SOX and AI Controls: The 2026 Governance Framework for CFOs and Controllers

If your company uses AI to flag unusual journal entries, automate reconciliations, or run anomaly detection on financial data, that AI system is almost certainly a SOX control. Not a tool that supports a control. The control itself. And that distinction carries significant governance obligations that most SOX programs are not yet built to handle.

This guide is for CFOs, controllers, internal audit leaders, and SOX program managers who need to understand exactly what those obligations are, how existing PCAOB standards apply, and where the regulatory gaps leave you exposed today.

Key takeaway: SOX Section 404 applies to AI-driven controls with no carve-outs. The standards governing design, operation, and attestation were written for manual and traditional IT controls. Practitioners are extrapolating. That gap is the defining compliance risk of 2026.

The Three-Tier Model: Not All AI in SOX Is the Same

The single biggest source of confusion in this space is treating all AI use in SOX as equivalent. It is not. Three fundamentally different scenarios require three different governance responses.

TierWhat it isSOX governance obligationTier 1: AI-assisted SOX program managementAI tools that help your team run the SOX program, e.g., drafting process narratives from meeting transcripts, researching guidance, generating risk-and-control matricesNo direct ICFR obligation. AI is a productivity tool, not a control. Requires human review of outputs.Tier 2: AI-automated ICFR controlAI performs a control activity that prevents or detects a material misstatement, e.g., an AI system that reviews 100% of journal entries for anomalies, flags unusual revenue entries, or auto-reconciles intercompany balancesFull AS 2201 obligations apply: design documentation, operating effectiveness testing, management assessment, auditor attestation.Tier 3: Agentic AI ecosystemMulti-agent systems that orchestrate entire SOX workflows, e.g., agents that collect evidence, perform walkthroughs, and document controls autonomouslyEmerging governance territory. Human oversight, accountability structures, and audit evidence sufficiency under PCAOB standards are unresolved.

Most published guidance conflates Tiers 1 and 2. The governance obligations are completely different. Getting the classification wrong in either direction creates risk: misclassify a Tier 2 control as Tier 1 and you have an undocumented, untested ICFR control. Misclassify a Tier 1 tool as a Tier 2 control and you waste resources testing something that does not affect your financial statements.

For context on how AI is already strengthening ICFR in practice, see our earlier piece on the new SOX and AI-driven internal controls.

When AI Is the Control: AS 2201 Obligations Apply in Full

SOX Section 404(a) requires management to assess ICFR effectiveness. Section 404(b) requires independent auditor attestation. Neither provision contains an AI exemption. SOX was enacted in July 2002 and its Section 404 requirements have never been amended to address AI or automated controls. The statute applies to whatever controls you have, regardless of whether a human or an algorithm executes them.

PCAOB AS 2201 defines two categories of deficiency that apply directly to AI systems:

Deficiency in design: A control is not properly designed so that, even if it operates as designed, the control objective would not be met. For an AI control, this includes a model trained on non-representative data, an algorithm that does not cover the relevant financial statement assertion, or a system whose output is never acted upon.
Deficiency in operation: A properly designed control does not operate as designed. For an AI control, this includes model drift that causes the system to miss anomalies it previously detected, misconfiguration after a software update, or output that is generated but not reviewed.

Both categories map directly onto AI failure modes. And under AS 1305, any significant deficiency or material weakness identified during the audit must be communicated in writing to management and the audit committee. A failing AI control is a disclosure event.

The Silent Failure Problem

This is the risk that almost no existing SOX guidance addresses. A manual control fails visibly: a human does not perform the reconciliation, and the gap is obvious. An AI control can fail silently, producing plausible but incorrect outputs without triggering any exception flag. The system appears to be running. The dashboard shows green. The material misstatement goes undetected.

