Scenario 1: The New "Game Changer" Agent

A QxAIOps Workshop Scenario

The production team has developed a new AI agent that automatically reviews batch manufacturing records to identify potential GMP deviations. They would like to deploy the agent within the next month and believe this will significantly improve productivity and reduce review backlog.

They claim the system will:

Reduce QA Review Time

By 70% through automated review of batch manufacturing records

Automatically Flag Issues

Missing entries, calculation errors, and out-of-range results

Provide Compliance Summary

A summary of potential compliance issues for QA review

What the Production Team Tells You

During the meeting they explain:

  • The agent was built using Microsoft Copilot Studio.
  • It reviews PDF exports of batch records.
  • It was tested on 10 historical records and "worked well".
  • The prompts include reference SOPs to help guide the AI.
  • QA will still make the final decision, so they believe validation is minimal.

They ask QA to approve rollout.

Mapping Scenario Issues to QxAIOps Principles

This scenario contains a number of subtle compliance traps designed to trigger the right discussions. Below are the first four issues mapped to their relevant QxAIOps principles.

Issue 1

Uncontrolled SOP Versions Provided to the Agent

Examples include: Draft SOP · Superseded SOP · Uncontrolled training document

Relevant Principle — Controlled Inputs: AI must only operate on controlled, approved documents. AI cannot determine document validity, and an incorrect SOP leads to incorrect reasoning.

Secondary Principle — Quality System Governance: Controlled document management must remain inside the QMS.

Issue 2

Batch Records Provided as PDF Exports

Examples include: Exported PDF instead of system-of-record · Potential loss of metadata

Relevant Principle — Controlled Inputs: Inputs must originate from a trusted system of record. QA should ask: Are PDFs complete? Is the export validated? Can records be altered?

Secondary Principle — Transparent Outputs and Traceability: Traceability requires knowing exactly what data was analysed.

Issue 3

Insufficient Testing ("We Tried It on 10 Records")

Examples include: Limited testing · No performance metrics

Relevant Principle — Quality System Governance: AI-assisted processes must be risk-assessed and justified. QA should ask: What was the evaluation method? Were known deviations included? What was the miss rate?

Issue 4

The Agent Summarises Compliance Issues

Examples include: Agent interprets GMP compliance · May infer regulatory conclusions

Relevant Principle — Contextual Reasoning Task Alignment: AI is suitable for pattern recognition, comparison, and anomaly detection. AI is not appropriate for making compliance decisions. This is where scope must be clearly defined.

Issues 5–8: Governance, Change Control & Human Oversight

The following four issues address the organisational and procedural gaps that arise when AI agents are deployed without adequate governance structures in place.

Issue 5

Production Built the Agent

Examples include: Developed by operations team · QA asked to approve after development

Relevant Principle — AI is a Worker to be Governed: Every agent must have an owner, defined responsibilities, and controlled deployment. QA governance must exist before operational use.


Issue 6

SOP Updates Could Break the Agent

Examples include: Prompt references SOP text · SOP changes without agent update

Relevant Principle — Quality System Governance: Prompt logic tied to SOPs must be subject to change control. QA must ask: What happens when the SOP changes?

Issue 7

Ambiguous Human Review

Example: "QA will still make the final decision" — this is a common but vague reassurance.

Relevant Principle — Human Verification is Mandatory: Verification must be explicit, documented, and meaningful. Humans must review the reasoning, not just the summary.


Issue 8

No Clear Definition of Agent Scope

Examples include: Is it checking calculations? Detecting missing data? Interpreting GMP compliance?

Relevant Principle — Define Intended Use and Scope: The agent must have clearly defined tasks, boundaries, and known limitations.

Workshop Effectiveness: What Makes This Scenario Work

This is a very good scenario starter. It creates the right psychological setup: excitement from the business vs caution from QA. What will make the workshop effective is giving participants just enough detail to analyse, without telling them the answer.

The scenario includes a number of subtle compliance traps mapped across eight issues and their corresponding QxAIOps principles:

01

Controlled Inputs

Uncontrolled SOP versions and PDF exports instead of system-of-record data

02

Quality System Governance

Insufficient testing on only 10 records, no performance metrics, and SOP change control gaps

03

Contextual Reasoning Task Alignment

Agent summarising compliance issues — a task beyond appropriate AI scope

04

AI is a Worker to be Governed

Production-built agent with no defined owner, responsibilities, or controlled deployment

05

Human Verification is Mandatory

Vague reassurance that "QA will still make the final decision" without explicit, documented, meaningful review

06

Define Intended Use and Scope

No clear definition of whether the agent checks calculations, detects missing data, or interprets GMP compliance