Start with one bounded task—and measure it

The most reliable way to save time with AI is to redesign one repeatable, low-risk stage of a workflow, keep a named person accountable for the final result, and test whether the savings remain after review and rework.

Action to take now: choose one recurring task this week. Record how it is completed today, then run a small AI-assisted pilot on comparable cases. Keep the new workflow only if it reduces total effort without producing unacceptable errors or creating data-handling problems.

This is a workflow-design exercise, not a search for a clever prompt. The useful question is not, “What can this tool generate?” It is, “Which part of this process can produce a reviewable draft or structured intermediate result faster, while the person responsible can still verify it?”

That distinction matters. NIST advises organizations to assess whether AI fits the intended purpose and context, weigh benefits against risks, and apply greater oversight where risks are more serious. It also notes that AI may not be the right solution for a particular business task. NIST AI RMF Playbook — Manage and Map

1. Select work that is suitable for a human-reviewed AI workflow

Recommendation: begin with work that is high-volume, repeatable, and governed by clear inputs and an observable definition of a usable output. A reviewer should be able to inspect both the source material and the AI output before anything is sent, published, filed, or acted on.

Good initial candidates often include:

  • Creating a first draft from approved notes or source material
  • Summarizing material that the reviewer supplies and can check
  • Extracting specified fields into a defined structure
  • Classifying incoming requests for human confirmation
  • Generating alternatives, outlines, or question lists for a person to select from

These are not automatically low-risk uses. Their suitability depends on the information involved, the consequence of an error, and the control design. NIST recommends testing systems against their intended purpose and deployment context, setting acceptable performance limits, documenting limitations, and interpreting outputs in context. NIST AI RMF Playbook — Measure

Avoid unattended delegation when the output would make or materially determine a consequential decision. Decisions affecting people require stronger accuracy and oversight controls; the UK Information Commissioner’s Office specifically identifies a higher need for statistical accuracy when generative AI is used to make decisions about people. ICO — Generative AI: accuracy of training data and model outputs

As a practical boundary, do not let an AI workflow silently approve a payment, finalize a contractual position, make an employment determination, issue a formal finding, or send consequential customer communication without the review and authority your existing process requires.

2. Map the current process before introducing a tool

You cannot identify a genuine time saving until you know where time is currently spent. The apparent bottleneck may be drafting, but the real delay may be gathering source material, waiting for approval, correcting incomplete inputs, or reformatting the final output.

Recommendation: map one task on a single page before changing it. Capture these elements:

Workflow element What to record
Trigger What starts the task?
Input Which documents, records, or instructions are needed?
Steps What happens from intake through completion?
Owner Who does each step and who owns the result?
Output What does a completed, usable result look like?
Review point Who checks it, against what, and before which action?
Baseline Volume, completion time, rework, errors, and handoffs

NIST states that an organization’s mission, goals, and specific business purpose for an AI system should be understood and documented; it explains that this improves risk evaluation and clarifies go/no-go decisions. NIST AI RMF Playbook — Map

Use your own process data rather than generic estimates. Record the median completion time across a small set of representative cases, not just the fastest example. Also separate active work time from waiting time. AI may reduce drafting time while leaving the actual constraint untouched.

3. Put AI at a bounded handoff, not in charge of the whole process

A workable design separates generation from authorization:

  1. A person supplies approved inputs.
  2. AI produces a defined intermediate output.
  3. A reviewer checks it against the relevant source material and workflow rules.
  4. The accountable person decides whether and how to use it.

For example, an AI tool might turn meeting notes into a proposed project update. The reviewer checks every factual statement against the notes, fills gaps, removes unsupported wording, and authorizes the final update. The AI has accelerated preparation; it has not become the source of record or the decision-maker.

This approach is informed workflow analysis, supported by NIST’s guidance to document human oversight, track overrides and errors, and establish processes for escalation and corrective action. NIST AI RMF Playbook — Measure

Define the handoff in writing. For each workflow, specify:

  • Permitted inputs: the approved materials and data classes
  • Required output: the format, fields, length, and source references needed
  • Reviewer checks: what must be verified before use
  • Escalation conditions: when the output must be discarded or routed to an expert
  • Final owner: the person accountable for the decision or communication

Illustrative failure modes and controls

The following are examples, not measured incident rates:

Failure mode Control
A draft includes an incorrect factual claim Verify each material claim against approved source material before final use.
A request is routed to the wrong queue Require human acceptance or override before any downstream action.
A user enters sensitive information in an unapproved tool Limit use to approved tools and data classes; review permissions and retention before the pilot.
The tool is unavailable or produces unusable output Preserve the existing manual process as the fallback.

