Skip to content
GRC ToolingField guide

Agents Propose, Humans Decide: Trust Work Operating Model

Trust work can't be fully automated because it needs someone accountable. The propose-review-decide model keeps human judgment at the center while AI drafts.

TT
Truvara Team
July 11, 2026
6 min read

Compliance work can't be fully automated — not because the technology isn't capable, but because trust work requires someone to be accountable for the result. The operating model that solves this isn't full autonomy. It's a structured loop: the agent proposes, a human reviews, and the human decides.

Why Full Autonomy Is the Wrong Bar for Trust Work

When an AI drafts a security questionnaire response or produces a risk assessment, the output isn't the problem. The problem is who owns it. A regulator, auditor, or customer doesn't care whether a human or an agent wrote the answer — they care whether the answer can be traced to someone who stands behind it.

Full autonomy removes that trace. An agent that reads, writes, and publishes without human review produces artifacts that nobody has approved and nobody can defend. In domains where accountability is the product — compliance, audit, privacy — that's not faster. It's useless.

The right test for trust-work automation isn't "can the agent do it alone." It's "can the agent do the work in a way the human can still own."

The Propose → Review → Decide Model

The alternative to full autonomy is a structured approval lane that preserves accountability at every step:

StepWho actsWhat happens
ProposeAgentReads the workspace, drafts the artifact, attaches citations to every claim
ReviewHumanReads the proposal, checks citations, edits or rejects unclear items
DecideHumanAccepts the proposal as the official record, or rejects and gives direction

The agent never publishes. It proposes. Nothing lands unapproved.

This is not "slow AI" — it's auditable AI. Every accepted proposal leaves a trace: what was read, what was drafted, what was changed, and who accepted it. That trace is what makes the output defensible to an auditor, a regulator, or a customer's third-party risk team.

What the Human Keeps

In the propose-review-decide model, the human retains the parts of trust work that can't be delegated:

  • Judgment — Does this control adequately mitigate the risk? Is the evidence sufficient? The agent can surface the evidence; the human evaluates it.
  • Context — The agent reads the workspace. The human reads the room — the upcoming audit, the board's risk appetite, the customer's known concerns.
  • Accountability — When the report is submitted and a regulator asks who signed off, the answer is a name, not an agent ID.
  • Scope decisions — The human decides what to include, what frameworks to target, and what level of evidence is "enough."

The key insight: in trust work, the decision is the work. The human keeps the decisions.

What the Agent Absorbs

The agent handles the repetitive, high-volume tasks that currently consume most of a team's cycles:

  • Reading — Scanning policies, evidence files, risk registers, and framework requirements to extract relevant context.
  • Drafting — Producing the first version of an artifact — policy document, questionnaire answer, risk-treatment proposal — with citations to source material.
  • Filling — Populating structured grids: risk registers, evidence trackers, answer libraries, statements of applicability.
  • Mapping — Cross-referencing controls across frameworks so the same evidence supports SOC 2, ISO 27001, and NIST CSF without re-entry.
  • Summarizing — Condensing findings, control status, and evidence freshness into a readable format for review.

Each of these tasks exists in every trust-work cycle. They're not the hard part — they're the part that repeats. The agent absorbs the repeating so the human can focus on the deciding.

Why This Matters for Auditors and Regulators

The propose-review-decide model produces a defensible chain that auditors can follow:

The agent read this evidence → drafted this claim → cited this source → the owner reviewed and accepted it.

Each step is logged. There are no orphan statements — claims with no traceable source — because the agent marks unsupported answers as "Not Provided / no source found" rather than fabricating one. The reviewer sees every gap, closes it or accepts it, and the log records the decision.

This is verifiable. That's the difference between automation that a practitioner trusts and automation that's just fast.

FAQ

Does this mean I have to review every line the agent writes?

You review what the agent proposes. How closely depends on the artifact's stakes — a vendor questionnaire going to a customer gets a full review; a draft evidence summary for internal planning might need a skim. The model scales to the risk level.

What if the agent gets something wrong?

The agent surfaces its sources. If a claim is wrong, the reviewer can trace it to the cited document, correct the interpretation, or reject the proposal. The pending-change workflow is designed to catch errors before anything becomes official.

This sounds slower than having the agent just write the whole thing.

The agent absorbs the majority of the writing work — the reading, drafting, and filling. The human reviews what matters: the claims that go to a customer, auditor, or regulator. Total cycle time drops, but more importantly, the output is defensible.

Can't I just have the agent publish and check it afterward?

You can. But post-hoc review misses what makes trust work trustable: the chain of decision. An auditor who asks "who accepted this?" wants the answer at the moment of acceptance, not "someone looked at it later."

Is the propose-review-decide model specific to Compass, or is it a general pattern?

It's a general pattern that Compass implements natively — the agent reads your workspace, drafts artifacts with citations, and proposes them as pending changes for human review. The model itself applies wherever trust work needs both AI speed and human accountability. For more on why this matters compared to general-purpose chatbots, see Compliance Needs a Harness, Not a Chatbot.


When the work is drafted, cited, and proposed, someone still has to decide. Compass by Truvara implements this model natively: the agent reads your workspace, drafts artifacts with citations, and presents them as pending changes for review. It never silently turns a proposal into truth — every output requires a human accept or reject before it becomes the record. Watch Compass work.


TT

Truvara Team

Truvara