PartnerAlly Docs
AI Features

Human Review

How to validate AI findings and maintain human oversight of compliance decisions.

Human Review

PartnerAlly operates on a human-in-the-loop model. AI identifies issues and suggests solutions, but humans make final decisions. This ensures accuracy, maintains accountability, and catches what AI may miss.

Why Human Review Matters

AI Limitations

AI may not understand:

  • Your organizational context
  • Business priorities and constraints
  • Industry-specific nuances
  • Relationships between teams
  • Historical decisions and rationale

Compliance Reality

Compliance decisions involve:

  • Judgment calls and interpretation
  • Risk tolerance decisions
  • Business trade-offs
  • Legal considerations
  • Regulatory relationships

Accountability

Humans remain responsible for:

  • Final compliance status
  • Audit representations
  • Regulatory filings
  • Business decisions

AI is a tool to enhance human decision-making, not replace it. You are responsible for compliance decisions.

What to Review

Always Review

Human review is critical for:

ItemWhy Review
Critical severity gapsHigh impact requires human judgment
Low confidence findingsAI uncertainty needs verification
Unusual findingsMay indicate AI error or unique situation
Framework interpretationsMultiple valid interpretations exist
Generated workflowsEnsure fit for your organization

Spot-Check Regularly

Even for routine items:

  • Sample high-confidence findings
  • Verify AI consistency
  • Catch systematic errors
  • Build trust through verification

Review Process

For Gap Analysis

Review the Finding

Read the AI-identified gap and its explanation.

Check the Source

Review the cited document and relevant sections.

Verify the Mapping

Confirm the framework requirement interpretation.

Make a Decision

Accept, modify, or reject the finding.

Document Your Review

Add notes explaining your decision.

For Generated Workflows

Review Each Task

Ensure tasks make sense for your context.

Verify Dependencies

Check that task sequence is logical.

Adjust Assignments

Assign to appropriate team members.

Customize as Needed

Add, remove, or modify tasks.

Approve and Save

Finalize the workflow.

Validation Actions

Accepting Findings

When you agree with AI:

  1. Optionally add confirmation notes
  2. Proceed with remediation
  3. Finding recorded as validated

Modifying Findings

When AI is partially correct:

  1. Edit severity, description, or mapping
  2. Add explanation for changes
  3. Save modified finding

Rejecting Findings

When AI is incorrect:

  1. Mark as false positive
  2. Provide reason (required)
  3. Finding excluded from counts
  4. Available for audit trail

Documentation

Why Document Reviews

Recording your review:

  • Creates audit trail
  • Explains reasoning
  • Helps future reviews
  • Demonstrates due diligence

What to Document

Include in review notes:

  • Why you agree/disagree
  • Context AI didn't have
  • Reference to additional evidence
  • Business justification

Example Documentation

Reviewed 2024-01-15 by Jane Smith

Finding: Gap in access review process (SOC 2 CC6.2)
AI Confidence: 75%

Review Decision: Accept with modification

Notes: AI correctly identified lack of documented
quarterly reviews. Modified severity from High to
Medium because we do have annual reviews documented
in Policy-AC-001. Creating workflow to add quarterly
cadence.

Review Workflows

Triage Approach

Efficient review workflow:

  1. Sort by confidence

    • Low confidence first (most review needed)
    • High confidence for spot-checking

  2. Group by framework

    • Review all SOC 2 together
    • Builds context for decisions

  3. Flag for expert review

    • Complex items to specialists
    • Legal items to counsel

Team Review

For important findings:

  • Primary reviewer assesses
  • Secondary reviewer validates
  • Discussion for disagreements
  • Document consensus

Managing False Positives

Identifying False Positives

Common false positive causes:

  • AI misinterpreted document
  • Control exists but not documented
  • Non-standard terminology used
  • Context AI lacks

Handling False Positives

Mark as False Positive

Use the status option on the gap.

Provide Reason

Explain why this is incorrect.

Reference Evidence

Point to documentation proving it's false.

Save

Finding is flagged and excluded from gap counts.

