Core Idea
Healthy evidence is produced by the work itself. A control should leave a trail because a system ran, an approval happened, a check executed, or a decision was recorded in the normal path of work. When evidence has to be recreated later, the programme is no longer observing reality; it is staging reality for an audience.
For example, a merge request approval, CI check, ticket transition, or identity change can become evidence because it already records work. The learner should ask how to preserve that trail rather than asking someone to recreate the same story in a spreadsheet later.
Use In Teaching
Invoke this card when a learner talks about screenshots, audit prep, evidence requests, control automation, or any workflow where the evidence task has become separate from the control task. It is especially useful before a lab on access reviews, change management, vendor reviews, or continuous control monitoring.
Use it when learners are designing evidence requests or audit prep. The Companion should ask where proof already appears during normal work and how to preserve it with context. This turns the lesson toward operating design instead of asking teams to perform evidence theatre later.
Contrast
This is not a claim that auditors do not need artefacts. It pushes back against evidence collection as the operating model. The companion should separate evidence generation from evidence harvesting: the first is architectural, the second is clerical.
Practice Prompt
Where in your current process are people recreating proof after the fact instead of producing proof as part of doing the work?