# Human-In-The-Loop Approval Matrix

Use this when deciding what humans approve, sample, audit, or own in an AI workflow.

## Workflow Facts

- Workflow name:
- Owner:
- Users affected:
- Customer-visible? Yes / No
- External action? Yes / No
- Sensitive data involved:
- Reversibility:
- Expected volume:
- Exception owner:

## Consequence Matrix

| Question | Yes / No | Notes |
| --- | --- | --- |
| Can a wrong output affect a customer, employee, supplier, or regulator? |  |  |
| Can the workflow send, publish, delete, charge, refund, or change records? |  |  |
| Can it expose personal, confidential, financial, legal, HR, or security data? |  |  |
| Would the mistake be hard to detect later? |  |  |
| Would the mistake harm trust even if reversible? |  |  |

## Review Pattern

| Consequence | Default pattern | Selected? |
| --- | --- | --- |
| Internal, reversible, low visibility | Audit after the fact |  |
| Repeated, quality-sensitive work | Sample review |  |
| Routine flow with ambiguous cases | Exception review |  |
| Customer-visible or external action | Human approval before action |  |
| Destructive, financial, legal, HR, or regulated decision | Human owns final decision |  |

## Review Screen Requirements

- [ ] Proposed output or action is visible.
- [ ] Source evidence is visible.
- [ ] Risk flags are visible.
- [ ] Reason for review is visible.
- [ ] Reviewer can approve, edit, reject, or escalate.
- [ ] Final action is logged with reviewer and timestamp.

## Stop Rules

- [ ] Error-rate threshold:
- [ ] Queue-age threshold:
- [ ] High-risk incident threshold:
- [ ] Owner who can pause workflow:
- [ ] Manual fallback path: