• workshop_dense_100#slide 37

In RAIDT terms, IS governance can be defined as the organisational arrangement of decision rights, control, accountability, coordination, and review routines through which digital action becomes inspectable and manageable. The papers stress that governance in Information Systems is not only a matter of policy statements or technical controls in isolation. It depends on how artefacts, roles, information flows, and oversight practices are connected so that decisions can later be explained, challenged, and improved. This is why RAIDT draws on IS governance rather than on a purely technical view of AI assurance. Generative AI use is shaped by prompts, retrieved context, tools, adapters, and human review, so governance has to attach to that configured socio-technical event. RAIDT therefore defines the run as the unit of governance and uses the run-level evidence pack as the bounded object through which governance becomes operational.

A simple way to see why this matters is through RAIDT?s measurement logic. The framework assesses governance readiness through a score profile across the five pillars (Responsibility, Auditability, Interpretability, Dependability, Traceability), with anchors 1=missing / 3=partial / 5=audit-ready. This does not claim that a run is true, fair, or legally sufficient merely because it is documented. Rather, it shows whether the organisation can reconstruct what happened, who was responsible, what evidence informed the output, what checks were applied, and whether the use can be reviewed across functions. RAIDT also treats influence methods as governance interventions, so the choice of retrieval, structured prompting, LoRA/PEFT, or alignment becomes part of governance design, not merely system tuning.

A hospital uses GenAI to draft discharge summaries from clinician notes. IS governance matters here because the issue is not only whether the model can summarise text, but who is accountable for the record, what red-flag and uncertainty requirements apply, and whether a later complaint can be investigated. With RAIDT, the run-level evidence pack preserves the prompt template version, model deployment ID, any retrieval snapshot, the output, safety checks, and the clinician?s review flag.

That evidence supports a score profile that can be inspected after the event. Responsibility rises when escalation triggers and oversight are recorded; Auditability rises when the run can be reconstructed from stable identifiers and hashes. If those fields are absent, the hospital may still have a fluent summary, but it has weak governance. RAIDT matters because it converts clinical AI use from a vague assurance claim into an evidence-bearing object that managers, clinicians, and auditors can review.

• 11-RAIDT_Academic_Logic_M_v11
• 12-RAIDT_DSR_Theory_M_v8
• 17-RAIDT-Sociotechnical_M_v6