Guide

Approval and evidence by design

Stop proving compliance with narratives. Design workflows so approvals, exceptions, and version logs automatically produce evidence artifacts—at the right decision points.

No credit card required. Switch to a paid plan any time.

Approval → evidence studio

Pick a pattern and see which decision point should create which evidence artifacts. This is the core of audit-ready workflows.

Patterns

Mapping

High-risk change requires approval

Decision point

Approve deployment (normal vs emergency)

Evidence artifacts
  • approval_record (who/when/why)
  • change_category + risk rationale
  • release_version_log

Rule

If an approval is not a structured record, it’s not scalable evidence.
14 min read
Advanced

Definition

Evidence by design is a workflow pattern where control requirements are mapped to decision points and produce structured evidence artifacts (approvals, timestamps, rationale, exception codes, version logs) during execution—so audits become evidence queries, not reconstructions.

Key takeaways
  • Map controls to decision points, not process titles.
  • Every approval creates a record with who/when/why.
  • Every bypass creates an exception record with rationale.
  • Version logs are evidence (not just documentation).

The core pattern: control → decision point → evidence artifact

The core pattern is simple:

  • Control statement (what must be true)
  • Decision point (where a human/system decides)
  • Evidence artifact (what proves it happened correctly)

When this mapping exists, you can automate evidence creation and reduce audit burden dramatically.

Evidence artifact types (what to capture)

Common evidence artifacts:

  • approval record (approver, timestamp, rationale)
  • exception record (what deviated, why, who approved)
  • change/version log (what changed, impact, who approved)
  • system event id (immutable references)

Prefer structured artifacts first. Attach documents only when needed.

Examples across departments

Examples where evidence by design wins:

  • IT: change approvals, incident severity declarations, access grants
  • HR: policy acknowledgements, onboarding checklists, training renewals
  • Support: refunds/credits approvals, escalation decisions, QA audits
  • Finance: PO/AP approvals, exception handling, close checklists

Avoid the common trap: evidence as screenshots

Screenshots are fragile evidence:

  • hard to query
  • easy to fake or lose context
  • costly to maintain

Use screenshots as supporting material, not the evidence backbone. The backbone is structured records.

Drift: the hidden evidence gap

Evidence gaps often appear because the process drifted:

  • the approved workflow changed, but evidence expectations did not
  • teams bypass steps under urgency

Add conformance loops (should vs is) and remediate systematically.

Avoid these

Common mistakes to avoid

Learn from others so you don't repeat the same pitfalls.

Mapping controls to document titles

Titles don’t enforce execution.

Map controls to decision points with evidence artifacts.

Letting bypasses go unrecorded

Urgency becomes permanent drift.

Create exception records with rationale and remediation.

Treating version logs as optional

Audits can’t reconstruct change intent.

Publish version logs as first-class evidence.

Take action

Your action checklist

Apply what you've learned with this practical checklist.

  • Pick 1 workflow and list its decision points

  • Attach evidence artifacts to each decision point

  • Define exception codes and remediation workflow

  • Add version logs to publishing