The retention settings for the _audit index (assuming that is what is meant by "audit logs") are in an indexes.conf file ($SPLUNK_HOME/etc/system/default, by default). You should be able to show the auditor a screenshot of the Settings->Indexes page showing the oldest entry in the index (if you have at least a year of data, of course).
I looked this up the _audit index says Earliest event 5 month ago & latest event 4 month ago. Rich should this setting be changes in _audit & _internal indexes or just in _audit index please? This timing of 1 year log detention in the indexs.conf has to be done via CLI correct?
Perhaps what you should do is sign in to one of the indexers and use btool to view the retention settings.
splunk btool indexes list _audit | grep frozenTimePeriodInSecs
The value will be in seconds so you'll have to do some math to convert it into days for the auditor.