A consultant at a 15-person professional services firm sent an AI-drafted proposal to a client last autumn. The draft was fast, well-structured, and almost entirely accurate. It also contained a reference to a competitor’s project, absorbed from an old document the tool had processed during setup. Nobody had read it before it went. The client called within the hour.
That outcome is predictable when AI productivity gains outpace the review habits built for slower processes. Getting the balance right is straightforward in principle, but it requires a few deliberate decisions that many owner-managed services firms have not yet made explicitly.
What does quality control mean when AI is drafting your client work?
Quality control in AI-assisted client work means deciding which outputs get reviewed before they reach a client, and who reviews them. The BCG study with 758 consultants found AI improved task quality by 40% on average, while performance dropped on tasks where consultants skipped their own checks. Speed creates output. Your review habits determine what that output costs you.
For any AI tool in your workflow, ask yourself: what would I need to check to be confident this output is right? That is a harder question than a skim read answers, and it is the one that keeps errors from reaching clients.
The UK Government AI Playbook makes the same point in a regulatory register: AI systems are probabilistic rather than deterministic. Treat them as assistants with a strong track record on certain tasks and a recognised blind spot on others, and build your review habits around the blind spots.
Why does this matter more for owner-managed businesses than large companies?
Larger firms have compliance teams and review layers that survive when staff adopt new tools. Owner-managed services firms typically concentrate review responsibility in a small number of senior people who are already stretched. When AI accelerates the volume of output, that person is handed more to check, faster. Without a deliberate decision about what stays reviewed and what does not, quality controls erode quietly.
Cisco’s 2023 Data Privacy Benchmark study found 61% of employees using generative AI at work, with only 27% reporting a clear employer policy. That pattern cuts across firm size. In an owner-managed services firm, a single client complaint from an AI error lands directly on the person who signed the contracts and guarantees the relationship.
Clients are beginning to ask directly, too. KPMG’s 2023 CEO Outlook found 81% of UK CEOs would only adopt generative AI if they could trust it. Procurement teams at larger organisations already include AI governance questions in supplier reviews. Being able to answer clearly about how you use AI on their work, and what checks you run, is becoming a commercial expectation rather than a differentiator.
Where in a services business does quality actually fail?
AI performs well on bounded tasks: meeting notes, internal summaries, first drafts of documents where format matters more than judgement. Quality failures cluster at the boundary where AI handles client-facing work that requires context or professional accountability it cannot carry. The four areas where errors reach clients are legal and contractual positions, financial analysis, advice carrying professional liability, and communications drafted without checking the client’s actual context.
The Air Canada ruling from early 2024 is the example risk professionals reach for most readily. The British Columbia Civil Resolution Tribunal found the company liable after its customer service chatbot gave misleading information about bereavement fares. The liability traced back to a process that allowed an AI system to communicate policy positions to customers without human oversight.
For a professional services firm, the parallel is direct. If an AI-drafted proposal carries a fee schedule, a regulatory reference, or a scope limitation that is wrong, the firm owns that. The NCSC guidance is explicit: staff should not input sensitive information into public generative AI tools, and outputs carrying legal, financial, or contractual weight require human review before reaching clients.
A practical starting point is a short list of which categories of client output require a named person’s approval before they leave the building. That list is your first quality control.
When does AI output need a human check, and when can it run without one?
The UK Government AI Playbook says AI systems are probabilistic rather than deterministic, and should be treated as assistants rather than oracles. For a services firm, the working rule is that human review is mandatory for anything carrying professional liability, anything referencing client-specific data, anything with legal or contractual effect, and anything going to a client under your name. Internal work where an error means a correction can run lighter.
The ICO’s guidance on AI and data protection is directly relevant here. Feeding personal data into external AI services counts as data processing under UK GDPR, which requires a lawful basis, purpose limitation, and security controls. For client work involving personal data, tools with clear data residency policies, such as Microsoft Copilot or Google Workspace AI, carry lower risk than public generative AI services because prompts are not typically retained for model training.
The EU AI Act, which applies to providers and users serving the EU market, requires effective human oversight for high-risk applications. Even if your firm is not directly subject to it today, the direction of regulatory travel is towards more accountability. Planning for it while your AI use is still small and auditable is considerably easier than retrofitting controls after the processes have scaled.
What makes more difference than the tool you choose?
Microsoft’s Copilot research found that users who received training on AI limitations reported 11 percentage points higher productivity gains than those who did not. The BCG consultant study found that participants guided on when not to use AI made fewer errors than those who went unguided. In both cases the gain came from training and shared norms, not from a different platform. A 90-minute internal session will do more for quality than switching tools.
Alongside training, a one-page AI policy is the second practical control. The Scottish AI Playbook and the UK Government’s Central Digital and Data Office guidance both recommend a simple policy covering approved tools, banned uses, data handling rules, and review requirements. Modelled on an existing data protection or social media policy, it takes an afternoon to write and makes review expectations explicit rather than leaving them to individual judgement each time.
The third lever is piloting before scaling. The UK Government AI Playbook recommends starting with low-risk use cases, setting quality metrics such as error rate, rework time, and client complaints, then expanding only what passes your own thresholds. For a 10-to-50-person services firm, that means starting with internal drafts and meeting notes, measuring outcomes for 60 days, and then moving to client-facing work once review habits are established.
None of this requires a technology programme. A decision about which outputs need review, written down and followed consistently, is where quality control in AI-assisted client work actually begins.
