Operational Intelligence: How FAQ Ally Surfaces What Needs Attention

FAQ Ally Operational Intelligence evaluates structured business records to detect contracts, ownership gaps, security risks, service desk issues, and more, then verifies findings before they reach dashboards, digests, and alerts.

FAQ Ally answers questions from your trained documents. Operational Intelligence goes further: it watches the structured records extracted from those documents and surfaces conditions that need attention before someone thinks to ask.

It is designed for operational awareness, not freeform prediction. Findings come from deterministic rules over your business evidence. Severity and recommendations are fact-backed. When evidence is incomplete, FAQ Ally abstains or routes the item for human review instead of inventing a risk score.

Q&A vs Operational Intelligence

CapabilityDocument Q&AOperational Intelligence
Primary questionWhat does our documentation say?What requires action right now?
TriggerSomeone asks in chat or Smart ToolsScheduled evaluation, data change, or on-demand run
Evidence basePassages and structured recordsStructured records plus verified relationships across domains
OutputCited answer for that questionPersistent insights with lifecycle, freshness, and delivery
Trust gateRetrieval and answer validationVerification before publication; permission checks at delivery

Teams still use chat for reactive questions such as “which contracts expire within 90 days?” Operational Intelligence runs the same class of deterministic checks on a schedule and when your data changes, then keeps findings visible in the Operational Intelligence feed until they are resolved, expire, or are dismissed.

Where the Evidence Comes From

Operational Intelligence does not invent a second data store. It uses the same structured records FAQ Ally extracts during training: policies, contracts, invoices, tickets, assets, access entitlements, vulnerabilities, projects, and related operations rows, when those document types and training choices support them. See Business Data Intelligence for how extraction and review work.

Cross-domain findings also use relationship evidence: for example, whether spend is linked to a contract, whether a vendor renewal sits next to open incidents, or whether a change is linked to an incident. Relationships must be present in the trained graph. FAQ Ally does not treat loose name matches as authoritative joins.

  • Train documents: Upload policies, contracts, exports, runbooks, inventories, and similar sources.
  • Review structured rows: In Knowledge Hub, open BQE Data to inspect and approve records before they drive answers or insights.
  • Inspect connections: Knowledge Map and Connected Evidence help teams see sources and relationship paths outside chat.

How FAQ Ally Handles Operational Intelligence

Each insight type has a fixed definition: what condition to look for, which evidence is required, how severity bands are computed, and what optional next-step guidance is allowed when ownership and basis fields exist.

  1. Evaluate: FAQ Ally computes candidates from structured records and relationship paths. Evaluation is deterministic: there is no LLM inventing severity or risk scores.
  2. Verify: Candidates pass an evidence verification step before they become published insights. Incomplete coverage leads to review, abstention, or suppression, not a polished-looking guess.
  3. Publish with stable identity: An insight is keyed by company, insight type, affected entity, scope, and time window. Version hashes update the same record instead of creating duplicates when the underlying evidence changes.
  4. Manage lifecycle: Insights move through detected, verified, active, resolved, expired, dismissed, and archived states. Teams can resolve, snooze, dismiss, or reopen. When a condition clears and evaluation scope is complete, FAQ Ally can auto-resolve absent findings.
  5. Present with trust context: The feed shows severity, ownership, evidence, freshness (generated, last verified, next evaluation), operational confidence, relationship path, and evaluation history where available.
  6. Deliver by policy: Delivery Administration decides who receives email and when. Intelligence detection and email routing are separate: notifications never recompute findings or invent claims.

What Happens to Findings

Operational Intelligence feed

Verified insights appear in the in-product Operational Intelligence experience, grouped by categories such as Policy Governance, Compliance, Financial, Contracts, Assets, Security & Access, Service Desk, Cross-Domain Risk, Projects, and Portfolio. Permission checks run at read time so recipients only see what they are allowed to see.

Admin review queue

Findings that need human review stay on the dashboard review path by default. They are not emailed or alerted until verification and delivery policy allow it.

