• qa_deck_100#slide 75 · RAG, PEFT, RLHF-type controls, and stacked configuration

PEFT/LoRA matters in RAIDT because it changes how control is governed, not only how cheaply a model is adapted. The LoRA paper argues that small adapter deltas can be versioned, hashed, reviewed, and rolled back while the base model remains frozen. That is materially different from prompt-only steering, which the prompt-governance paper describes as brittle and difficult to audit unless heavily instrumented. In other words, PEFT/LoRA gives organisations a bounded change surface: the behavioural shift sits in a discrete artefact rather than being diffused across a full fine-tune or an informal prompt habit.

Seen through the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability), this matters most for Auditability, Dependability, and Traceability. A governed adapter can carry an adapter card, training-slice description, hyperparameter record, prompt linkage, and SHA-256 run log, so run as the unit of governance becomes operational rather than rhetorical. That supports a run-level evidence pack showing which adapter produced which output, under which prompt and configuration. The papers also report that LoRA tends to stabilise tone and structure, improving repeated-run consistency, while stacked PEFT plus RAG usually outperforms single-lever baselines on governance readiness. So the point is not merely cheaper tuning; it is governable behavioural change with rollback, lineage, and a clearer score profile under anchors 1=missing / 3=partial / 5=audit-ready.

In finance, a bank may use an LLM to draft adverse-decision explanations and counterfactual guidance for loan applicants. A prompt-only pipeline can produce acceptable letters, but when templates drift between teams the institution struggles to show why one release sounded more cautious, or why another omitted fairness caveats. With PEFT/LoRA, the bank can freeze the base model and attach a versioned credit-governance adapter trained for policy-consistent wording and risk disclosure. Each run then logs prompt ID, adapter ID, configuration fingerprint, hashes, and reviewer scores. If auditors question a release, the bank can replay the exact configuration or roll back the adapter. That makes the system governable in a way that cheaper tuning alone does not.

• 05-RAIDT_LoRA_V2
• 04-RAIDT_Prompt_Eng_V2