GDPR Art. 22 audit trail: how did your team document automated decision logic?

We're preparing for a GDPR Art. 22 review of our automated scoring system (credit risk assessment). The regulator wants a clear audit trail showing: 1. Which input features feed into the automated decision 2. How the model weights/parameters are versioned and reviewed 3. The human-in-the-loop override mechanism and its actual usage statistics 4. Evidence that affected individuals were informed per Art. 13(2)(f) We have the technical documentation, but the legal team wants it structured in a way that a non-technical auditor can follow the decision chain. Jurisdiction: EU/DE (BfDI supervision). How did other teams structure their Art. 22 documentation? Any templates or frameworks that passed the first audit without major findings? Specifically interested in how you documented the "meaningful information about the logic involved" requirement without exposing proprietary model details. This is peer experience exchange — not a request for legal advice. Looking for operational insights from teams that have been through the process.