Workflow Responsibilities and Automation Risks

Note: Compose is only available for Beta testing. See Welcome to UKG Compose > Beta Disclosure for more information.

This page helps you understand what makes workflow automation powerful—and why that power requires thoughtful design and testing. We want you to succeed with Compose, which means being aware of what workflows can do and planning accordingly.

Understanding Your Responsibility

You are solely responsible for any workflows you create and publish. Workflows can create, update, or delete data in production or connected systems, and these changes may be irreversible. UKG does not review or approve your workflows. Review and validate your workflows thoroughly before publishing.

What Makes Automation Different

When you publish a workflow, you're creating automation that runs without human review for each execution. This is powerful—it saves time and ensures consistency—but it also means errors can scale quickly.

A workflow that runs once might work perfectly. The same workflow running hundreds of times can amplify mistakes before anyone notices.

Think of it this way: if a person makes a mistake updating one employee record, they usually catch it. If a workflow makes that same mistake across 500 employee records overnight, you may not discover the problem until significant damage is done.

Workflows execute exactly as designed. They don't apply common sense, recognize unusual situations, or pause to ask "does this seem right?" They follow your logic—even when that logic is flawed or the situation has changed.

What Workflows Can Do

Change Production Data

Workflows can create, update, or delete employee records, compensation data, timecards, benefits enrollments, and more. These changes may trigger downstream effects in payroll, benefits, or external systems.

What this means for you: Test data changes thoroughly in non-production environments. For high-impact changes (compensation, terminations, bulk updates), add approval steps and monitor execution results closely. Have a plan for correcting errors if they occur.

Send Communications

Workflows can send emails, notifications, and messages to employees, candidates, or managers—individually or in bulk. Once sent, you can't unsend them.

What this means for you: Review message content carefully. Test with a small audience first. Validate that your recipient logic is correct (you don't want to send a termination notice to the wrong person). Monitor for unexpected communications after publishing.

Influence Employment Decisions

Workflows can screen candidates, calculate compensation adjustments, route approval requests, or trigger onboarding processes. Employment-related workflows carry legal risk if not designed carefully.

What this means for you: Never fully automate employment decisions without human review and approval. Test decision logic for unintended bias. Apply your organization's HR policies. Consult with HR and Legal before building employment-related workflows. Document decision criteria and maintain audit trails.

Integrate with External Systems

Workflows can call APIs, create tickets in ServiceNow or Jira, send data to third-party services, or trigger processes in partner systems. External actions may be irreversible and can trigger additional downstream effects.

What this means for you: Understand what data you're sending externally. Coordinate with external system owners before publishing. Test external integrations thoroughly. Monitor for failed or duplicate external actions.

Process Sensitive Data

Workflows can access personal information (PII), payroll data, health information, recruiting records, and performance data. This data may be subject to privacy laws or regulatory requirements.

What this means for you: Only access the data your workflow actually needs. Apply your organization's data privacy and security policies. Don't log or retain sensitive data unnecessarily. Understand which regulations apply to your data (GDPR, CCPA, employment law, etc.) and consult with Legal or Compliance teams for workflows handling regulated data.

Use AI or External Processing

Workflows can send data to AI services or language models for summarization, analysis, or content generation. AI outputs can be unpredictable, biased, or incorrect. Data sent to AI services may leave your organization's control.

What this means for you: Never rely solely on AI for employment decisions. Review AI-generated content before sending it to employees or candidates. Understand where data goes when using AI nodes. Apply your organization's AI usage policies. Test AI outputs for bias and accuracy.

When Automation Multiplies Risk

Workflows run repeatedly. A small logic error becomes a widespread data quality issue when the workflow runs hundreds of times.

Workflows run without oversight. Once published, they execute automatically until someone notices a problem. Errors can compound over days or weeks.

Workflows combine multiple actions. A workflow that reads data, makes decisions, updates records, and sends notifications has multiple points of failure. One step might succeed while another fails, creating partial execution issues.

Your Policies Still Apply

Workflows don't exempt you from your organization's existing policies and procedures. If an action would normally require approval, go through change control, or need legal review, your workflow should include those same safeguards.

Before publishing a workflow, ask:

Would this action normally require approval? (Add approval steps to your workflow)
Would a person doing this manually need to check compliance? (Build those checks into your workflow)
Would this normally be reviewed by HR, Legal, or IT? (Get that review before publishing)

How to Build Workflows Successfully

Start small and test thoroughly

Build one workflow at a time. Test with realistic data in non-production environments. Test all branches, error paths, and edge cases. Have someone else review your workflow logic. Publish to a small scope first, monitor results, then expand.

Add appropriate controls

For high-impact workflows, add approval steps, validation checks, and error handling. Include notifications when critical actions occur. Log enough information for troubleshooting, but don't log sensitive data unnecessarily.

Monitor after publishing

Review execution history regularly. Watch for failed or unexpected executions. Validate that downstream changes are correct. Deactivate immediately if problems occur.

Document and get help

Document what your workflow does, what data it accesses, and any compliance considerations. Consult HR before automating employment processes. Consult Legal before automating compliance-sensitive actions. Coordinate with IT before integrating with external systems.

When Things Go Wrong

If you suspect a workflow is causing problems, deactivate it immediately. Then assess the scope of impact, document what happened, correct any data or actions, fix the workflow logic, and re-test thoroughly before re-publishing.

Don't blame "the system" for workflow errors you designed. Notify affected stakeholders promptly. Implement corrective actions and learn from mistakes to prevent recurrence.

Remember: Publishing a workflow doesn't transfer responsibility. You remain responsible for the logic and decisions embedded in your workflow, the accuracy of data changes, the appropriateness of communications sent, and compliance with applicable laws and policies.