AI Process Assurance

Prove your AI followed the path it was supposed to.

AI Process Assurance compares the expected workflow with what actually happened - so regulated teams can govern, evidence and safely automate AI-assisted work. We do it for insurance, financial services and other regulated industries.

CharterDefine the expected path
AuditCapture what actually happened
WorkpaperKeep what a reviewer can read
Modules
Workflow Charter · Semantic Audit
Artifact
The AI Workpaper
Deploys
Hosted or single-tenant Azure
In one sentence

What is AI Process Assurance?

AI Process Assurance is Airclerk's approach to governing AI-assisted work: compare the path it was supposed to follow with the path it actually followed. Airclerk defines the expected path with a Workflow Charter, records what actually happened inside those instrumented workflows with a Semantic Audit, and shows the difference. The retained result is an AI Workpaper: a business-readable evidence record for every material decision.

The unit we assure is a material AI-assisted decision: a recommendation, action, communication, approval or outcome that a regulated team may later have to explain. The workpaper is the thing that explains it.

The question behind the category

If an auditor asks in three years why an AI-assisted decision was made, what will you show them?

Platform logs, chat history and technical traces are useful, but they don't naturally produce a business-readable record of the work. Airclerk's answer is a retained AI Workpaper showing what happened, why it happened, what evidence supported it, what controls applied, and who approved the outcome.

What the reviewer needs to know

Seven questions, one record.

When a regulator, auditor, insurer, board or dispute reviewer asks about an AI-assisted decision, these are the questions on the table. A workpaper answers all of them without anyone reconstructing the story after the fact.

  1. What decision or action did the AI-assisted work produce?
  2. Which workflow was it meant to follow?
  3. What evidence was used, and where did it come from?
  4. What controls, limits and approval gates applied?
  5. Who reviewed or approved the outcome?
  6. What exceptions, missing evidence or skipped steps showed up?
  7. What was issued, and when?
Where the questions come from

These aren't hypothetical. Regulators in every market Airclerk serves have already put versions of them in writing.

NZ · FMA

Under CoFI, in force since 31 March 2025, a licensed institution's fair conduct programme must be in writing - effective policies, processes, systems and controls, with methods for regularly reviewing whether the programme is working. The Contracts of Insurance Act 2024 adds an implied term to pay claims within a reasonable time; commencement is by Order in Council, with a backstop of 15 November 2027.

AU · APRA

CPS 230 has applied since 1 July 2025: controls must be monitored, reviewed and tested for design and operating effectiveness, with results reported to senior management. APRA's April 2026 letter to industry applies that framework directly to AI - it expects an inventory of AI use cases and continuous monitoring for control breakdowns.

US · States

Under the NAIC's model bulletin on insurers' use of AI - adopted in 24 states plus D.C. as at mid-2026 - an insurer in a market conduct exam can expect to be asked about its development, deployment and use of AI systems. NYDFS Circular Letter No. 7 (2024) tells insurers writing in New York to maintain comprehensive documentation of AI used in underwriting and pricing, available to the Department on request.

EU · AI Act

Deployers of high-risk AI systems must keep the automatically generated logs under their control for at least six months - longer where other law requires it (Article 26(6)), applying from 2 December 2027 under the 2026 Digital Omnibus. In insurance, high-risk means risk assessment and pricing of life and health cover for natural persons; consumer credit scoring is also captured.

Much of this is supervisory expectation rather than statute, the detail varies by jurisdiction and line of business, and none of it is legal advice. What the regimes share is the assumption underneath: when someone asks, you can show your controls operated. The workpaper is built to be that answer.

01 / The model

The expected path, the actual path, and the gap between them.

Two records, one comparison. A Workflow Charter says what should happen. A Semantic Audit records what did. The gap between them is where governance, compliance and operational control actually live.

Expected path

Workflow Charter

The required stages, evidence, authority limits and approval gates for a repeatable process - plus the persistent memory that keeps an AI assistant on that path across sessions.

Actual path

Semantic Audit

A business-readable record of what actually happened, captured as the assistant works: the steps taken, the evidence used, the decisions made and the approvals recorded.

