A mid-size public company deploys an AI agent to review journal entries before they post to the general ledger. The agent runs for six months. It catches round-number amounts, flags unusual posters, and auto-blocks segregation of duties violations. The accounting team trusts the output.

The external auditors arrive for the SOX 404 review. The lead asks for control documentation for the GL review agent. Not the entries it reviewed. The control. Evidence that the agent operated as designed, that each decision was recorded, that human oversight was present, and that the record is intact.

The team has dashboards and ERP extracts. They do not have a single, defensible answer.

Why journal entry review sits above invoice approval

Journal entries construct financial statements. An error at the entry level moves revenue, expense, and balance sheet balances directly. Regulators treat journal entry controls as high risk for that reason.

The PCAOB's amended AS 2201 takes effect for fiscal years beginning on or after December 15, 2026. Auditors will evaluate whether automated controls over journal entry processing have appropriate IT general controls, including access management, change management, and operating effectiveness evidence.

COSO's February 2026 guidance on generative AI and internal control adds two hard requirements: a complete, non-editable audit trail of AI decisions, and active model governance documentation. Most GL review tools were built for throughput, not for either.

What the agent is actually checking

Each entry is evaluated before posting. Round numbers, exact multiples of one thousand or ten thousand, often signal estimation rather than a sourced transaction. Entries outside normal business hours, typically before 7:00 a.m. or after 8:00 p.m., warrant review. Amounts just below an approval threshold suggest structuring to avoid authorization.

The agent also evaluates duplicate risk, backdated postings, suspense account use, missing documentation, unusual poster behavior, and other policy-defined patterns.

Segregation of duties is the critical check. When the same person created and approved an entry, that is an SOD violation. Those cases are blocked automatically, even if the agent is in ALLOW state on other metrics. No reliability threshold overrides an SOD block.

Why ERP audit logs are not enough

SAP, Oracle, and NetSuite record what happened to data: which entry posted, which user ID acted, and when. They do not record what an AI agent decided, which flag subtype fired, the rationale at decision time, the reviewer's assessment, or the monthly reliability signal.

ERP logs live inside infrastructure the company controls. A privileged administrator can alter rows. SOX controls exist to reduce reliance on that kind of trust.

Sigmodx enforces append-only storage at the database layer. Update and delete on core decision rows are rejected after insert. A cryptographic hash covers the attestation payload. The auditor checks the hash; they do not need to trust company administrators.

The attestation comes from a third-party system the company does not operate and cannot edit after the fact. That independence is what gives the record evidentiary weight.

What the audit record needs

A CFO preparing for the amended standard should expect four artifacts.

The input fingerprint is a SHA-256 hash of the data the agent consumed: entry reference, account code, amount, posting date, and an anonymized poster identifier. The entry stays in the company's environment. The hash proves specific inputs without copying detail externally.

The decision record captures decision type, flag subtype, flag severity, and rationale at decision time. For SOD violations, the auto-block confirmation is part of that record.

The reliability signal covers the trailing thirty days: false positive rate, false negative rate, SOD violation detection rate, block accuracy, and escalation rate. Those metrics drive ALLOW, LIMIT, or BLOCK. False negative above 5 percent triggers BLOCK; above 2 percent triggers LIMIT. SOD detection below 90 percent triggers BLOCK; below 95 percent triggers LIMIT.

The attestation is a period-end cryptographic summary of decisions, reviewer assessments, reliability signals, and flags by subtype. One verification string lets an auditor check independently in about sixty seconds.

The human oversight requirement

PCAOB expectations still require evidence of human oversight for automated financial reporting controls.

A controller or senior accountant reviews a defined sample of flagged entries each week and records agree, disagree, or escalate. That assessment is immutable and feeds false positive and false negative rates. The auditor sees that a human evaluated judgment, not only that software ran.

For SOD violations, a single reviewer cannot clear a block. They confirm or escalate to a senior reviewer. That closes a common gap where compensating controls exist on paper but are easy to override in production.

Three actions before the December 2026 deadline

AS 2201 applies to fiscal years beginning on or after December 15, 2026. For a calendar-year company, the 2027 audit is the first period under the amended standard. Build the trail before fieldwork.

Verify immutability at the database layer. Engineering should demonstrate that update or delete on a decision row is rejected by the database, not only blocked in application code.

Establish structured sample review with a documented methodology, fixed sample size, and period false positive and false negative rates. Remediate if the agent misses more than 2 percent of real GL issues before the auditor samples the same population.

Document decision rules and version them: round-number triggers, outside-hours definition, approval thresholds. Attach the version in effect to the period attestation.

Closing the loop

The team with an immutable decision log, hashed inputs, reviewer assessments, and a period attestation answers the control question in one session. They provide a verification string. The auditor checks it. The walkthrough continues.

The team that relied on ERP history alone often faces a testable gap. Under amended AS 2201, auditors are trained to evaluate that control specifically.

Sigmodx provides audit trail infrastructure for AI agents in financial workflows, including GL entry review with SOD auto-block, reliability signals, and period attestations. Pilot access for Q3 2026 is listed at sigmodx.com/enterprise.

Your GL Review Agent Is Catching Journal Entry Errors. Can You Prove It?