Guide

    Approval and evidence by design

    Stop proving compliance with narratives. Design workflows so approvals, exceptions, and version logs automatically produce evidence artifacts—at the right decision points.

    No credit card required. Switch to a paid plan any time.

    Approval → evidence studio

    Pick a pattern and see which decision point should create which evidence artifacts. This is the core of audit-ready workflows.

    Patterns

    Mapping

    High-risk change requires approval

    Decision point

    Approve deployment (normal vs emergency)

    Evidence artifacts
    • approval_record (who/when/why)
    • change_category + risk rationale
    • release_version_log

    Rule

    If an approval is not a structured record, it’s not scalable evidence.
    14 min read
    Advanced

    Definition

    Evidence by design is a workflow pattern where control requirements are mapped to decision points and produce structured evidence artifacts (approvals, timestamps, rationale, exception codes, version logs) during execution—so audits become evidence queries, not reconstructions.

    Key takeaways
    • Map controls to decision points, not process titles.
    • Every approval creates a record with who/when/why.
    • Every bypass creates an exception record with rationale.
    • Version logs are evidence (not just documentation).

    The core pattern: control → decision point → evidence artifact

    The core pattern is simple:

    • Control statement (what must be true)
    • Decision point (where a human/system decides)
    • Evidence artifact (what proves it happened correctly)

    When this mapping exists, you can automate evidence creation and reduce audit burden dramatically.

    Evidence artifact types (what to capture)

    Common evidence artifacts:

    • approval record (approver, timestamp, rationale)
    • exception record (what deviated, why, who approved)
    • change/version log (what changed, impact, who approved)
    • system event id (immutable references)

    Prefer structured artifacts first. Attach documents only when needed.

    Examples across departments

    Examples where evidence by design wins:

    • IT: change approvals, incident severity declarations, access grants
    • HR: policy acknowledgements, onboarding checklists, training renewals
    • Support: refunds/credits approvals, escalation decisions, QA audits
    • Finance: PO/AP approvals, exception handling, close checklists

    Avoid the common trap: evidence as screenshots

    Screenshots are fragile evidence:

    • hard to query
    • easy to fake or lose context
    • costly to maintain

    Use screenshots as supporting material, not the evidence backbone. The backbone is structured records.

    Drift: the hidden evidence gap

    Evidence gaps often appear because the process drifted:

    • the approved workflow changed, but evidence expectations did not
    • teams bypass steps under urgency

    Add conformance loops (should vs is) and remediate systematically.

    Avoid these

    Common mistakes to avoid

    Learn from others so you don't repeat the same pitfalls.

    Mapping controls to document titles

    Titles don’t enforce execution.

    Map controls to decision points with evidence artifacts.

    Letting bypasses go unrecorded

    Urgency becomes permanent drift.

    Create exception records with rationale and remediation.

    Treating version logs as optional

    Audits can’t reconstruct change intent.

    Publish version logs as first-class evidence.

    Take action

    Your action checklist

    Apply what you've learned with this practical checklist.

    • Pick 1 workflow and list its decision points

    • Attach evidence artifacts to each decision point

    • Define exception codes and remediation workflow

    • Add version logs to publishing