I would offer that those two concepts are optimized for ex-post-facto blame. It’s not simply gov’t, as you point out, it’s large organizations.
To contrast this with more modern techniques, ‘audit trail’ is simply source control. And most of us don’t go into source control looking for a smoking gun.
It’s rarely necessary if a process is agile/iterative. Bugs will be (relatively) small and recent in time. So the notion of going back six months and figuring out ‘what went wrong’ is just not a thing. Wrong happens every day, in small amounts, transparently.
Conversely, a bug if truly large and undetected, and explodes a year from its creation, then the whole team is to blame. We’ve all looked at the code hundreds of times in that period.
To contrast this with more modern techniques, ‘audit trail’ is simply source control. And most of us don’t go into source control looking for a smoking gun.
It’s rarely necessary if a process is agile/iterative. Bugs will be (relatively) small and recent in time. So the notion of going back six months and figuring out ‘what went wrong’ is just not a thing. Wrong happens every day, in small amounts, transparently.
Conversely, a bug if truly large and undetected, and explodes a year from its creation, then the whole team is to blame. We’ve all looked at the code hundreds of times in that period.