Dictionary

Approval workflow

An approval workflow routes a request to the people who must sign off before it takes effect. A purchase, an expense, a data change, or an action suggested by automation waits at a checkpoint until a named person approves or rejects it, and the decision is recorded for later.

What is an approval workflow?

An approval workflow routes a request to the people who have to sign off before it takes effect. A purchase order, a change to supplier bank details, or an action proposed by an AI agent waits at a checkpoint until a named person approves or rejects it. Only then does the process continue.

It is more than a notification, which only tells you something happened. An approval workflow asks for a decision and holds the work until it arrives. Most run on ordinary process automation, with a tool like Power Automate or a dedicated workflow engine handling the routing and write-back.

What makes an approval workflow real

The idea is simple; the details decide whether it works. A workable one settles:

  • Who approves. One person, a group where anyone can respond, or one where all must, named directly or by a role like the requester's manager.

  • In what order. Sequential, one approver at a time, each responding before the next; or parallel, all at once, deciding independently. Sequential is slower but shows each approver that the last one agreed.

  • Which threshold applies. The amount or risk usually decides who signs off: a small expense passes automatically, while a 12,000 euro purchase climbs from the budget owner to the finance director.

  • Cover for absence. On holiday, an approver's requests should reassign to a stand-in or an out-of-office delegate, not sit unread for two weeks.

  • A timeout and escalation. A reminder and a path to the next person up, so the queue does not stall.

  • An immutable record. Who approved, when, and which version they saw. That record is the audit trail, and it is why the whole thing is worth building.

The control behind it: segregation of duties

Approval workflows enforce a principle older than any software: segregation of duties, or the four-eyes principle. No single person should both start a sensitive action and approve it, so whoever requests a payment is not the one who releases it.

Take a change to a supplier's bank account. The clerk who enters a new account number must not be the one who approves it; a second, independent reviewer confirms it before the next payment run, which stops a fraudulent "we changed banks" email from redirecting a real payment. The same logic covers customer-data access and anything an AI agent proposes but should not run alone, known as human-in-the-loop.

What to watch out for with approval workflows

The failure mode is rarely a missing approval; it is an approval that adds friction without lowering risk. Rubber-stamping is the classic case: an approver facing fifty requests a day approves them all, so the control exists on paper only. A step that everyone always approves is also a delay dressed up as a control. The fix is fewer, better-aimed approvals: automate the routine, route only real risk or exceptions to a person, and before adding a step ask what decision it changes.

Keep the record honest too. Approval by a loose email or a verbal "go ahead" is weak the day you must prove what happened, so the decision has to land back in the system against the version signed off.

Last Updated: July 10, 2026 Back to Dictionary
Keywords
approval workflow segregation of duties four-eyes principle Power Automate workflow engine process automation human-in-the-loop audit trail business process automation data governance