AI workflow audit

What to send before an AI workflow audit

A practical intake list for turning a vague automation request into an audit that can map workflow scope, data access, review gates, and first-slice value.

A useful AI workflow audit starts before the call. Not with a polished deck. With enough real operating material to see where the work begins, where it breaks, and who is allowed to approve changes.

If the request is only “we want to use AI,” the audit has to spend the first pass finding a workflow. If you bring the pieces below, the audit can move faster: map the process, separate safe assistance from bad autonomy, and identify the smallest prototype worth building.

1. The workflow you want inspected

Pick one recurring workflow. Do not send the whole company.

Good audit candidates usually sound like:

  • “Every week we research leads before sales outreach.”
  • “Incoming forms need to be categorized, enriched, and assigned.”
  • “Documents arrive by email and someone copies fields into a tracker.”
  • “A manager builds the same status brief from scattered sources.”
  • “Support tickets need triage before a human writes the final answer.”

Weak candidates sound like:

  • “Make our team more productive.”
  • “Add agents to the business.”
  • “Automate operations.”
  • “Use AI across marketing, sales, finance, and support.”

Those may be real ambitions. They are just too broad for a first audit. Start with the repeated work where a person can point to the input, output, owner, and pain.

2. Five to ten recent examples

Bring recent examples of the work as it actually happens. Sanitized examples are fine if the workflow contains customer, employee, or commercial data.

Useful examples include:

  • a lead record plus the research notes a sales person creates;
  • an inbound request plus the triage decision that followed;
  • a document or email plus the fields copied from it;
  • a weekly report plus the source links used to compile it;
  • a support ticket plus the draft, escalation, or final human response.

The point is not to train a model during the audit. The point is to see the shape of the work: what repeats, what varies, what is missing, and what a reviewer would need to trust the output.

3. Source systems and access boundaries

List where the workflow data lives. Name the tools even if access will not be granted during the audit.

For each source, note:

  • whether it is public, internal, confidential, regulated, or customer-sensitive;
  • whether export, API, webhook, or read-only access exists;
  • which fields are reliable and which fields are usually wrong;
  • who can approve access, retention, logging, and deletion rules;
  • which system wins when records disagree.

This is where many automation ideas get smaller. That is not failure. A small workflow with clear access rules beats a broad idea that depends on scraping private context nobody is allowed to use.

4. The current human review step

AI assistance is easiest to scope when the human review point is explicit.

Bring the current rule, even if it is informal:

  • Who checks the work today?
  • What do they look for before trusting it?
  • Which mistakes are harmless edits, and which mistakes create customer, legal, financial, or reputational risk?
  • Which decisions can be drafted but not executed?
  • When should the system stop and escalate?

If nobody owns the review step, the first automation work is not model selection. It is assigning authority. Unowned approval paths are where shiny demos go to become quiet liabilities.

5. The artifact you want at the end

A first workflow prototype should produce a reviewable artifact, not an invisible claim that “the AI handled it.”

Examples:

  • a cited lead brief with source links, fit notes, and open questions;
  • a triage queue with category, urgency, suggested owner, and confidence flags;
  • an extraction table with source references and missing-field markers;
  • a weekly executive brief with cited changes and follow-up tasks;
  • a runbook that explains inputs, outputs, exceptions, and maintenance ownership.

If you cannot name the artifact yet, the audit can help. But bring the closest version of what a useful output would look like.

6. Constraints that can kill the idea

Say the constraints early. Hiding them wastes everyone’s time.

Common constraints:

  • customer data cannot leave approved systems;
  • legal, financial, medical, hiring, or compliance judgments need human signoff;
  • the team cannot change the CRM, helpdesk, inbox, or file structure yet;
  • volume is too low for automation to pay back implementation work;
  • the workflow changes every week because the business process is not settled;
  • the owner wants final outputs, but reviewers only trust cited drafts.

A good audit does not bulldoze these constraints. It uses them to decide whether the next step is an AI workflow, a process cleanup, a reporting view, or a deliberate “not yet.”

7. What success would look like

Do not bring fake precision. Bring an operating signal.

Useful signals include:

  • fewer minutes spent preparing each artifact;
  • faster first review;
  • fewer missed handoffs;
  • fewer copied-field errors;
  • clearer escalation paths;
  • better visibility into why work is delayed.

If there is enough volume and the inputs are clear, those signals can later become a measured pilot. For the audit, they tell us what kind of improvement would matter.

A simple pre-audit packet

Before the audit, send:

  1. One workflow name and a short description.
  2. Five to ten sanitized examples.
  3. The tools or sources involved.
  4. The current reviewer or decision owner.
  5. The output artifact you want.
  6. Known constraints and sensitive-data boundaries.
  7. The operating signal that would make the work worth continuing.

That packet is enough to separate a buildable workflow from a vague AI wish. The next step is the audit map: workflow scope, data needs, risk boundaries, first prototype, and the maintenance owner who keeps it useful after the demo ends.

If you already have those pieces, request an AI workflow audit and include the packet summary. If you do not, start by collecting recent examples. The examples are usually where the truth is hiding.