checklistchecklists9 min read

Finance AI Agent Compliance and Audit Checklist

A compliance and audit readiness checklist for AI agents in finance workflows — covering data governance, permission controls, audit trail requirements, human approval gates, model validation, and incident response.

Use case: Compliance and audit readiness checklist for AI agents in finance workflows

Checklist objective#

AI agents in finance workflows operate in a higher-stakes environment than agents in most other business functions. Errors can affect financial statements, regulatory filings, and audit outcomes. This checklist ensures that any AI agent deployed in a finance context meets the data governance, access control, audit trail, and oversight requirements that internal audit, external auditors, and regulators will expect.

This checklist is designed to be completed before an AI agent accesses financial data in production. It should be reviewed annually and updated when agent capabilities, data sources, or regulatory requirements change.

Section 1: Data governance (6 items)#

  • [ ] Data classification completed. All data sources the agent accesses are classified by sensitivity level (public, internal, confidential, restricted). The agent has access only to data at or below its approved classification level.
  • [ ] Data minimization applied. The agent is configured to access only the specific fields and records it needs for its defined function — not entire tables or databases. Read access to sensitive financial data is scoped to the minimum required.
  • [ ] Data retention policy applied to agent outputs. Reports, summaries, and analysis outputs generated by the agent are subject to the same retention schedules as manually-produced equivalents. Automated outputs are not exempt from retention requirements.
  • [ ] Data residency requirements satisfied. The AI agent platform and any third-party AI model API (OpenAI, Anthropic, etc.) processes data in jurisdictions compliant with the organization's data residency requirements. Written confirmation of this from the vendor is on file.
  • [ ] PII handling policy applied. If the agent processes data containing personally identifiable information (employee data, vendor banking details, customer billing records), PII handling controls are in place and documented.
  • [ ] Data processing agreement in place. A data processing agreement (DPA) or equivalent legal instrument exists with the AI platform vendor, covering the categories of financial data the agent processes.

Section 2: Agent permission controls (7 items)#

  • [ ] Read-only access enforced where write is not required. Agents that analyze or report on financial data have read-only database and ERP access. Write permissions are granted only where the agent's defined function explicitly requires them.
  • [ ] Write permissions scoped to specific fields. Agents with write access to financial systems are permitted to update only the specific fields their function requires. No agent should have unrestricted write access to an ERP, general ledger, or banking platform.
  • [ ] No agent has payment initiation authority. No AI agent is permitted to initiate, approve, or authorize financial payments, wire transfers, or ACH transactions. Payment initiation requires multi-party human authorization.
  • [ ] Privileged access review completed. All service accounts and API keys used by finance agents have been reviewed and approved by the IT security team. Orphaned or over-permissioned credentials have been revoked.
  • [ ] Access provisioning and de-provisioning process documented. There is a written procedure for granting access to new finance agents and revoking access when agents are decommissioned or when their function changes.
  • [ ] Segregation of duties preserved. The agent does not combine functions that would violate segregation of duties requirements if performed by a single human (e.g., an agent should not both record a transaction AND approve the related payment).
  • [ ] Break-glass access procedure defined. There is a documented procedure for emergency access to agent credentials and configurations by authorized personnel in the event of an incident requiring immediate intervention.

Section 3: Audit trail requirements (5 items)#

  • [ ] Complete input-output logging enabled. Every agent run logs: timestamp, input data snapshot or reference, AI model version, prompt version, output generated, and any tool calls made (ERP queries, API calls, file reads/writes).
  • [ ] Logs are tamper-evident and access-controlled. Agent execution logs are stored in a location where: they cannot be modified after creation, access is restricted to authorized reviewers, and any access is itself logged.
  • [ ] Log retention meets audit requirements. Agent logs are retained for the same period as the financial records they relate to, or the minimum period required by applicable regulations — whichever is longer.
  • [ ] Audit trail covers human review decisions. When a human reviewer approves, edits, or rejects an agent output at an approval gate, this decision is logged with the reviewer's identity, timestamp, and any changes made.
  • [ ] Reconciliation between agent output and final records. There is a documented reconciliation between AI-generated outputs (reports, journal entry recommendations, reconciliation results) and the final figures that appear in financial records. Any differences are explained.