This is a qualitatively new category of ICFR risk. It requires compensating controls that traditional SOX frameworks do not contemplate:

Output monitoring controls: Regular sampling and human review of AI outputs to verify accuracy
Model validation procedures: Periodic testing of the model against known outcomes
Drift detection: Automated alerts when model performance metrics degrade
Model change management: Formal change control procedures before model updates go live in a production ICFR environment

None of these are addressed in existing PCAOB standards. Practitioners are building them from first principles, drawing on COSO's Monitoring Activities component and general IT governance frameworks.

Documenting AI Controls: What Your Control Matrix Needs

Documenting an AI control in your risk-and-control matrix and process narratives requires more detail than a traditional automated control. At minimum, your documentation should address:

Control objective: Which financial statement assertion does this control address? (Existence, completeness, accuracy, valuation, presentation)
Control description: What does the AI system do, what inputs does it process, what outputs does it produce, and what action is triggered by those outputs?
Model governance: Who owns the model? What training data was used? When was it last validated? What is the change management process?
Human-in-the-loop: Is there a human review step before the AI output is acted upon? If yes, document it as part of the control. If no, document why the AI output alone is sufficient.
Exception handling: What happens when the AI flags an anomaly? Who investigates? What is the escalation path?
IT general controls (ITGCs): Access controls, change management, and operations controls for the AI system itself, plus AI-specific controls: model validation, training data governance, output monitoring.

Deloitte partners Lindsay Rosenfeld and Brandon Chandler note that GenAI can complete analysis and verification tasks that typically take days in minutes -- but that speed only helps if the underlying control documentation is structured to support it.

ITGCs for AI Systems: The Framework Gap

Traditional ITGCs cover three domains: access controls, change management, and computer operations. These apply to AI systems but are insufficient on their own. AI-specific ITGCs that your program should address include:

Training data governance: Who controls the data used to train or fine-tune the model? Is it subject to access controls and version management?
Model versioning and change management: Is there a formal process for approving model updates before they affect ICFR outputs? Are prior model versions retained for comparison?
Output monitoring: Is there a systematic process for reviewing AI outputs for accuracy and completeness on an ongoing basis?
Model validation: Is the model periodically tested against a holdout dataset or known outcomes to verify it still performs as designed?
Vendor dependency controls: If the model is provided by a third party, what controls exist if the vendor changes the model, deprecates an API, or experiences an outage?

No authoritative ITGC framework for AI systems exists yet. The PCAOB's Technology Innovation Alliance (TIA) Working Group identified standardized audit documentation as its first strategic pillar, but that work addresses audit firm documentation, not preparer control frameworks.

Third-Party AI Vendors: The Service Organization Problem

When a company uses a third-party AI platform as part of ICFR, that vendor may qualify as a service organization under AS 2601 and Auditing Interpretation AI 18. This means your auditor needs to obtain and evaluate a SOC 1 report from the vendor, or perform alternative procedures.

The problem: standard SOC 1 Type II reports were not designed for AI systems. They cover traditional IT controls. They do not address:

Model training data quality and governance
Algorithmic bias and fairness testing
Model versioning and the impact of model updates on ICFR outputs
Foundation model dependencies (if your SaaS vendor's AI is built on a third-party LLM API, that creates a subservice organization layer)

AI 18 extends service organization considerations to subservice organizations. A multi-layer AI supply chain, where your vendor's platform runs on a foundation model API from a separate provider, creates nested service organization considerations that existing SOC 1 frameworks are not equipped to address.

Until SOC 1 frameworks are updated for AI, companies relying on third-party AI controls should document complementary user entity controls (CUECs) that address the gaps. These should include output monitoring, independent validation of AI outputs against source data, and contractual rights to audit the vendor's model governance practices.

The PCAOB's Position: A Confirmed Grey Zone

The regulatory picture is clear in one respect: there is no AI-specific PCAOB auditing standard. The PCAOB's June 2024 technology-assisted analysis amendments, effective for fiscal years beginning on or after December 15, 2025, explicitly excluded AI from scope. The adopting release states: "The amendments are focused on addressing certain aspects of technology-assisted analysis, not specific matters relating to other technology applications used in audits (e.g., blockchain or artificial intelligence)."

