AI controls framework · what we do
How Ledger Summit delivers this engagement
Each engagement runs the same Ledger Summit transition model: discover the current workflow, prove value with a controlled pilot, design controls and evidence packs, integrate with your stack, and stand up managed support so the gains compound.
The problem this solves
Finance teams are deploying AI agents for close, reconciliations, AP coding, and reporting. Auditors are pushing back: where's the documentation, where's the evidence, what stops the agent from doing something it shouldn't?
PCAOB's amendments on technology-assisted analysis (in force since 2025) make this concrete. The expectation is principles-based but real: documented design, controls scoped to the agent's actual work, evidence the controls operated, and review by someone qualified.
The Ledger Summit AI Controls Framework gives you the matrix, evidence pack template, and rollout plan to meet that bar — and to keep meeting it as agents change. It's been deployed at companies ranging from $25M ARR private SaaS to $400M PE-backed multi-entity holdcos.
What the framework includes
- Controls matrix template — per agent, by risk type, with control objective, design, and operation evidence
- Risk inventory by workflow (close, reconciliations, AP, AR, JE posting, reporting)
- Scope-limit playbook (what the agent is allowed to touch, by account/entity/threshold)
- Approval routing patterns — what requires human review, by amount and account type
- Evidence pack template — what to capture per cycle (logs, prompts, outputs, approvals)
- Change management process — how to update controls when the agent changes
- Auditor walk-through script — how to explain the controls to your audit team
- Model governance addendum — for AI/ML model risk per SR 11-7 (banks/PE) where applicable
- SOC 2 mapping — how the framework satisfies trust-services criteria for security, availability, processing integrity, confidentiality, and privacy
The five questions your auditor will ask
| Question | What good looks like |
|---|
| What is the AI agent allowed to do? | A documented scope: which accounts, entities, transaction types, dollar thresholds. Reviewed at least annually. |
| How do you stop it from doing something else? | System-enforced scope limits + secondary controls (approval routing, exception queues) for anything close to the boundary. |
| How do you know the controls operated? | Evidence pack per close: timestamped logs, prompts, outputs, reviewer sign-off. Same standard as a manual control. |
| Who reviews the agent's output? | Named reviewer with authority and competence; review documented; exceptions tracked to resolution. |
| What changes when the agent changes? | Documented change-management with re-test of controls, refreshed evidence, audit committee notification if material. |
Risk inventory by AI workflow
Each AI workflow in finance has a distinct risk profile. The framework documents the risk type, the control design that addresses it, and the evidence pattern that proves the control operated.
| Workflow | Primary risks | Key controls |
|---|
| Bank reconciliation auto-match | Mis-match, ignored exception, fraud bypass | Match-rate threshold, exception queue, fraud screening |
| AP invoice coding | GL miscode, vendor master tampering, duplicate payment | Confidence threshold, reviewer override, duplicate-detection |
| AR cash application | Mis-applied payment, customer master tampering | Confidence threshold, exception queue, master-data change log |
| Recurring JE posting | Wrong-period entry, account substitution | Period-control, approval matrix, change log |
| Variance / flux analysis | Incorrect commentary, missed material variance | Threshold flagging, reviewer commentary requirement, sample re-perform |
| Revenue recognition (ASC 606) | Modification mistreatment, allocation error, period mis-recognition | Modification queue, allocation reconciliation, daily tie-out |
| Lease accounting (ASC 842) | Schedule miscalculation, classification error | Schedule re-perform, classification reviewer, modification queue |
| Reconciliation evidence packaging | Incomplete evidence, wrong-period attachment | Cycle binding, completeness check, reviewer sign-off |
| Reporting pack assembly | Stale data, broken formula, mis-rolled-up subtotal | Data freshness check, reconciliation tie-out, reviewer sign-off |
| Model retraining / agent updates | Behavior change, regression, scope drift | Change-management gate, regression test, audit committee notification |
Control types — how the framework structures them
Every control in the matrix is classified by type, frequency, and assertion. This makes the framework a clean fit for SOX 404 testing and audit walkthrough.
- Preventive controls — scope limits, approval routing, segregation-of-duties enforcement, account-list whitelisting
- Detective controls — exception queue review, daily reconciliation, variance flagging, anomaly detection
- Corrective controls — change rollback, JE reversal, data refresh, model retrain trigger
- Monitoring controls — KPI dashboards, exception SLA tracking, change-log review, period-end completeness check
- IT general controls (ITGCs) — access management, change management, system development lifecycle, data backup
- Compensating controls — manual review for high-risk transactions, third-party verification, secondary approval
Rollout engagement
| Phase | Weeks | What ships |
|---|
| Risk inventory | 1 | Workflow-by-workflow risk register, current AI usage map |
| Controls design | 2 | Controls matrix, scope limits, approval routing patterns |
| Evidence pack design | 1 | What to capture, where it lives, how it gets pulled at audit time |
| Pilot & test | 2–3 | Run controls in production for one close cycle, refine |
| Audit readiness | 1 | Auditor walk-through script, change-management process, sign-off |
Relationship to SOX, PCAOB, and SOC 2
If you're a public company or in IPO readiness, this framework is built to plug into your SOX program — not run alongside it. If you're private, it raises the bar for due diligence and audit. Either way, the documentation standard is the same: controls scoped to the agent's actual work, evidence the controls operated, reviewed by someone qualified.
