• integrated_82#Q3.12

The Auditability pillar is the RAIDT dimension that asks whether a run can be examined by internal or external reviewers to verify compliance, reconstruct the decision process, and attribute accountability. Within the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability), it is the pillar most directly concerned with independent review after the fact. Because RAIDT treats the run as the unit of governance, the pillar is assessed against one configured use event rather than against a model, service, or policy programme in the abstract.

The evidence supporting this pillar is the run-level evidence pack. Across the foundations, review, and scoring papers, the required support is consistent: context of use and stakes, stable run identifiers and timestamps, prompt and template identifiers, model or deployment identifiers, relevant configuration settings, tool and retrieval provenance, produced outputs, integrity markers such as hashes, and documented oversight actions including approvals, edits, exceptions, or escalations. The papers also stress usability: evidence must be structured and reviewable by governance actors, not only available as raw engineering telemetry. For that reason, RAIDT distinguishes a reviewable evidence object from generic logs, which may be verbose yet still fail to answer audit questions.

In the RAIDT score profile, the Auditability pillar is judged using the anchors 1=missing / 3=partial / 5=audit-ready. A high score indicates that evidence is complete enough for independent reconstruction. A low score indicates that key artefacts are absent, unstable, or unusable, so the organisation cannot credibly defend what happened in the run.

An HR manager uses a GenAI assistant to draft a performance appraisal that an employee later disputes. If the organisation retained only the final appraisal text, the Auditability pillar would remain weak because reviewers could not inspect the prompting arrangement, the deployed model version, any retrieved HR policy text, or the manager's edits and approval.

If the run-level evidence pack instead contains the prompt template version, model deployment ID, policy snapshot identifiers, generated draft and output hash, and the manager's review decision, the case becomes reviewable. HR, legal, or internal audit can reconstruct how the draft was produced and decide whether the process followed approved organisational controls.

• 08-RAIDT_Foundations_M_V50
• 00-RAIDT_Scoring_v1
• 13-RAIDT-Evidence-Review_M_v10