The PCAOB's July 2024 GenAI Spotlight found that audit firms view current PCAOB standards as no impediment to GenAI use, meaning firms are proceeding under standards written for manual and traditional IT procedures. The PCAOB acknowledged it is assessing whether guidance, standard changes, or other regulatory actions are needed, but no action has followed.

The tension is sharpest around 100% testing. As a PCAOB board member put it in September 2025:

"Let's say an audit firm uses an AI tool to test 100% of journal entries, as opposed to taking the traditional, manual sampling approach. One scenario is that PCAOB inspectors recognize 100% testing as an improvement over the manual sampling approach, because it provides more audit coverage. The second scenario is that the lack of clear PCAOB standards and guidance on what constitutes an acceptable AI-based audit [causes inspectors to flag it]." -- PCAOB Board Member, AI and the Pursuit of Audit Quality, September 2025

That unresolved tension is a live risk for preparers today. If your auditor uses AI to test your journal entries and a PCAOB inspector challenges the procedure, you may face re-testing requests, delayed audit opinions, or increased audit fees. Understanding your auditor's AI procedure documentation strategy is now a legitimate agenda item for pre-year-end planning meetings.

The same board member called for the PCAOB to become "an engine that catalyzes innovation" rather than a technology-neutral anchor, signaling internal pressure for AI-specific standards. But none exist yet, and the PCAOB is simultaneously implementing multiple new standards (AS 1000, the Confirmations standard, the Quality Control standard, and the technology-assisted analysis amendments) on overlapping effective dates, straining both firm and regulator capacity.

Agentic AI in SOX: What KPMG's TACO Framework Means in Practice

KPMG's July 2025 paper on the agentic shift in SOX compliance introduces the TACO framework, a taxonomy of four agent types:

Taskers: Single-task agents that execute discrete, well-defined activities (e.g., pulling evidence from a document repository)
Automators: Agents that handle end-to-end execution of a defined process (e.g., running a full controls testing workflow)
Collaborators: Agents that work alongside humans, providing analysis and recommendations
Orchestrators: Multi-agent systems that coordinate other agents to achieve complex objectives at scale

KPMG states that "SOX controls may be an even better target for agentic automation" than other enterprise processes, citing the structured, repeatable, documentation-heavy nature of SOX work. The efficiency case is compelling. But the KPMG paper does not address the governance and attestation implications of deploying agents as ICFR controls.

The Orchestrator tier raises the hardest questions. If a multi-agent system conducts a walkthrough, collects evidence, and documents a control, does that satisfy AS 2201's requirements for sufficient appropriate audit evidence? Does the agent's output constitute a management representation? Who is accountable if the agent makes an error? These questions have no authoritative answers today.

The practical guidance for 2026: Agentic AI is appropriate for Tier 1 activities (program management, evidence collection support, documentation drafting) with human review of all outputs. Deploying agents as Tier 2 ICFR controls without robust human oversight, output monitoring, and explicit control documentation is a material weakness waiting to happen.

The Management Assessment Narrative: Disclosure Calibration

How should management describe AI-driven controls in the Section 404(a) assessment and in the 10-K? This is an unresolved disclosure question with real stakes in both directions.

Over-disclosure of AI control methodology creates competitive risk and may invite SEC comment letters asking for more detail than you want to provide publicly.
Under-disclosure of material AI control risks, especially if an AI control failure contributed to a restatement or late filing, creates enforcement exposure.

The SEC has not issued specific guidance on AI control disclosure in ICFR assessments. The working principle: describe AI controls at the same level of specificity as other significant automated controls. If an AI system is a key control over a significant account, its existence and general nature should be reflected in your process narratives and risk-and-control matrix. Model-level technical detail does not belong in the 10-K. But a statement that management uses automated controls over journal entry review, without acknowledging that those controls are AI-driven, may not accurately describe the nature of the control environment.