NIST recommends tracking errors, overrides, escalations, and other evidence of whether oversight is working. It also calls for contingency processes for failures or incidents involving AI systems where continuity and risk warrant them. NIST AI RMF Playbook — Measure NIST AI RMF Playbook — Govern

4. Standardize the workflow assets, not just the prompt

A one-off prompt can demonstrate a possibility. It does not create a dependable operating process.

Recommendation: create a small task package that another qualified colleague could use consistently:

  • A task-specific instruction that states the purpose and boundaries
  • An input template that identifies the approved source material
  • An output schema, such as a table, heading structure, or required fields
  • A reviewer checklist for accuracy, completeness, tone, and escalation
  • A record of known limitations and disallowed uses

For a summarization workflow, for instance, the instruction might require: “Use only the supplied material; identify missing information; separate confirmed facts from open questions; do not infer commitments.” The output template can require a concise summary, decisions, owners, dates explicitly stated in the material, and unresolved items. The reviewer can then test the same attributes in every case.

This standardization is a recommendation, not a universal regulatory requirement. Its value is operational: it makes the workflow more repeatable, easier to test, and easier to improve. NIST’s evaluation guidance emphasizes documented methodology, metrics, performance outcomes, limitations, and procedures for responding to issues. NIST AI RMF Playbook — Measure

5. Verify data, access, retention, and records controls before using nonpublic material

Do not treat a vendor statement that business data is “not used for training” as a complete privacy or security assessment. Training use, retention, access, connected-data retrieval, auditability, and regional or contractual requirements are distinct questions.

For example, OpenAI states that inputs and outputs for certain business offerings are not used for training by default, while its API documentation separately describes default abuse-monitoring logs, which may be retained for up to 30 days, and feature- or endpoint-specific application-state retention. OpenAI — Enterprise privacy at OpenAI OpenAI API — Data controls in the OpenAI platform

Similarly, Microsoft documents that Microsoft 365 Copilot data handling can include storage, auditing, discovery, and retention according to configured Microsoft Purview policies. It also states that existing SharePoint and OneDrive permissions affect what Copilot can discover and reference. Microsoft Learn — How data is protected and audited in Microsoft 365 and Microsoft 365 Copilot Microsoft Learn — Learn about retention for Copilot and AI apps

Before a pilot involving nonpublic information, confirm the exact:

  1. Product, plan, model, endpoint, and enabled features
  2. Workspace or tenant settings for data use and retention
  3. Connected repositories and the permissions applied to them
  4. Audit, records-retention, and e-discovery treatment
  5. Internal approved-tool, data-classification, procurement, and incident-response requirements
  6. Contractual, legal, privacy, security, and regulatory constraints

Where personal, employment, customer, health, financial, legal, regulated, or otherwise restricted information is involved, obtain direction from the organization’s authorized privacy, security, legal, compliance, records-management, and procurement functions. NIST recommends that applicable legal and regulatory requirements be understood, managed, and documented in collaboration with relevant organizational oversight functions. NIST AI RMF Playbook — Govern

6. Run a pilot that counts review time, not just generation time

The relevant result is net workflow performance, not how quickly the tool returns text.

Recommendation: test a small set of comparable cases using both the existing process and the AI-assisted process. For each case, record:

  • Total elapsed time from trigger to usable output
  • Active human effort, including preparing inputs and reviewing output
  • Number and type of corrections
  • Errors found before use and any overrides
  • Cases rejected or returned to the manual process
  • Whether the final output met the agreed quality threshold

NIST recommends evaluating AI in conditions similar to deployment and comparing performance with relevant non-AI approaches, including human manual-performance benchmarks. It also identifies errors, negative impacts, response time, and overrides as useful measures to track. NIST AI RMF Playbook — Measure

Set the pass condition before the pilot starts. A reasonable internal rule might be: retain the workflow only when total time decreases, required quality checks are completed, no unacceptable error category appears, and reviewers are not carrying an unsustainable verification burden. The precise threshold is a management decision that should reflect the task’s consequences and your organization’s standards.

If the pilot fails, that is useful evidence—not a reason to weaken the controls. Narrow the scope, improve the input template, revise the output format, select a different task, or keep the manual workflow.

A practical next step

Choose one recurring task with clear inputs and a low consequence of error. Baseline five to ten representative cases, define the reviewer and checks, and test an AI-assisted intermediate-output version on a comparable set. Review the total time, rework, and error record with the person accountable for the workflow before deciding whether to expand it.

Editorial note: This article should be reviewed and approved by a human editor before publication.

More information

This week, select one bounded recurring task, document its current steps and timing, and run a small human-reviewed pilot before making AI part of the standard process.