• qa_deck_100#slide 55 · Responsibility and auditability

In RAIDT, Auditability means whether a specific generative-AI run can be reconstructed and independently reviewed after the event. It sits within the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability), but its focus is distinctive: not whether the model is generally documented, but whether one concrete use can be inspected in context. RAIDT therefore treats the run as the unit of governance. The relevant question is whether a reviewer can later examine the prompting arrangement, model and tool configuration, retrieved context, outputs, checks, and oversight actions that shaped that run.

This matters because RAIDT frames governance as an evidence problem rather than a statement of intent. A run is auditable only when the run-level evidence pack is sufficiently complete, usable, and trustworthy to support reconstruction, compliance review, and accountability attribution. The papers distinguish this from model cards, policy statements, and periodic audit routines, which remain valuable but do not normally preserve the record of a disputed use event. Auditability is also affected by influence methods as governance interventions: retrieval augmentation, prompt templates, adaptation layers, or alignment controls all change what must be captured if the run is to remain reviewable.

In practice, Auditability is expressed through the RAIDT score profile and the anchors 1=missing / 3=partial / 5=audit-ready. A high score does not certify correctness or legality. Rather, it shows that the organisation has preserved enough evidence for an independent reviewer to inspect what happened and judge whether reliance on the run was justified.

Consider a public-service eligibility workflow in which a GenAI assistant drafts advice on whether a claimant qualifies for housing support. Months later, the claimant challenges the advice. The organisation is not audit-ready if it can show only the final text and a generic citation to policy guidance. That does not prove which rule version was retrieved, which prompt template was used, or what checks followed.

Under RAIDT, Auditability is strong when the run-level evidence pack contains the run ID, timestamp, prompt version, model deployment identifier, the exact retrieved policy clause with snapshot identifiers and hashes, the generated output and output hash, and the reviewer's approval or escalation record. An internal or external reviewer can then reconstruct the run, verify the governing rule text, and assess whether the advice was produced under approved controls.

• 08-RAIDT_Foundations_M_V50
• 13-RAIDT-Evidence-Review_M_v10