Audit Without Replay Is Fiction
Audit is not observation.
Audit is verification.
Verification requires replay.
Without replay, audit is fiction.
I. The Purpose of Audit
Audit exists to answer one question:
Did this actually happen as claimed?
This question cannot be answered by logs.
It cannot be answered by reports.
It can only be answered by replay.
Replay means: given the same inputs, execute the same logic, observe the same result.
If the result differs, the claim is false.
II. The Current State of Audit
Modern enterprise systems produce audit artifacts:
- log files
- change histories
- approval records
- timestamp trails
These artifacts describe what happened.
They do not prove what happened.
Description is not proof.
III. The Replay Requirement
A system is auditable only if:
- All inputs are recorded
- All inputs are immutable
- The execution path is deterministic
- Re-execution produces identical results
If any condition fails, audit is impossible.
Most enterprise systems fail all four conditions.
IV. Why Replay Fails
Replay fails because systems are designed without audit in mind.
Common failures:
- Mutable state: inputs are updated after the fact
- Configuration drift: rules change between execution and audit
- Non-deterministic logic: outcomes depend on timing or environment
- Missing context: not all inputs are captured
Each failure makes replay impossible.
Each impossibility makes audit fictional.
V. The Cost of Fictional Audit
When audit is fictional:
- regulators cannot verify compliance
- disputes cannot be resolved definitively
- historical decisions cannot be defended
- trust is based on reputation, not evidence
The cost is not immediately visible.
It appears during crisis.
Crises expose fiction.
VI. The Architectural Solution
Audit must be built into the execution layer.
Requirements:
- Event sourcing: all changes are recorded as immutable events
- Bi-temporality: both valid time and transaction time are captured
- Deterministic execution: same inputs always produce same outputs
- Replay capability: any past decision can be re-executed
These are not features to add later.
They are foundational constraints.
VII. Final Conclusion
Audit without replay is not audit.
It is theater.
A system that cannot prove its past cannot be trusted with its future.
The ability to replay is not optional.
It is the minimum requirement for a governed system.
Without replay, there is no audit.
Without audit, there is no governance.
Without governance, there is no system.
Only stories.
SHA-256: bce7ca2fa529b05462e7165de5bd93f9d0dd3e2e34ae70e4cbcde024395342cc