Chapter CHuman in the loopPage 5 of 8

Human in the loop

Logging and accountability

A review decision is useful only if the team can reconstruct what was proposed, what evidence was visible, and who chose the action.

~12 minOperational pattern

Before you start

Why this matters

Three weeks after an AI-assisted refund, a customer disputes what happened. The database says “approved,” but the prompt has changed, the source record was updated, and nobody knows which draft the reviewer saw. A username alone cannot answer whether the system behaved correctly. Accountability requires a trace of the decision at the time it was made.

1Learn the idea

Read

What an audit trail should answer

A useful audit trail lets an authorized investigator answer:

  1. What triggered the workflow?
  2. Which data and policy versions were used?
  3. What did the AI propose?
  4. What warnings or uncertainty were shown?
  5. Who reviewed it, and under what role?
  6. What did the reviewer change?
  7. What action actually executed?
  8. What happened afterward?

These questions separate proposal, decision, and execution. If a reviewer approved $89 but a bug sent $890, the approval record and execution record reveal different failures. If the AI proposed the wrong customer but the reviewer corrected it, the edit becomes training and evaluation evidence.

Read

Record the right fields

For each workflow run, create a stable trace identifier. Link events to it rather than relying on timestamps alone.

Common fields include:

  • workflow and trace IDs;
  • event time with timezone;
  • authenticated actor or service identity;
  • actor role and permission scope;
  • model, prompt, tool, and policy versions;
  • source record identifiers and versions;
  • proposed action and structured parameters;
  • warnings, failed checks, and escalation reasons;
  • reviewer decision, edits, and reason code;
  • execution request, provider response, and status;
  • rollback or remediation events.

Prefer structured fields over one giant text log. Structured records can answer questions such as “Which approvals used policy version 7?” or “How often do reviewers reduce refund amounts?”

Read

Preserve versions, not only current values

Authoritative data changes. A customer profile may be corrected; a policy may be updated; a model may be replaced. If the audit record points only to the current version, it can create a false history.

Store immutable snapshots when necessary, or store version identifiers that can retrieve the exact state. The right choice depends on privacy, storage, and retention requirements. Do not duplicate sensitive data into logs without a reason. Sometimes a record ID, content hash, and protected version store provide enough evidence.

Version the instructions and configuration around the model. “We used model X” is incomplete if prompts, retrieval sources, thresholds, and tools changed every week.

Read

Make accountability meaningful

Logging “approved by user123” does not define responsibility. The process must state what the reviewer is responsible for checking and what remains the system owner’s responsibility.

For example:

  • the reviewer confirms the evidence supports the proposed refund;
  • the payments service enforces amount limits and idempotency;
  • the product owner defines which cases require approval;
  • the operations owner monitors queues and incidents;
  • the engineering owner maintains access controls and trace integrity.

Do not make frontline reviewers responsible for hidden failures they cannot observe. If the interface omits a conflicting source, clicking approve does not transfer all accountability to the reviewer.

Read

Capture edits as learning signals

Reviewer corrections are valuable, but they require context. Track the original proposal, final result, and reason for the change.

Useful reason categories might include:

  • wrong fact or source;
  • policy applied incorrectly;
  • missing context;
  • unsafe action;
  • tone or communication issue;
  • duplicate or already resolved;
  • reviewer preference.

Do not treat every edit as proof that the AI was wrong. A stylistic preference differs from a factual correction. Clear reason codes help prioritize improvements and build evaluation sets.

If reviewer data will be used for training, tell the people involved and apply the relevant privacy and governance rules. Operational logs should not quietly become an unrestricted training dataset.

Read

Protect the audit trail

Logs can contain customer data, internal decisions, and security details. Apply least-privilege access, retention limits, encryption where appropriate, and monitoring for unauthorized access.

Audit logs should be difficult to alter without detection. That may mean append-only storage, integrity checks, or restricted administrative roles. The system should record corrections as new events instead of silently overwriting history.

More logging is not automatically safer. Avoid storing full prompts and documents forever “just in case.” Decide what evidence is necessary, how long it is needed, and how deletion requests or legal holds are handled.

Read

Review the reviewers

Human decisions vary. Measure agreement on sampled cases, reversal rates, and outcomes by reviewer team. If policies are ambiguous, two careful people may decide differently.

Use disagreements to improve guidance and escalation, not merely to rank employees. A sudden change in approval rate may reflect new case types, workload, or a confusing interface. Investigate the system before blaming the person.

High-impact workflows may require periodic second review. Sampling approved and rejected cases helps detect both unsafe approval and unnecessary blocking.

Read

Build a reconstruction test

Choose one completed action and ask a person who was not involved to reconstruct it using only authorized records. Can they find the request, evidence, proposal, review, execution, and outcome? Can they tell which versions were used? Can they explain why the decision was allowed?

If reconstruction requires private messages or memory, the audit design is incomplete.

Checking tutor…

Continue learning · glossary & guides