AI in Your Books. Control in Your Hands.

What it actually means to let AI into your finance stack, and why your auditors should be fine with it.

‍

The question we hear most from finance teams isn't "Can AI do this?" It's "If AI does this, are we still in control?" The answer is yes. But only if the AI was designed with controls as a first principle, not bolted on after the fact.

There's a reasonable fear at the heart of AI adoption in finance. You've spent years building airtight reconciliation workflows, documented your controls for auditors, and trained your team on exactly who approves what. Now someone is suggesting you introduce an AI agent into that environment. The concern isn't irrational, it's appropriate. Controls exist for a reason.

What follows is a plain-language explanation of how Rillet's AI is architected to work inside your control environment, not around it. And why, when it's designed correctly, AI-native accounting actually produces a more defensible audit posture than the traditional model.

‍

Five Protocols That Keep You in Control

These aren't features. They're design commitments. Each one maps to a real control requirement.

‍

1. Human Oversight on Every Action

Every AI suggestion requires your explicit approval before anything posts, bills, invoices, journal entries, vendors, customers. Nothing happens automatically. You can edit any recommendation before it goes through, and AI features can be turned on or off entirely. The AI does the legwork. You make the call.

‍

2. Deterministic Math. Always.

Rillet never lets AI do the arithmetic. All financial calculations run on purpose-built, deterministic tools, not the language model. The numbers are always exact. No rounding errors, no hallucinated figures. No surprises at audit time.

‍

3. Materiality Thresholds

You define what matters. Set thresholds directly in the prompt. For example, in flux analysis, instruct the AI to only surface variances above a set amount. Less noise. More signal. Only the exceptions worth your attention.

‍

4. A Complete Audit Trail

Every AI action is logged. In the chat history, you can see exactly what the AI proposed, whether it was approved or rejected, and direct links to the resulting entries. Full visibility into what happened and why. Always audit-ready.

‍

5. Persistent User Context

You can give the AI additional context to guide its recommendations, your company's accounting policies, how you handle specific transaction types, what thresholds matter to your auditors. That context is preserved across sessions, so you're not re-explaining your environment every time. The AI learns to work the way you work.

AI Doesn't Eliminate Controls. It Elevates Them.

SOX requires documented, testable controls over financial reporting. AI-native ERPs don't bypass this requirement. They make it easier to satisfy. Every AI action can be logged with full context: what the model proposed, what data it used, what confidence level was assigned, and who approved it.

Traditional ERPs log who clicked what. Rillet logs why, the inputs, the model version, the reasoning chain, and the human review outcome.

For external auditors, that's a more complete audit trail than a static approval workflow. It's not just a timestamp and a username. It's a documented decision chain.

‍

Segregation of Duties Still Applies

In an AI-native ERP, the AI is an actor in your control matrix, treated exactly like any human preparer. An AI that can both suggest and post a journal entry without human approval is a SOD violation, full stop. The architecture enforces that AI initiates and humans authorize. Same as any preparer/approver split.

‍

Model Changes Are System Changes

SOX Section 404 requires controls over changes to financial systems. In an AI-native ERP, that extends to the models themselves. Updating or retraining a model is a system change that goes through IT General Controls: change management, testing, approval, and rollback capability. No silent upgrades in the background.

‍

Explainability Is Not Optional

Auditors need to understand how a control operates. An AI that produces no explanation for its output fails this test. Rillet generates human-readable rationale for material financial decisions, not as a nice-to-have, but as a required control output. If you can't explain it, it doesn't count.

‍

The Script for Your Auditors

When your external auditors ask about AI in your close process, here is the frame that works:

• "The control is the human authorization process." AI is a tool. Every transaction it prepares is reviewed by a human before posting.
• "Can we show you the log?" Every transaction is reviewed. Every exception escalated. The log is always there.
• "Our thresholds are auditable controls." The materiality thresholds are documented, tested, and version-controlled. Not informal. Not ad hoc.
• "Math runs on deterministic tools." The AI does not compute financial figures. Calculations run on purpose-built, auditable systems with exact outputs.

‍

Continuous Close: Not Fewer Controls. Better Ones.

The traditional close model clusters controls at month-end: accruals reviewed in bulk, reconciliations done once, journal entries approved in a batch, variance analysis run after the fact. That creates what auditors call "control compression", an enormous amount of financial risk reviewed in a five-to-ten day sprint, under time pressure, by exhausted accountants.

Continuous close doesn't eliminate those controls. It redistributes them, from a high-risk sprint into a steady-state system of automated, event-driven controls.

‍

‍

From a SOX perspective, this is a stronger posture. Anomaly detection replaces sampling. Instead of testing 25 journal entries, every journal entry is tested. Real-time sub-ledger to GL reconciliation means any out-of-balance condition surfaces in minutes. Automated accruals with documented triggers satisfy the "support for estimates" requirement under ASC 250.

The books are clean at the end of the month because they were clean throughout. Close becomes a reporting event, not a recovery operation.

‍

The One Question Worth Asking

Before adopting any AI tool in your finance stack, ask one question: If my auditor asked me to walk through every decision this AI made last quarter, could I?

If the answer is yes, if the log is there, the approvals are documented, the thresholds are set, and the math is exact, you have a defensible position. You're not less in control because AI is involved. You may be more in control than you were before.

That's what it means to be built by accountants.

‍