. The direct answer is that RAIDT is publishable in Information Systems because it identifies a missing governance unit and a missing evidence object for digital work: the run and the run-level evidence pack. That contribution sits squarely within IS governance theory because it addresses decision rights, accountability, control, and coordination around actual system use.
A practical example makes this clearer. Suppose an organisation allows staff to use a GenAI assistant to draft client-facing reports. A generic AI governance approach may provide a policy, broad roles, and some platform restrictions. However, if a disputed report emerges, those controls may not reveal which prompt was used, whether sensitive material was included, who reviewed the output, or whether the model configuration matched policy. RAIDT handles that gap by treating each configured use as governable and evidentially reconstructable.
This is stronger than a generic governance approach because it does not stop at saying that oversight exists. It shows how oversight is instantiated in evidence. That is precisely why IS governance theory is the right lens: it allows RAIDT to explain not just what responsible use should look like, but how organisational governance becomes operational, reviewable, and contestable in practice.
Practical example in RAIDT terms
Consider a public-services setting in which a local authority uses a GenAI assistant to draft case summaries for housing-support applications. The use case appears routine, but the run-level issue is significant: each summary may shape staff interpretation of eligibility, urgency, and required follow-up. If a resident later challenges a decision, the authority must be able to reconstruct how the summary was produced and reviewed.
In RAIDT terms, the evidence needed for a single run would include the task definition, prompt or template used, model and version, source documents provided to the model, user identity or role, timing of the run, review steps, approval status, redaction handling, and any warnings or limitations attached to the output. The relevant pillars are especially Responsibility, Auditability, and Traceability, though Interpretability and Dependability also matter because staff must understand the basis of the summary and trust its stability.
IS governance theory improves governance readiness here by clarifying that the issue is not merely whether the authority has an AI policy. The issue is whether governance rights and controls can be shown in the specific case. RAIDT makes that possible by turning a single GenAI-assisted work episode into a reviewable governance object.
Detailed link to RAIDT
IS governance theory links to RAIDT in four ways.
First, it gives RAIDT a clear conceptual basis for treating governance as the allocation of rights, controls, accountability, and coordination around digital work.
Second, it justifies the run as the level at which those governance arrangements must be evidenced for GenAI use.
Third, it connects governance theory to RAIDT's practical outputs by showing why an evidence pack and score profile are necessary rather than optional documentation.
Fourth, it supports reviewability, contestability, audit readiness, and organisational learning by ensuring that governance claims can be tested against a specific use episode.
IS governance theory ? Run-level evidence ? Evidence pack ? RAIDT score profile ? Governance readiness
In this chain, the theory explains why evidence is required, the run provides the unit of observation, the evidence pack records what happened, the score profile assesses governance quality across the five pillars, and the resulting artefacts strengthen the organisation's ability to review, challenge, defend, and improve GenAI-enabled work.
Link to the five RAIDT pillars
Responsibility
IS governance theory strongly affects Responsibility because it asks who had the authority to initiate, configure, review, approve, and escalate a GenAI-supported task.
Example evidence / implication:
- Named user role, reviewer role, and approval pathway for the run.
- Clear account of who is answerable when the output is challenged or corrected.
Auditability
This concept is central to Auditability because governance is weak if a run cannot be reconstructed after the fact. Auditability requires that control claims are backed by retrievable records.
Example evidence / implication:
- Timestamped record of the run, configuration, source inputs, and review action.
- Evidence that governance rules were actually applied in the case under review.
Interpretability
IS governance theory affects Interpretability by requiring that actors can understand enough about the use episode to justify reliance, challenge outputs, and explain decisions made with GenAI assistance.
Example evidence / implication:
- Explanation of task purpose, prompt logic, and reviewer rationale.
- Documentation of limitations, caveats, or uncertainty communicated to users.
Dependability
The concept also affects Dependability because governance arrangements should reduce avoidable inconsistency, unmanaged risk, and fragile operational practice.
Example evidence / implication:
- Use of approved templates, workflows, or escalation rules for recurring runs.
- Record of failures, exceptions, or deviations that indicate whether the process is robust.
Traceability
IS governance theory strongly affects Traceability because organisational governance depends on being able to follow the path from authority and input to output, review, and action.
Example evidence / implication:
- Link from the run to its data sources, prompt template, model version, and reviewer decision.
- Ability to trace later corrections or disputes back to the original run record.
This item has its strongest effect on Responsibility, Auditability, and Traceability, but it also supports Interpretability and Dependability because governance quality depends on all five pillars working together.
Why this item is more than a generic concept
In general AI governance, IS governance may be treated as a broad organisational concern involving policies, committees, risk ownership, and high-level controls. In RAIDT, it becomes operational at the level of one configured use of a GenAI system. The question is not only whether the organisation has governance, but whether governance can be demonstrated for this run, this task, this user, this context, and this review process.
The RAIDT meaning is therefore more operational because it ties governance theory to run-level evidence. It asks what was authorised, what was configured, what was reviewed, what was retained, and what can be reconstructed later. That makes IS governance theory an active design logic for RAIDT rather than a generic background concept.
Common misunderstanding
Misunderstanding
IS governance theory is only about senior committees, IT strategy alignment, or enterprise-level policy, so it is too abstract to say anything useful about individual GenAI interactions.
