AI workflow risk checklist
Use this checklist before putting an AI workflow in front of real users.
Risk areas
Risk control should be visible in the workflow, not hidden in a policy document.
- Human approval
- Source evidence
- Low-confidence fallback
- Model/provider assumptions
- Audit logs
What to check before users see it
Before a pilot, confirm what the AI can decide, what humans must approve, what gets logged, and how the workflow behaves when confidence is low.
- Decision boundaries
- Reviewer role
- Evidence display
- Fallback path
- Audit event format
Common AI workflow failure modes
Most failures are not model failures alone. They are product failures: no review path, weak data boundaries, unclear ownership, or missing fallback.
- AI output looks final when it is not
- No owner for low-confidence cases
- Source data is not visible
- Logs cannot answer what happened
- Prompt changes are not tracked
Risk checklist output
- Decision boundary: What AI may suggest, what it may update, and what humans must approve.
- Fallback plan: What happens when confidence is low, data is missing, or API calls fail.
- Audit log: Events that show prompt version, model output, reviewer decision, and system action.
- Pilot gate: The conditions required before real users or production data are involved.
Preguntas frecuentes
- Do all AI workflows need human review?
- Not all, but any workflow with customer impact, financial impact, or uncertain source data should define a human review path.
- What should be logged?
- Input, source evidence, prompt or workflow version, model output, confidence or validation state, human decision, and final system action.