Before You Automate Anything: The Four Things You Must Document

Before You Automate Anything: The Four Things You Must Document

  • AI Strategy
  • AI Automation
  • Workflow Documentation
  • Agentic AI

Most organizations are idling at the start of their AI automation journey with no idea how to proceed. This framework tells you exactly what to document before you build anything.


There’s been a growing chorus across newsletters, LinkedIn posts, and Substacks: workflow documentation is a prerequisite for AI automation. I specialize in working with clients in finance, accounting, and investment — domains where regulatory oversight makes this prerequisite all the more pressing — but the principle applies virtually everywhere.

The core assertion is straightforward: without proper workflow documentation, you will make poor decisions about what to automate, implement automations that erroneously perform irreversible actions, or arrive at any number of other suboptimal outcomes from insufficient planning.

The question that naturally follows is: how do you adequately document a workflow such that you’ve collected enough information to confidently design your AI pipeline?

This is not a trivial question. It implies thinking about policies, regulations, data, and authorization in ways that simply weren’t necessary in the pre-agentic era. Yet answering it is presently of the utmost importance — most organizations are still idling in the harbor at the outset of their AI automation journey with virtually no idea how to proceed, while simultaneously sustaining pressure from investors and leadership to make forward progress.

With that in mind, here is a framework for guiding your workflow documentation process.

The Four Things to Document

This framework specifies that you document four particular aspects of any workflow you seek to automate.

1. Action Inventory

Break your workflow down into the complete series of actions required for completion. For each action, classify the step according to its result in ascending order of risk:

  1. Read-only — gets data and does nothing else with it
  2. Internal write — one of your systems-of-record gets updated
  3. External side-effect — something is triggered in a system you don’t own
  4. High-stakes irreversible action — something happens that can’t easily be undone (e.g., securities transactions)

This classification is the foundation of everything else. It tells you where the risk lives in your workflow before you’ve written a single line of automation code.

2. Authorization Map

For each action, who or what determines whether that action should be authorized or blocked? This might be the sign-off of a particular person, internal policies, or external regulations. Document it explicitly.

Authorization is often where implicit institutional knowledge hides. “Everyone knows you need a second set of eyes on that” is not a policy — it’s a liability waiting to surface when an agent doesn’t know the rule exists.

3. Data & Evidence Standards

For each action, identify which information is needed to determine the correct result. If an action depends on multiple data or evidence sources, assign a ranking or description of how that data is prioritized when making a decision.

This step forces you to ask: what would a reasonable person need to see before taking this action? That question translates directly into the context and retrieval architecture of your agent.

4. Exceptions & Escalation

For the workflow as a whole, document the known situations where the normal flow breaks down and what happens as a result. Does someone get notified? Does the case get escalated, and if so, to whom?

Exception handling is where most AI automations fail silently. An agent that doesn’t know what to do when things go sideways will either do nothing or do something wrong.

Why This Feels Harder Than It Should

This may well be the first time you’ve articulated your processes at this level of detail. These kinds of specifics often live as unwritten institutional knowledge, transmitted during training and onboarding. In the human context, that works well enough. In the agentic context, it doesn’t work at all.

There is no equivalent of “just watch how I do it” with an AI agent. Everything unwritten or implicit must be made explicit so it can eventually be translated into code that governs agent behavior.

The framework above will allow you to collect exactly the kind of information you’ll need to express sufficient guardrails, action sets, and data boundaries for an agentic architecture to operate safely within your organization.

Your First Step

If you’ve got a mandate to “do something” with AI but don’t know where or how to begin, let this be your very first step.

Your future self (…and your team…and your boss…) will thank you for the diligence that allowed you to build something real with AI instead of yet another promising-but-ultimately-useless demo.