- SOX 404 mapping — controls map to ICFR objectives; control narratives and walkthroughs use SOX-standard format
- PCAOB AS 1105/2110/2410 — addresses technology-assisted analysis expectations
- SOC 2 trust services — security, availability, processing integrity, confidentiality, privacy mapped to controls
- COSO 2013 framework — control environment, risk assessment, control activities, information & communication, monitoring
- NIST AI RMF — for organizations adopting NIST's AI Risk Management Framework
What lands in the evidence pack each cycle
The evidence pack is what auditors actually walk through. The framework standardizes what gets captured per cycle so the auditor walkthrough is repeatable.
- Per-transaction trace — source data → AI processing → output → reviewer action → GL posting
- Timestamped action log — who did what, when, including AI agent actions
- Prompt and output capture — for generative AI, the prompt and the output saved with the transaction
- Confidence scores — where the AI provides a confidence/probability, capture it for threshold-based review
- Reviewer decisions — every review action with timestamp, user, decision (approve/reject/escalate), and reason where applicable
- Exception queue resolution — every exception's lifecycle from raise to resolution
- Change log — any rule, threshold, or model change with reason, reviewer, and effective date
- Reconciliation tie-outs — daily, weekly, or per-cycle reconciliations between AI output and source data
- Period-end completeness — confirmation that all transactions for the period were processed
When this framework fits
- Companies deploying AI for finance workflows — close, reconciliations, AP, AR, reporting
- $20M+ revenue with annual external audit
- PE-backed companies with sponsor due-diligence requirements
- IPO-track companies needing SOX 404 readiness
- Public companies with material AI-touched workflows
- Companies adopting Tool Box AI, Numeric, Trullion, FloQast AI, BlackLine AI, or any other finance AI
- Companies on a SOC 2 audit cycle
- Banks or financial institutions subject to SR 11-7 model risk management
Frequently asked questions
Does my AI agent really need SOX controls if we're private?
Maybe. If you're audited (most $20M+ companies are), your auditor will ask the same five questions. If you're heading to IPO, you'll need this anyway. If you're PE-backed, your sponsor will likely require it. The bar isn't 'public-company SOX'; it's 'documented controls a competent auditor would accept.'
How is this different from a generic AI governance framework?
Generic AI governance is usually written for product teams or HR. This framework is written for finance — the workflows, the auditor expectations, the SOX/PCAOB context, and the specific risk types (e.g., journal entry posting, reconciliation matching, revenue recognition) you actually face.
Can you implement this without us using Tool Box AI?
Yes. The framework is product-agnostic. We've implemented it for teams using Numeric, Trullion, DataSnipper, FloQast, and custom-built agents. Tool Box AI integrates well with the framework but isn't required.
How often do I need to re-do this?
Annual refresh of the controls matrix and risk register, plus event-driven updates when the agent changes materially (new workflow, new system, new model). The framework includes a change-management process that makes this lightweight.
Will my auditor recognize this framework?
The framework maps to PCAOB's technology-assisted analysis amendments and to common Big-4 internal audit standards. We can deliver a walk-through to your audit team as part of the engagement; most auditors are explicitly looking for this kind of documentation.
How does this work for generative AI specifically (LLMs in finance)?
Generative AI controls are layered on top of the base framework. Specific patterns: prompt and output capture for every transaction, confidence-threshold-based review routing, hallucination detection (output-vs-source consistency check), and re-perform sampling. The framework includes a generative-AI addendum.
What about hallucination risk?
Hallucination is treated as a specific risk type with specific controls: output-vs-source consistency check, confidence threshold for reviewer routing, periodic re-perform sampling, and exception escalation patterns. Auditors are increasingly asking about this; the framework addresses it explicitly.
How do you handle vendor-managed AI (Numeric, FloQast AI, BlackLine AI)?
For vendor-managed AI, the controls focus on the boundary: what data the vendor sees, what comes back, who reviews the output, and how exceptions handle. We map the vendor's SOC 2 to your control environment and supplement where the vendor coverage doesn't fully address your risk.
What does a typical engagement cost?
$45K–$120K depending on workflow scope, audit posture (SOX vs. external audit only vs. private), and entity count. Quoted after a 30-minute scoping call.
How does this interact with our cybersecurity program?
The framework includes IT general controls (ITGCs) that overlap with cybersecurity — access management, change management, data protection. We coordinate with your CISO/security team and avoid duplicating controls.
Can you handle SR 11-7 model risk management?
Yes — for banks and PE-backed financial institutions subject to SR 11-7, the framework includes a model governance addendum with model inventory, validation, monitoring, and re-validation protocols.
Related Ledger Summit work