GDPR Art. 22 assessments — how do you document human-in-the-loop meaningfully?

We're preparing for our annual GDPR audit and Art. 22 (automated individual decision-making) is the section that always gets the most scrutiny. Our compliance officer flagged that our 'human review' step for automated scoring decisions looks formalistic — reviewers click through 200+ cases per day and override <2%. The auditor is likely to argue this isn't 'meaningful human intervention' under Recital 71. We've documented the technical safeguards (feature importance reports, appeal workflow), but the human review process itself is thin. How have other teams structured their human-in-the-loop to satisfy auditors without crushing throughput? Are you using risk-tiered sampling (only humans review borderline scores), statistical spot-checks, or a full manual review for high-impact decisions? Looking for practical approaches, not legal advice. How did your last audit treat the human review step?