Email and digests

Administrators configure delivery policies with internal recipients (user, role, department, insight owner, or entity owner). Policies control severity routing, immediate vs scheduled digest delivery, and which evidence sections may appear in email. Test deliveries are isolated from production history. Digests use fixed time windows so the same digest is not sent twice.

Unrouted critical coverage

When Critical or High insights have no matching active delivery policy, Overview surfaces that gap so administrators can close coverage without silent misses.

Reactive chat and Smart Tools

The same operational question patterns remain available in chat. For example, “what requires attention?” or “which systems lack runbooks?” return deterministic structured answers with evidence, alongside the proactive feed.

Insight Portfolio FAQ Ally Can Evaluate

The portfolio is extensible. Current catalog coverage includes permanent insight IDs across these areas when matching records and relationships exist:

Policy governance and compliance

  • Policies without owners, overdue for review, or missing required approval
  • Compliance control gaps

Financial and contracts

  • Spend month-over-month increases and vendor concentration risk
  • Spend without a linked contract, or spend that exceeds contract value
  • Contracts expiring, renewals without approval, vendors without an active contract
  • Contractual obligations overdue

Assets and security

  • Systems without owners or runbooks
  • Unsupported software in use, unused license capacity, critical systems without recovery plans
  • Privileged accounts without MFA, critical systems without recent access reviews
  • Critical vulnerabilities overdue for remediation

Service desk, change, and projects

  • Aging critical ticket backlog, resolution trends, recurring incident patterns, critical SLA breaches
  • Vendor renewals with unresolved incidents; changes linked to incidents (correlation, not assumed causation)
  • Project milestones overdue

Portfolio health

  • Operational Health Summary aggregates verified active insights into a reproducible portfolio view of how healthy the portfolio looks and why, without replacing per-finding detail

When Evaluations Run

  • Scheduled: A dispatcher checks insight schedules on a frequent tick. Cadence varies by type: for example hourly for many service desk checks, every few hours for financial and contract types, daily for many asset and security types, and weekly for some policy and compliance checks.
  • On data change: Updates to structured records, relationship rebuilds, and document retraining can trigger relevant insight types after debounce, so findings stay aligned with current evidence.
  • On demand: Administrators can request evaluation runs from the product when they need an immediate refresh.

Material-change rules decide when a resolved insight should reopen. A version hash change alone is not enough; the condition itself must become material again.

Trust Boundaries

  • Deterministic evaluation: Rules and thresholds live in code definitions, not in generative prompts.
  • Verification before publication: Only verified insights are eligible for proactive feed, digest, and alert paths by default.
  • Review recommended stays dashboard-only: Items that need human judgment do not auto-email.
  • Abstain when evidence is missing: For example, spend-without-contract abstains when the contract may simply not be ingested yet; policy review gaps abstain when there is no reliable review anchor.
  • Correlation is labeled as correlation: Change-linked-to-incident findings do not claim the change caused the incident.
  • Delivery does not invent intelligence: Email templates render published insight content and allowed evidence sections only.
  • Human decisions remain human: Finance, legal, security, and compliance actions still require people. FAQ Ally surfaces candidates and evidence; it does not replace ownership or approval authority.

How This Fits the Broader Stack

Operational Intelligence sits on top of FAQ Ally’s structured knowledge stack:

  1. Documents are trained and searched (including Extended RAG where deployed).
  2. Typed business records are extracted and reviewed (structured data + AI search).
  3. Relationships connect entities across domains.
  4. Operational Intelligence evaluates conditions against that evidence.
  5. Verification and delivery policies decide what is published and who is notified.

The result is a move from trusted Q&A toward trusted operational awareness, still grounded in your documents and records, still reviewable, and still permission-aware.

Limits

Coverage depends on what you train and approve. Insight types that need tickets, MFA evidence, recovery plans, or contract links will not fire usefully until those records exist. Cross-domain joins require explicit relationship evidence. High-stakes decisions still need human verification of sources and context.

Related: Business data intelligence | Structured data + AI search | Why document chatbots fail on numbers | Beyond RAG | How to verify AI answers | Trusted AI vs generic AI | AI contract search