Correction
That view is incomplete. Classical IS governance certainly includes strategic and structural questions, but RAIDT shows that governance must also be instantiated in the smallest unit where consequential digital work occurs. For example, if a GenAI system helps draft a safeguarding note in social care, governance is not adequately shown by pointing to a policy document alone. Governance must also be visible in who initiated the run, what information was used, who reviewed the draft, and how the case can be reconstructed later. RAIDT therefore applies IS governance theory at the level where organisational accountability is actually tested.
Boundary and limitation
IS governance theory does not by itself prove that a GenAI output is correct, fair, lawful, or safe. It explains how authority, control, and accountability should be organised, but it does not replace domain expertise, legal review, technical assurance, or empirical validation. A well-governed run can still produce a poor output if the source material is weak, the prompt is flawed, or the reviewer does not detect an error.
The concept also has limits when governance arrangements are informal, undocumented, or split across multiple platforms that do not produce coherent records. In those situations, RAIDT can identify governance weakness, but it cannot magically recover missing evidence. RAIDT handles this limitation by making absence itself visible: incomplete traceability, unclear responsibility, or weak review processes become assessable governance deficiencies rather than hidden assumptions.
Implementation levels
Manual implementation
A researcher or small team can apply this concept manually by defining run ownership, recording prompts and outputs, noting reviewer decisions, and keeping a structured checklist for what evidence must be retained for each GenAI use episode.
Semi-automated implementation
Metadata capture, standard templates, structured review forms, and evidence-pack generators can partially automate governance documentation while still relying on human review and sign-off for context-sensitive judgments.
Fully automated implementation
At scale, a platform wrapper, orchestration layer, governance dashboard, or logging pipeline can automatically capture run metadata, approved templates, model identifiers, review states, exception flags, and pillar scores, making governance theory operational across thousands of runs without relying on memory or ad hoc reporting.
Practical use in the RAIDT project
This item is especially useful in Paper 08 Foundations because it explains why RAIDT belongs in the Information Systems tradition rather than sitting outside it as a purely policy or ethics intervention. It also supports Paper 09 Empirical Validation by clarifying what should be observed and measured when governance quality is assessed in real settings. In Paper 10 Policy Pathways, it helps show how policy language can be translated into governable use episodes.
For sector playbooks and evidence-pack design, the item clarifies why RAIDT asks for concrete governance metadata rather than abstract organisational claims. For scoring rubrics, it helps justify why Responsibility, Auditability, and Traceability are not optional extras. For influence methods, supervisor explanation, viva defence, and journal positioning, this item helps articulate the central claim that RAIDT contributes a governable unit and evidence object for GenAI-enabled work.
Key audience questions to prepare for
Q1. Why is IS governance theory necessary if RAIDT already has five pillars?
The five pillars describe assessment dimensions, but IS governance theory explains why those dimensions matter organisationally. It provides the conceptual logic connecting authority, control, accountability, and coordination to the evidence RAIDT captures.
Q2. What is the specific theoretical contribution here?
The contribution is not a new claim that governance matters. It is the specification of the run as a governance unit and the evidence pack as a governance object through which IS governance becomes operational for GenAI-enabled work.
Q3. How is this different from IT governance or data governance?
It overlaps with both, but it is narrower and more situated in practice. RAIDT focuses on the governance of one configured GenAI use episode, where inputs, prompts, model behaviour, review steps, and organisational accountability meet.
Q4. Does this make governance too granular to be practical?
Only if governance is documented manually and inconsistently. RAIDT addresses this by supporting templates, metadata capture, and scalable evidence structures so that granularity becomes manageable rather than burdensome.
Q5. What happens if an organisation has policy but no run-level records?
Then it has asserted governance without evidencing governance. RAIDT would treat that as weak governance readiness because the organisation cannot adequately reconstruct, contest, or audit consequential GenAI use.
Suggested citation concepts to support this item
- Information Systems governance theory decision rights accountability coordination
- IT governance and organisational control in Information Systems research
- digital governance structures accountability reviewability information systems
- sociotechnical governance of generative AI in organisational work
- evidence-based AI governance organisational accountability auditability
- run-level governance of AI systems operational oversight
- contestability and reviewability in AI-assisted decision processes
- organisational traceability for AI-generated outputs
- design science research and Information Systems governance artefacts
- mid-range theory for AI governance in Information Systems
Short explanation for presentation
IS governance theory helps explain why RAIDT is an Information Systems contribution rather than simply an AI ethics tool. The core issue is that organisations increasingly use generative AI in everyday work, but their governance arrangements are often too general to reconstruct what happened in a specific case. RAIDT addresses that problem by treating the run as the unit of governance. For each configured use of a GenAI system, it asks who had decision rights, what controls applied, what evidence was retained, who reviewed the output, and whether the episode can be contested or audited later. That is important because governance becomes operational only when it is tied to evidence. RAIDT therefore turns abstract governance ideas into run-level evidence packs and five-pillar score profiles that strengthen accountability, reviewability, and organisational learning.
One-line takeaway
IS governance theory is the organisational logic that makes RAIDT's run-level evidence approach necessary, because responsible GenAI use must be governed through accountable and reviewable work episodes.