Your AI Agent Generated the Revenue Forecast. Will It Hold Up to Audit?

A finance team deploys an AI agent to draft the quarterly revenue forecast. The agent weights the pipeline, applies seasonality, and produces a number that feeds the board deck and, eventually, guidance. It does in minutes what used to take an analyst a week.

Months later, the audit committee asks a specific question: who produced this forecast, what was it based on, how confident was the model, and how close did it come to the real number? The team pulls a spreadsheet and a model output, but not a record that ties the forecast to its inputs and to the outcome. That gap is the problem.

The estimate scrutiny is already here

SOX requires internal controls over financial reporting, and forecasts that feed the financial statements fall inside that perimeter. The PCAOB has sharpened its focus on management estimates and the data and methods behind them. Neither framework was written with AI agents in mind, and both apply to them.

An agent generating forecasts across business units produces more output than a manual process. The difficulty is accountability. A spreadsheet can be edited after the fact. A cryptographic, append-only decision log cannot.

What the audit trail must capture

For each forecast, the record needs the decision type (submit, revise, or reject), a hash of the inputs, the agent's rationale, and the forecast detail: type, period, value, confidence interval, and model version. It also needs a hashed list of the input data sources, so an auditor can confirm the forecast was based on the inputs claimed without exposing the underlying data.

Forecasts flagged as material to the financial statements are routed for immediate review. The materiality threshold is set per organization.

Closing the loop with actuals

A forecast audit trail is only half complete at the moment the forecast is made. The other half arrives when the period closes and the real number is known. Sigmodx records the actual value and computes the forecast error, which feeds two signals: forecast accuracy, the fraction of forecasts within 10% of the actual, and calibration error, the gap between the agent's stated confidence and its empirical accuracy.

This is the signal that matters most. An agent that is confident and wrong is more dangerous than one that is uncertain and wrong, because the confident agent gets trusted. Calibration error surfaces that pattern.

Reliability drives the agent state

Five signals set the agent state: forecast accuracy, calibration error, revision rate, materiality flag rate, and human override rate. An agent whose forecasts come in below 80% accuracy, or whose forecasts are revised more than a quarter of the time, moves to LIMIT. Above 40% revision rate or 15% human override rate, it moves to BLOCK. The state is computed append-only per period, so the history of how an agent earned or lost trust is itself part of the record.

What the attestation proves

At period end, an organization generates an attestation: a deterministic, SHA-256 hash of the forecast decisions, reviewer assessments, and reliability signals for the period. The verification string takes the form SIGMODX-FORECAST-[ORG]-[HASH] and can be checked independently at /verify.

The attestation does not claim the forecasts were correct. It proves what the agent forecast, what it was based on, how it scored against the actuals, and how often a human had to step in. That is the record the audit committee was asking for.