Control comparison

When the actual path diverges from the charter - a required approval missing, evidence not attached, a step skipped, a gate bypassed - Airclerk flags an exception. That is the moment an audit trail becomes operational control.

02 / The two modules

Standalone on their own. Far stronger together.

Each module earns its place alone. Semantic Audit gives you retrospective evidence. Workflow Charter gives your AI durable process memory. Run together, they give regulated teams control over AI-assisted work.

Module · Expected path

Workflow Charter

Defines what should happen — and remembers it

  • Workflow templates and per-instance state across stages.
  • Required evidence, authority limits and approval gates.
  • Persistent process memory across threads and sessions.
  • Next-step guidance - what's done, what's missing, what's blocked.
  • A generic engine; industry value comes from templates (renewals, claims review, complaints, KYC, and more).
Module · Actual path

Semantic Audit

Records what actually happened, in business language

  • Material actions, decisions and outputs - captured as the assistant works.
  • Evidence references with source, version and content hashes.
  • Human review and approval records against each decision.
  • Structured metadata grounds the AI's narrative in the evidence and approvals it references.
  • Produces the retained AI Workpaper.
03 / The artifact

The AI Workpaper.

The retained record you actually keep - and the thing you hand to a reviewer, an auditor or a regulator. Business-readable, not a technical log.

What a workpaper holds

Retained · exportable
Context and timeline
Material actions taken
Evidence used, with source links and hashes
Decisions and recommendations
Controls that applied
Approvals - who, when, against what
Exceptions and deviations flagged
Final outcome and output
AI Workpaper · WP-2026-0614 Illustrative · commercial renewal
  • 2026-06-03 Assistant prepared renewal terms — sum insured raised to $18.4M. — assistant
  • 2026-06-03 Control comparison run. Terms held, not sent. — control ↳ above authority · valuation missing · no sign-off recorded
  • 2026-06-05 → 06 Referral approved, valuation attached, sign-off recorded. — underwriters
  • 2026-06-06 Terms issued to broker — every step retained on the workpaper. — handling underwriter
The audit trail wasn't written afterwards — it was the control. Three gaps caught before terms went out, each resolved and retained.
04 / Where assurance finds risk

The exceptions worth catching.

Comparing expected against actual turns a passive record into something that surfaces configured exceptions automatically.

Exceptions are evidence too

Airclerk doesn't only keep the clean story. It preserves missing approvals, skipped steps, unmet criteria and unresolved evidence gaps, so a reviewer can see what actually happened and how it was resolved.

E-01

Missing approval

The charter required human sign-off before a client-facing communication. The audit shows none was recorded. Airclerk flags it.

E-02

Missing evidence

A claim decision required a policy-wording citation. The decision was drafted without one. The gap is visible, not buried.

E-03

Step skipped

A required claims-history review never ran before the renewal recommendation. The workflow moved on anyway - and that shows.

E-04

Gate bypassed

Work transitioned past an approval gate despite unmet criteria. Where that's visible in the instrumented workflow, it's flagged as an exception on the workpaper.

05 / Who uses the evidence

Built to be read by the people who ask.

A workpaper is only useful if the people who need it can read it without a data team. These are the readers it's written for.

  • Compliance and risk teams testing that controls operated
  • Internal audit, and external auditors at year-end
  • Operations and line-of-business leaders overseeing AI rollout
  • Claims, underwriting and advice managers reviewing decisions
  • Regulators and dispute-resolution processes, after the fact
  • The board, when it asks how AI-assisted work is governed
06 / The honest boundary

What we record - and what we don't.

A defensible record is one that's honest about its own edges. Here are ours.

What we record. The work that runs through Airclerk-connected workflows and tools, captured as the assistant works. Calls to Airclerk tools are recorded directly; other approved tool use is captured where it runs through the instrumented workflow, with reconciliation against platform traces where available.

What we don't claim. We don't pretend to capture work a person does entirely outside the workflow - copying an answer into a document and editing it by hand, or deliberately going around the rails. That's a control you own. Reconciliation against platform traces can narrow the gap over time.

07 / Where it runs

Inside the boundary your risk team already governs.

