Approval workflows can take many forms. In fact, just about any process involving users with distinct roles and permissions can involve some element of approvals. Despite this, many teams struggle to manage approvals in a consistent or coordinated manner.
This can have huge implications, as how we handle approval workflows has an outsized impact on efficiency, security, compliance, and other important factors across the organization.
Today, we’re diving deep into everything we need to know about managing request and approval workflows effectively.
Specifically, we’ll be covering:
- What is an approval workflow?
- Examples and use cases
- Tools for managing approval workflows
- Goals and KPIs for approval systems
- How to build an automated approval workflow
Let’s start with the basics.
What is an approval workflow?
In the simplest terms, an approval workflow includes any task or process where one type of actor submits a request that must be authorized by another actor. We’re deliberately using the general word actor here because either one can be a human user, a software system, or, increasingly often, an AI agent.
The request might be to access a resource, take an action, or perform some other task that they don’t have the authority to do without this additional layer of control.
Therefore, an approval workflow is initiated when a request is submitted, and completed when it has been approved, denied, or escalated.
Naturally, there are important variations within this definition.
The key context here, though, is that most routine or repetitive approval workflows are governed by defined workflow logic. That is, there are criteria in place that determine when a request should be approved.
The primary goal of an approval workflow is to enforce this logic in a systematic, repeatable manner, to enable us to govern how and when resources are accessed and actions are taken across the organization.
Alternatively, approval workflows might also concern requests that aren’t routine or repetitive. So, a user might need to seek approval for an uncommon action, where defined authorization rules aren’t in place, and discretion must be exercised by whichever actor is responsible for the relevant tools or resources.
In these cases, effective approval management is still critical, including documenting outcomes, enabling auditing, and other key compliance tasks.
Why do we need approval workflows?
With a high-level understanding of what approval workflows are in generic terms, we can move on to thinking about why request and approval management is so fundamental to all kinds of business processes.
There are countless reasons we might need to enforce rules for how different requests are authorized, including relating to security, compliance, resourcing, and other factors. However, we’re concerned with the workflow management steps we put in place to enforce these rules, not the rules themselves.
As we hinted at earlier, the core goal here is to ensure that our rules are applied consistently. At the most basic level, this means ensuring that requests go through proper authorization channels, as well as providing a record of how decisions are taken.
This provides a number of benefits across security and compliance issues, including preventing unauthorized access, providing audit logs, and ensuring governance within a wide range of workflows.
Approval management also supports data centralization. For instance, by eliminating the use of more informal channels for requesting authorization, such as instant messaging.
Besides this, managing requests can be hugely time-consuming. This includes the time spent actually assessing and managing incoming requests, as well as the potential delays experienced by requesters.
Therefore, another key goal of approval management is to maximize efficiency, both in terms of the admin hours that are required to enforce business logic and the speed with which end-users receive resolutions to their requests.
Examples and use cases
So far, we’ve only talked about approval workflows in generic terms, including high-level requests, decisions, and authorization.
To put this into practice, we can begin to think about some of the most common specific approval workflows that are present in most organizations. Of course, as approval steps could be present in just about any workflow, trying to provide a comprehensive list of use cases wouldn’t be helpful.
Rather, we should consider the most important types of approvals, including with relation to the types of requests they concern and the authorization criteria we’ll employ, along with illustrative examples of these. It’s also worth noting that there’s a reasonable amount of overlap between these.
One cluster of use cases that we’ve touched on already is access requests. This includes any situation where a user or another actor needs to be granted access to a resource, such as a software tool, document, data set, or hardware device.
Typically, these kinds of requests are governed by a combination of security rules and availability. For example, when a user needs to access a software tool, we might have authorization rules based on the user’s role and how this relates to the tool in question, as well as the number of licenses we have available and the cost of provisioning these.
A number of common approval workflows also relate to users’ existing entitlements. This includes processing the likes of vacation requests or expense claims. For example, to approve a vacation request, we’ll often only need to confirm that the employee has enough leave remaining.
Many of the most common types of approval workflows surround assessing and managing risk, especially where requests deal with something other than defined internal services. Approval criteria here are generally based on the potential costs and impacts associated with individual requests.
The best example of this is within change request workflows. These deal with how proposed changes to our IT environment are assessed, authorized, and logged. Generally, these are categorized based on their potential risks.
So, routine, low-risk changes may be essentially pre-approved, while higher-impact requests will require varying levels of assessment, planning, and scheduling, depending on their associated costs and risks, potentially including several layers of approvals.
Tools for managing approval workflows
With a strong grasp of what approval workflows are, what they achieve, and some of the most common examples of authorization logic we might need to enforce, we can move on to examining some of the specific systems that can be leveraged to manage these.
As we hinted at earlier, actors within approval workflows can be both human users and software systems. Therefore, as we check out the kinds of tools that we can use for managing approval workflows, it’s important to remain conscious of this, especially the issue of human/AI interactions.
Here are the broad categories of solutions we might implement.
Approval apps
First up, we have dedicated approval apps. These are internal tools specifically deployed to handle approval requests. So, they’ll typically consist of tools for submitting requests, as well as enabling approvers to view, assess, and respond to these.
As such, a very basic approval app might center around a form UI for submitting requests, and an admin panel for approvers to manage these. The goal is to provide a centralized platform for managing the state of requests as they progress through their lifecycle, including for multi-stage approvals.
On top of this, we’ll generally see functionality for actioning any downstream actions that are required for processing an approval or denial, including updating the original request record or triggering actions in external systems via API calls and WebHooks.
Ticketing systems
Many approval workflows are also handled via wider ticketing and service request management platforms. One clear benefit of this is allowing request intake through the same channels we use for our wider support and service management.