Audit committee briefings are a related obligation. Boards and audit committees are responsible for overseeing ICFR but typically lack the technical literacy to evaluate AI control risks. Management should brief the audit committee on: which controls are AI-driven, what the key model governance risks are, what compensating controls exist for silent failure scenarios, and what the current PCAOB regulatory gap means for audit risk and fees.

What to Do Now: A Practical Checklist

For SOX program managers and controllers navigating this in 2026:

Classify your AI systems correctly:

Inventory all AI tools used in financial reporting processes
Apply the three-tier model: program management tool, ICFR control, or agentic ecosystem
For every Tier 2 AI control, confirm it is in your risk-and-control matrix with full documentation

Document AI controls to AS 2201 standards:

Control objective mapped to specific financial statement assertions
Model governance section: owner, training data, validation history, change management process
Human review step documented, or rationale for why AI output alone is sufficient
Exception handling and escalation path documented

Build AI-specific ITGCs:

Training data access controls and version management
Model change management procedures (separate from general IT change management)
Output monitoring controls with defined sampling frequency and reviewer
Model drift detection and alert thresholds

Address third-party AI vendor risk:

Determine whether vendor qualifies as a service organization under AS 2601
Obtain and review SOC 1 report; document gaps not covered by the report
Define complementary user entity controls for AI-specific risks
Assess subservice organization layers (foundation model dependencies)

Engage your external auditors early:

Discuss AI control documentation approach before year-end
Understand their AI testing methodology and PCAOB inspection risk exposure
Align on what constitutes sufficient evidence of AI control operating effectiveness

FAQ

Does an AI system used as a SOX control need to be tested like any other control?Yes. Under AS 2201, any control that is part of ICFR must be designed properly and operate effectively. Testing an AI control means verifying that the model performs its intended function, that outputs are acted upon appropriately, and that the supporting ITGCs (including model governance) are operating. The testing methodology will differ from manual controls, but the obligation is the same.

What happens if our AI control produces a hallucination or incorrect output?If the error is isolated and caught by a compensating control, it may be a control deficiency. If the AI control fails systematically, or if there is no compensating control to catch incorrect outputs, the failure could constitute a significant deficiency or material weakness under AS 1305, requiring written communication to management and the audit committee and potential public disclosure.

Do we need a SOC 1 report from our AI vendor?If the vendor's AI system is part of your ICFR, the vendor likely qualifies as a service organization under AS 2601 and AI 18. Your auditor will need either a SOC 1 Type II report from the vendor or will need to perform alternative procedures. Review the SOC 1 carefully for AI-specific gaps and document complementary user entity controls to address them.

Is there specific PCAOB guidance on AI in audits or ICFR?No AI-specific PCAOB standard exists as of mid-2026. The June 2024 technology-assisted analysis amendments explicitly excluded AI from scope. The PCAOB has acknowledged the gap and is assessing whether new guidance or standards are needed, but nothing has been issued. Practitioners are applying existing standards (AS 2201, AS 1305, AS 2601, AI 18) to AI systems by analogy.

Can we use agentic AI to perform SOX controls testing?Agentic AI can support controls testing workflows, particularly for evidence collection, documentation, and scheduling. But deploying agents as the primary tester of ICFR controls, without robust human review of outputs, raises unresolved questions about audit evidence sufficiency under PCAOB standards. The prudent approach in 2026 is human-supervised agentic assistance, not autonomous agent-led testing.

How should we brief our audit committee on AI control risks?Cover four topics: which ICFR controls are AI-driven and what financial statement assertions they address; the key model governance risks (drift, silent failure, vendor dependency); what compensating controls are in place; and the current regulatory gap, specifically that no AI-specific PCAOB standards exist and what that means for audit risk and fees. Keep it non-technical but specific enough that the committee can exercise meaningful oversight.