Airclerk can be hosted by us with per-tenant isolation, or deployed single-tenant into your own Azure tenant on request. Raw workflow data and source documents can stay inside your environment; Airclerk holds the configured evidence record, workflow state and control comparison. Full security posture on the Trust page.

Security & deployment
Custody

Source systems, documents, approvals and raw workflow data stay inside the environment your team already governs, where that's required.

Control

Airclerk holds the Workflow Charter, the workflow state and the expected-vs-actual comparison.

Evidence

The AI Workpaper gives a reviewer a retained, business-readable record of the decision.

Judgment

Airclerk doesn't decide compliance, liability or suitability. People do. The workpaper is what they read to decide.

08 / See it on a real workflow

Agentic renewals.

The clearest place the value shows up first: commercial insurance renewals, run by AI agents and evidenced end to end. The renewal's charter defines the path; Semantic Audit records what happened; the workpaper is the retained record available for audit.

Explore agentic renewals

09 / Where you start

No formal AI workflows yet? That's exactly where to start.

You don't need a defined process to begin. Most teams don't have one — their people are already using AI ad-hoc, and that's where the exposure hides. You can't govern what you can't see, so you start by seeing it.

01

Discover.

Find where ad-hoc AI is already influencing regulated decisions, handoffs and client outcomes — and rank the patterns that deserve evidence capture or formal governance first.

02

Evidence.

Retained, business-readable AI Workpapers for the material uses you designate. Enough to evidence what happened, though not to certify the work followed an approved path. No Workflow Charter required — Semantic Audit stands alone here.

03

Control.

For the recurring, material workflows you found, define the expected path — and the exception comparison switches on. This is the one tier that needs a Workflow Charter.

Most firms start with an AI Evidence Readiness Assessment: a fixed-scope look at your real AI use that maps the work, produces sample workpapers, and recommends the first workflows worth governing. Talk to us about one →

10 / How to start

One workflow, properly assured.

We start narrow: take one high-value workflow and make it a governed, evidenced workflow you can defend.

i.

Readiness Sprint.

Two weeks. We confirm scope, map your systems, define the charter and controls, and produce a board-ready implementation plan for the first workflow.

ii.

Implementation.

We charter the workflow, instrument the Semantic Audit, wire approvals and evidence, and stand up the workpaper - connected to your systems and your Claude environment.

iii.

Expected vs actual.

Turn on the control comparison: missing steps, missing approvals and unmet criteria surface as exceptions, and every run leaves a retained workpaper.

11 / FAQ

AI Process Assurance FAQ.

01What is AI Process Assurance?

A way of governing AI-assisted work by comparing the path it was supposed to follow with the path it actually followed. Airclerk defines the expected path (Workflow Charter), records what actually happened (Semantic Audit), and shows the difference - producing a retained, business-readable AI Workpaper for every material decision.

02How is this different from AI governance or model-risk tooling?

Most AI governance and model-risk tooling works before deployment - is the model safe, fair, accurate. AI Process Assurance works at runtime and after the fact: did the actual work follow the required path, with the right evidence and approvals. It's operational control, not pre-deployment testing.

03Can I buy just one module?

Yes. Semantic Audit stands alone as a retained evidence trail; Workflow Charter stands alone as durable process memory and guidance for your AI. The control comparison - expected vs actual - is what you get when you run both.

04Does Airclerk capture everything the AI does?

Airclerk records the work that runs through its instrumented workflows and tools, as the assistant works. It does not claim to capture work a person does entirely outside those workflows, such as copying an answer into a document and editing it by hand. That boundary is deliberate; deliberate human circumvention is a customer-side control, not something Airclerk pretends to catch.

05Is it tied to Claude?

Claude-first, platform-aware. Airclerk works as a sibling MCP alongside your other connectors, so the AI client decides which tools to call and Airclerk records the evidence, state and control around them. The evidence layer is independent of any single AI platform.

06Where can it be deployed?

Hosted by Airclerk with per-tenant isolation, or single-tenant in your own Azure tenant on request. Raw workflow data and source documents can remain inside your environment. See the Trust page for the full security posture.

Moving AI from pilot to production?

Let's assure one workflow.

If you're putting AI to work on material decisions and the evidence has become the limiting factor, this is the conversation.