Human in the loop
Logging and accountability
A review decision is useful only if the team can reconstruct what was proposed, what evidence was visible, and who chose the action.
Before you start
Why this matters
Three weeks after an AI-assisted refund, a customer disputes what happened. The database says “approved,” but the prompt has changed, the source record was updated, and nobody knows which draft the reviewer saw. A username alone cannot answer whether the system behaved correctly. Accountability requires a trace of the decision at the time it was made.
1Learn the idea
Read
What an audit trail should answer
A useful audit trail lets an authorized investigator answer:
- What triggered the workflow?
- Which data and policy versions were used?
- What did the AI propose?
- What warnings or uncertainty were shown?
- Who reviewed it, and under what role?
- What did the reviewer change?
- What action actually executed?
- What happened afterward?
These questions separate proposal, decision, and execution. If a reviewer approved $89 but a bug sent $890, the approval record and execution record reveal different failures. If the AI proposed the wrong customer but the reviewer corrected it, the edit becomes training and evaluation evidence.
Read
Record the right fields
For each workflow run, create a stable trace identifier. Link events to it rather than relying on timestamps alone.
Common fields include:
- workflow and trace IDs;
- event time with timezone;
- authenticated actor or service identity;
- actor role and permission scope;
- model, prompt, tool, and policy versions;
- source record identifiers and versions;
- proposed action and structured parameters;
- warnings, failed checks, and escalation reasons;
- reviewer decision, edits, and reason code;
- execution request, provider response, and status;
- rollback or remediation events.
Prefer structured fields over one giant text log. Structured records can answer questions such as “Which approvals used policy version 7?” or “How often do reviewers reduce refund amounts?”
Read
Preserve versions, not only current values
Authoritative data changes. A customer profile may be corrected; a policy may be updated; a model may be replaced. If the audit record points only to the current version, it can create a false history.
Store immutable snapshots when necessary, or store version identifiers that can retrieve the exact state. The right choice depends on privacy, storage, and retention requirements. Do not duplicate sensitive data into logs without a reason. Sometimes a record ID, content hash, and protected version store provide enough evidence.
Version the instructions and configuration around the model. “We used model X” is incomplete if prompts, retrieval sources, thresholds, and tools changed every week.
Read
Make accountability meaningful
Logging “approved by user123” does not define responsibility. The process must state what the reviewer is responsible for checking and what remains the system owner’s responsibility.
For example:
- the reviewer confirms the evidence supports the proposed refund;
- the payments service enforces amount limits and idempotency;
- the product owner defines which cases require approval;
- the operations owner monitors queues and incidents;
- the engineering owner maintains access controls and trace integrity.
Do not make frontline reviewers responsible for hidden failures they cannot observe. If the interface omits a conflicting source, clicking approve does not transfer all accountability to the reviewer.
Read
Capture edits as learning signals
Reviewer corrections are valuable, but they require context. Track the original proposal, final result, and reason for the change.
Useful reason categories might include:
- wrong fact or source;
- policy applied incorrectly;
- missing context;
- unsafe action;
- tone or communication issue;
- duplicate or already resolved;
- reviewer preference.
Do not treat every edit as proof that the AI was wrong. A stylistic preference differs from a factual correction. Clear reason codes help prioritize improvements and build evaluation sets.
If reviewer data will be used for training, tell the people involved and apply the relevant privacy and governance rules. Operational logs should not quietly become an unrestricted training dataset.
Read
Protect the audit trail
Logs can contain customer data, internal decisions, and security details. Apply least-privilege access, retention limits, encryption where appropriate, and monitoring for unauthorized access.
Audit logs should be difficult to alter without detection. That may mean append-only storage, integrity checks, or restricted administrative roles. The system should record corrections as new events instead of silently overwriting history.
More logging is not automatically safer. Avoid storing full prompts and documents forever “just in case.” Decide what evidence is necessary, how long it is needed, and how deletion requests or legal holds are handled.
Read
Review the reviewers
Human decisions vary. Measure agreement on sampled cases, reversal rates, and outcomes by reviewer team. If policies are ambiguous, two careful people may decide differently.
Use disagreements to improve guidance and escalation, not merely to rank employees. A sudden change in approval rate may reflect new case types, workload, or a confusing interface. Investigate the system before blaming the person.
High-impact workflows may require periodic second review. Sampling approved and rejected cases helps detect both unsafe approval and unnecessary blocking.
Read
Build a reconstruction test
Choose one completed action and ask a person who was not involved to reconstruct it using only authorized records. Can they find the request, evidence, proposal, review, execution, and outcome? Can they tell which versions were used? Can they explain why the decision was allowed?
If reconstruction requires private messages or memory, the audit design is incomplete.