• workshop_dense_100#slide 23

The background and problem branch begins from a straightforward observation: generative AI is now embedded in organisational workflows where outputs influence decisions, records, communications, and services, yet governance remains concentrated at levels that are too coarse for configured use. Across the RAIDT governance papers, the branch reviews four relevant streams: IT and Information Systems governance, governance in decision support and expert systems, digital governance mechanisms, and organisational AI governance. Together these streams provide rich language for accountability, oversight, reviewability, provenance, socio-technical coordination, and operational routines.

The problem is not that prior governance theory is absent or irrelevant. The problem is one of granularity. Existing approaches usually govern the organisation, the system, the lifecycle, or the audit process. Generative AI, however, is unusually sensitive to run-time choices, including prompts, retrieved context, tools, adapters, safety settings, and review actions. Because these micro-level choices can alter both outputs and governance risk, a failure may appear in one run even where policy and lifecycle control are present. Responsible AI therefore supplies important principles, but it does not by itself provide a standard proof object for one contested use.

This branch overview explains why RAIDT is positioned as a governance extension. It adds a micro-operational layer in which the run as the unit of governance becomes the focal object, the run-level evidence pack becomes the evidentiary record, and the score profile makes governance readiness visible and comparable. The branch thus moves from broad Responsible AI concern to a narrower Information Systems problem: how to make one configured GenAI use reconstructable, contestable, and governable in practice.

A cybersecurity analyst uses GenAI to triage an alert. At branch level, the background problem is clear. Traditional governance can confirm that the organisation has an AI policy, a security workflow, and approved tooling. Yet if the recommendation is later challenged, those controls may still not show which prompt format was used, which threat-intelligence passages were retrieved, which safety constraints were active, or whether repeated runs produced consistent advice.

The branch overview matters because it reframes this as a governance problem of configured use, not merely a model-performance problem. RAIDT would treat the alert-triage interaction as a run, preserve the evidence needed for reconstruction, and score it across the five pillars. That makes the analyst’s use reviewable by managers, auditors, and incident reviewers rather than leaving governance at the level of broad policy assurances.

• 15-RAIDT-IS-Governance_M_v07
• 11-RAIDT_Academic_Logic_M_v11