Section 4: Human approval gates (6 items)#

  • [ ] Material financial outputs require human review before action. No AI agent output that represents a material financial statement figure, regulatory filing, or board report is used without human review and approval.
  • [ ] Approval gate authority levels defined. The required approver level for each agent output type is documented: standard outputs (FP&A analyst), material variance analysis (finance manager), board package content (CFO or delegate).
  • [ ] Approval decisions are logged with identity. The approval system captures who approved each agent output, at what time, and whether any changes were made prior to approval.
  • [ ] Timeout and escalation procedures active. All approval gates have a defined timeout period and escalation path if the primary approver does not respond within the specified window.
  • [ ] Rejection and revision tracking in place. When an approver rejects or requests revision of an agent output, the reason is captured. This data is reviewed quarterly to identify systematic agent quality issues.
  • [ ] Emergency override procedure documented. There is a documented procedure for overriding an approval gate in a genuine time-critical situation, including who has authority to invoke it and the additional documentation required.

Section 5: Model validation and testing (5 items)#

  • [ ] Initial accuracy validation completed. Before production deployment, the agent's outputs were tested against a set of known-correct inputs (historical reconciliations, prior-period reports) and accuracy was documented. Pass threshold was defined and met.
  • [ ] Ongoing accuracy monitoring active. There is a mechanism for monitoring agent accuracy on an ongoing basis — either automated comparison to final reviewed figures or periodic human sample review — not just a one-time pre-launch test.
  • [ ] Model version changes are controlled. When the underlying AI model is updated by the vendor, the finance agent undergoes re-validation before the new model version is used in production. Automatic model updates are disabled where possible.
  • [ ] Prompt versioning in place. System prompts and workflow configurations are version-controlled. Changes to prompts require review and are tracked with an effective date. Prior versions are retained for audit comparison.
  • [ ] Edge case and failure mode testing completed. The agent has been tested on: missing or incomplete data, corrupted input files, ERP API failures, unusually large variance figures, and foreign currency edge cases. Failure behavior is documented and acceptable.

Section 6: Regulatory documentation (4 items)#

  • [ ] AI use disclosure policy exists. The organization has a documented policy on where and how AI is used in financial reporting processes, suitable for disclosure to auditors, the audit committee, and regulators.
  • [ ] Auditor notification completed if required. If external auditors are currently engaged, they have been notified of the introduction of AI agents into financial reporting and close processes, and their requirements for AI-related audit procedures have been addressed.
  • [ ] Regulatory guidance reviewed. Applicable regulatory guidance on AI use in financial reporting (SEC staff bulletins, PCAOB guidance, FASB/IASB statements, or industry-specific regulations) has been reviewed and the deployment is consistent with current guidance.
  • [ ] Annual review scheduled. A recurring annual review of this checklist is scheduled, assigned to a named owner, and tied to the organization's broader IT risk or internal audit calendar.

Section 7: Incident response (4 items)#

  • [ ] Finance AI incident response procedure documented. There is a written procedure for responding to incidents involving AI agents in finance: incorrect financial figures, unauthorized access, data exposure, or agent malfunction. The procedure specifies roles, notification timelines, and escalation paths.
  • [ ] Incident severity classification defined. Finance AI incidents are classified by severity (low/medium/high/critical) with definitions specific to financial impact, regulatory implications, and reputational risk. Critical incidents trigger board or audit committee notification.
  • [ ] Incident communication templates prepared. Communication templates for notifying internal stakeholders, auditors, and regulators are drafted and approved — so incident response does not begin with drafting communications under pressure.
  • [ ] Post-incident review process in place. After any medium or higher severity incident, a post-incident review is conducted within 10 business days, resulting in documented root cause analysis and remediation actions assigned to named owners.

FAQ#

Is this checklist required for all AI use in finance, or only specific use cases?#

The full checklist applies to AI agents that: generate or modify figures that appear in financial statements or management accounts, access GL or ERP data, produce outputs used in regulatory filings, or automate previously human-controlled close process steps. Simpler AI uses (summarizing documents, answering questions about accounting standards, drafting internal communications) may require only the data governance and permission control sections.

How do we handle checklist requirements for cloud-based AI platforms we do not control?#

For sections covering platform-level controls (data residency, tamper-evident logging), you are relying on the vendor's compliance posture. Obtain and review the vendor's SOC 2 Type II report, data processing agreement, and any available compliance documentation. Gaps between vendor controls and your requirements should be documented as accepted risks with appropriate compensating controls.

How often should this checklist be reviewed?#

Annually at minimum. Also review when: a new AI agent is added to finance workflows, the AI model or platform vendor changes, applicable regulatory guidance is updated, or a significant incident occurs.

Tags:
checklistfinancecomplianceaudit
← Back to Implementation Checklists