That is, end-users don’t need to seek out a specific form for individual request types.
Depending on a few factors, including the complexity of our approval workflows and the capabilities of the ticketing system we’re using, we might either handle the request lifecycle within this, or create a record in a separate system.
Automations
Naturally, automation also plays a critical role in managing approval workflows. One aspect of this that we’ve touched on already is triggering fulfillment actions, so that admin users don’t need to do this manually.
Similarly, automations are widely used for basic admin tasks, including notifying stakeholders when requests are submitted or their state changes.
Importantly, we can also automate approval or rejection decisions. For example, automatically approving requests for low-risk resources, provided certain conditions are met, while retaining human approval gates for more serious requests.
AI agents
Lastly, an ever-growing number of teams are utilizing agentic AI for managing approval requests. Agents can combine many of the strengths of the other approaches to approval management that we’ve seen so far.
For example, natural language processing enables us to accept requests via chat-based experiences, giving users a centralized, intuitive experience for submitting all kinds of internal requests and queries.
Agents are also highly effective for request triage and categorization, as well as automating low-risk approvals, while routing more complex issues to human reviewers.
Take a look at our Agents overview to learn more.
Goals and KPIs for approval systems
Before we check out the specific steps we can follow to build an automated approval workflow for ourselves, we’ll turn our attention to how we can measure our success here.
Of course, the most obvious goal of any kind of workflow management is cost reduction. Specifically, in terms of the number of hours saved while assessing, approving, and fulfilling requests.
In addition to this, we can also consider broader service quality metrics, including average time-to-resolution and first-time-resolution rates.
Accuracy is also a critical factor here. That is, the central goal of approval workflows is to consistently enforce business rules for how and when users can access certain resources or perform certain actions.
Therefore, a key issue our ability to improve the efficiency of our approval workflows, while maintaining or even improving the consistency with which we can apply business logic.
Lastly, we may wish to set goals around the actual usage of our approval systems. That is, to prove value, we’ll need to demonstrate that end-users are actually going through official approval channels, and that the correct data is being logged for individual requests.
How to build an automated approval workflow
To put what we’ve learned so far into practice, we can look at a simple example of how we’d automate an approval workflow with Budibase. We can think about this at each stage of the request lifecycle.
Request intake
The first step of an approval request lifecycle is intake. This is the point at which a request is submitted. As we noted earlier, there are a few distinct channels we might use here, including forms, ticketing systems, and chat-based tools.
The primary goal here is to ensure that the correct information is collected, to enable us to apply our business logic. So, if we use form-based UIs, we’ll need suitable validation logic. If we use chat tools, we’ll need to instruct our agent to follow up if all of the required information isn’t provided in the initial request.
Either way, the core outcome is that a request record is created. This is usually assigned an open or pending status.
On top of this, the most common automations at the point of request intake often involve notifications. For example, to notify approvers that a new request requires their attention, or approvers that their request has been submitted successfully.
Triage and routing
The triage and routing stage is one of the most important parts of any request lifecycle. Essentially, this means analyzing the request to determine its nature, category, and priority before routing it to the appropriate queue or workflow.
As you might expect, automating this can work a few different ways, depending on the complexity of our routing logic.
For example, if we have a simple request form, we’ll often be able to achieve our desired routing logic using simple if/then rules on a small number of fields, such as the requested device or resource.
Alternatively, if we require more complex triage logic, such as availability checks or assessing written justifications, we’ll likely need more sophisticated automation solutions.
An increasing number of teams are leveraging AI agents to automate triage steps. This includes utilizing capabilities such as natural language processing, RAG, data enrichment, and more to handle routing tasks that would be difficult or even impossible with deterministic automation tools.
Automatic approval steps
As we noted earlier, one of the key ways that we can build efficiency into our request workflows is to entirely automate low-risk or routine requests.
This is closely related to triage and routing, both in terms of the logic we may need to enforce and the kinds of solutions we can use to do so.
So, we might utilize a combination of deterministic and agentic automations in order to determine whether or not a request meets the conditions for automatic approval.
The important difference between this and pure routing is that we’ll need to actually action the approval.
At the most basic level, this means updating the status of the original request record. Additionally, we’ll often also trigger fulfilment actions. We’ll return to this in more detail in a second.
Routing to human approvers
For requests that can’t be approved automatically, human approval gates are required. However, there are still several aspects to this that can be effectively automated.
Like with fully automated approvals, the first step here is to update the status of the original request record to mark it as requiring human attention. Naturally, we’ll also want to notify our approvers of this escalation.
We’ll then want to repeat this process when the request has a response, updating its status with their decision and notifying the original requester.
Where a request is routed to human approvers, we may also require additional automation steps, including providing extra context, summarizing data, or making suggestions for the appropriate outcome.
As with fully automated approvals, we’ll also want to automate fulfillment tasks as far as possible, including preparing required API requests for the human approver to trigger.
Automating fulfilment actions
Lastly, fulfilment actions are the tasks that are actually required to deliver the request or action that the initial approval request concerns.
For example, providing access to a software tool, booking PTO, or provisioning a hardware device.
This is most easily achieved when approval workflows concern agreed services. These are resources and actions that have clearly defined fulfilment steps.
Often, these can be automated by triggering API requests and WebHooks to the appropriate systems. For instance, booking time off for the requester in our HRIS.
We’ll also want to automate any tasks that are required for tracking and logging these actions, ensuring auditability.
The complete open-source AI workflow toolkit
Budibase is the all-in-one open-source workflow toolkit for building Agents, Apps, and Automations using any LLM, data, or API.
Take a look at our Agents overview to learn more.