The following is a guest post from Sarthak Gupta, a data scientist at Amazon. Opinions are the author’s own.
Author’s note: I am writing here in a personal capacity, and the observations that follow are from external conversations rather than from my work, which is not with agentic AI.
The first time an external auditor asks your finance team to walk them through the control environment around an agentic AI system that touches financial data, something interesting will happen: It will become clear whether that investment in AI was a discipline or a decoration.
I have been watching the agentic AI buying cycle play out in enterprise this year, through industry conferences, peer roundtables with finance leaders, vendor demonstrations and conversations with internal audit teams trying to figure out their stance. The conversation I keep seeing around agentic AI in finance organizations is entirely about productivity, with almost none about audit readiness.
This will not survive the audit cycle.
The control gap most CFOs have not seen yet
When using agentic AI to draft variance commentary, propose journal entries, summarize stakeholder inputs for management reports or develop forecasts that become part of financial reporting, it is more than a productivity tool. They are now part of the financial reporting process, which raises a specific question: What are the internal controls over and within this system?
For most enterprises I hear from, the honest answer right now is, "We are figuring that out.” This is a defensible posture for six more months. It will become an audit finding sometime in 2027.
The reason for this is that auditors do not have a clean category for AI tools used in financial reporting but not formally an IT general control or an application control. They will pick the category that exposes them to the most risk as an audit firm, which means you as the deployment organization will have to defend against it. The deploying organization owns that defense.
Places where the gap shows up
Three patterns are emerging in my conversations with finance teams that, on their own, are not catastrophic; however, as they add up, they accumulate.
1. ROI is being calculated against the wrong baseline. AI vendors and internal champions claim productivity gains measured purely on a pre-AI manual process vs. post-AI process. A finance leader, though, needs to know whether the same value (or 80% of it) could not have been achieved through process redesign, simpler automation or workflow tooling and at a fraction of the cost. I have yet to see a single pitch that includes that comparative benchmark — and without it, the "AI saved us X hours" claim almost always wilts against the far simpler “automation would have captured 80% of that”.
2. Capitalization is being guessed at. Is the agentic AI deployment a capitalizable set under ASC 350-40, or is the ongoing inference cost simply an operational expense? What if the model itself updates? Is that internal-use software development? Most of the finance teams with whom I discuss this topic are guessing — and often inconsistently across lines of business. The cost (and audit findings) of remediation will dwarf the current gains.
3. Internal controls are yet to catch up with autonomous decision-making. SOX 404 requires management to assess the effectiveness of Internal controls over financial reporting. When an AI agent generates the variance commentary in a management report, what is the control? Is it the prompt that was passed? The reviewer who signed off on the monitoring of agent outputs over time? If you cannot point to a documented, testable control, you have a gap. These are not theoretical concerns. They are the questions a Big Four auditor will ask in 2027, with documentation requests attached.
Bank CFOs have lived through a version of this before. The Federal Reserve's SR 11-7 guidance from 2011 effectively forced banks to treat consequential models as governed assets with documented purposes, independent validators who did not build them, ongoing performance monitoring and clear ownership when models fail. The framework is unsexy, but examiners have audited it for over a decade and have survived multiple regulatory cycles. Most non-bank enterprises lack an equivalent baseline for AI systems to integrate with financial reporting workflows.
I do not contend that SR 11-7 should be adopted wholesale, but that the principles are enduring and will put a finance leader who draws on them in a better position when the question lands on their desk.
Before the next AI capital approval, ask these questions
For CFOs who have already approved an agentic AI initiative or are about to, these three questions are worth asking before the next budget cycle.
1. What is the audit trail? Will you be able to reconstruct any decisions your agent makes, identify the data it acted upon and produce documentation that would stand up to scrutiny? "We have the chat logs" is not an answer. Chat logs are not audit evidence in the way control documentation is.
2. Who owns the model? Not the vendor. Not the AI team. A specific person inside the organization to account for when the model exhibits unexpected behavior. If that person does not exist, the system has no owner.
3. What is the validation cadence? Just as credit-risk models in banks are revalidated annually, AI systems making consequential decisions need a scheduled review independent of the team that deployed them. If your only review is to look at it if something goes wrong, you are taking a risk you have not priced.
The framing matters. I am not suggesting CFOs slow down on AI investment. The productivity gains are real, the competitive pressure is real and the technology will be embedded in finance workflows whether finance leaders plan for it or not. But the conversation needs to shift.
The CFO's job is not to evaluate AI as a capability. It is to evaluate AI as a controlled, documented, defensible component of the financial reporting environment. Those are different evaluations, and the gap between them is where material weakness findings live. Capability is what the vendor sells. Audit defense is what the CFO inherits. The finance leaders who look prudent in 2028 are the ones treating agentic AI as a control problem first and a productivity problem second. The technology will improve. The audit conversation will not improve on its own.