Tracking False Positives

Monitor false positive rates:

  • High rates may indicate document issues
  • Patterns help improve AI accuracy
  • Informs process improvements

Managing False Negatives

Identifying Missing Findings

AI may miss real gaps when:

  • Documents are incomplete
  • Unusual control structures
  • Non-standard frameworks
  • Complex requirements

Adding Manual Findings

When you identify a gap AI missed:

  1. Create gap manually
  2. Link to relevant documents
  3. Note that it was manually identified
  4. Proceed with remediation

Quality Assurance

Review Metrics

Track review effectiveness:

  • False positive rate
  • Review completion time
  • Findings by confidence level
  • Human modifications rate

Periodic Calibration

Regularly assess:

  • Is AI accuracy improving?
  • Are reviews catching issues?
  • Do processes need adjustment?
  • Is documentation adequate?

Audit Considerations

Demonstrating Human Oversight

For auditors, show:

  • Review process documentation
  • Examples of human modifications
  • False positive handling
  • Decision rationale

Evidence of Review

Maintain evidence:

  • Reviewer names and dates
  • Review notes and decisions
  • Modification history
  • Approval chains

Regulatory Expectations

AI Governance

Regulators may expect:

  • Human oversight of AI decisions
  • Documented review processes
  • Ability to explain AI findings
  • Human accountability

Compliance Representations

When representing compliance:

  • Note AI-assisted analysis
  • Confirm human validation
  • Document methodology
  • Be transparent

Best Practices

Consistent Review

Establish consistency:

  • Standard review criteria
  • Documented procedures
  • Training for reviewers
  • Quality checks

Timely Review

Review promptly:

  • Don't let findings pile up
  • Schedule regular review time
  • Keep review cycles short
  • Escalate urgent items

Continuous Improvement

Improve over time:

  • Learn from false positives
  • Refine review criteria
  • Update documentation
  • Train team members

Common Questions

How much time should reviews take?

High-confidence items: 1-2 minutes. Low-confidence items: 5-10 minutes. Complex findings: As needed with specialist input.

Who should do reviews?

People who understand the requirements and your organization. Typically compliance professionals, with specialist input as needed.

What if I'm not sure about a finding?

When uncertain: escalate to experts, research the requirement, err on the side of caution, or document your uncertainty.

Can I trust high-confidence findings?

Trust but verify. Spot-check regularly. High confidence means likely accurate, not guaranteed.

What if reviewers disagree?

Document the disagreement. Escalate to management. Make a decision and document rationale. Review similar cases consistently.

Next Steps

Confidence Scores

Understanding AI certainty levels and how to interpret confidence scores.

Crypto Compliance

Compliance requirements specific to cryptocurrency and digital asset businesses.

On this page

Human ReviewWhy Human Review MattersAI LimitationsCompliance RealityAccountabilityWhat to ReviewAlways ReviewSpot-Check RegularlyReview ProcessFor Gap AnalysisReview the FindingCheck the SourceVerify the MappingMake a DecisionDocument Your ReviewFor Generated WorkflowsReview Each TaskVerify DependenciesAdjust AssignmentsCustomize as NeededApprove and SaveValidation ActionsAccepting FindingsModifying FindingsRejecting FindingsDocumentationWhy Document ReviewsWhat to DocumentExample DocumentationReview WorkflowsTriage ApproachTeam ReviewManaging False PositivesIdentifying False PositivesHandling False PositivesMark as False PositiveProvide ReasonReference EvidenceSaveTracking False PositivesManaging False NegativesIdentifying Missing FindingsAdding Manual FindingsQuality AssuranceReview MetricsPeriodic CalibrationAudit ConsiderationsDemonstrating Human OversightEvidence of ReviewRegulatory ExpectationsAI GovernanceCompliance RepresentationsBest PracticesConsistent ReviewTimely ReviewContinuous ImprovementCommon QuestionsHow much time should reviews take?Who should do reviews?What if I'm not sure about a finding?Can I trust high-confidence findings?What if reviewers disagree?Next Steps