Finrep at Society for Corporate Governance National Conference
Gana Misra
By Gana MisraCEO, Finrep
Mon Jul 13 2026

SOX Reliance on AI Controls: What the Guidance Actually Says (2026)

Share
SOX Reliance on AI Controls: What the Guidance Actually Says (2026)

SOX Reliance on AI Controls: What the Guidance Actually Says (2026)

If your team is deploying AI controls for SOX 404 purposes, you are operating in a regulatory gap. As of July 2026, the PCAOB has issued zero AI-specific auditing standards or staff guidance. The operative framework, AS 2201, was finalized in 2007, before machine-learning models existed in any meaningful commercial form. Every company relying on AI controls for ICFR is working by analogy, and the burden of proof sits entirely with the preparer.

This article maps the existing PCAOB standards to AI control scenarios with concrete interpretive guidance, explains what the PCAOB's most recent signals say about where guidance is heading, and gives CFOs and controllers a defensible position to take today.

Key takeaway: There is no regulatory safe harbor for AI-driven SOX controls. Grant Thornton states it plainly: "While external auditors and regulators have not given blanket approval for AI-driven SOX compliance, companies can design an approach that is practical, trustworthy and ready for scrutiny."

Does PCAOB or the SEC Have Specific Guidance on AI Controls for SOX?

The short answer is no. The PCAOB's Technology Innovation Alliance (TIA) Working Group completed its "Future State Deliverable" in May 2024; the document was publicly released in August 2025, a 15-month gap between completion and publication. Its second pillar explicitly recommends the PCAOB develop "risk management guidance containing principles and frameworks to help audit firms responsibly use AI in auditing." That is a recommendation, not a standard, and no guidance has been finalized as of July 2026.

PCAOB Board Member Kara Stein, speaking in her personal capacity in September 2025, characterized the PCAOB's historically technology-neutral approach as "akin to being an anchor that weighs down innovation" and called for the PCAOB to take "a newfound and long overdue leadership role in promoting innovation." That framing signals internal pressure for faster action, but pressure is not a standard.

The SEC's Management Guidance (2007) and AS 2201 remain the operative frameworks. Practitioners and Big-4 firms are applying them to AI controls by analogy. That analogy has limits, and those limits are where the real risk lives.

How AS 2201 Applies to AI Controls: Design and Operating Effectiveness

AS 2201 requires auditors to evaluate both the design effectiveness and operating effectiveness of every key control. For a traditional automated control in an ERP system, this is well-understood. For an AI anomaly-detection control, neither concept is defined in the standard, and the interpretive work falls to the company.

Design effectiveness for an AI control means the model's logic, training data, threshold settings, and exception-handling must be capable of preventing or detecting material misstatements. A model trained on stale or unrepresentative data, or calibrated with thresholds that generate excessive noise, fails the design test before it ever runs in production.

Operating effectiveness requires evidence that the AI control actually functioned as designed throughout the audit period, not just at a point in time. This is where continuous monitoring creates a documentation challenge: AI systems can generate enormous volumes of output, and it is unclear how to sample or summarize that output as audit evidence under AS 2201.

For a practical framework on documenting AI controls to satisfy AS 2201's evidence requirements, see Finrep's SOX 404 Compliance Checklist for AI-Assisted Controls (2026).

The Precision Problem: The Central Unresolved Technical Question

Precision is the most important concept in AS 2201 that no one has translated for AI controls. Under AS 2201, a control's precision determines how much reliance an auditor can place on it. A control that catches everything, including immaterial noise, is less precise than one calibrated to detect material misstatements specifically.

For an AI anomaly-detection control, precision is a function of:

  • The model's false-positive rate (noise that wastes reviewer time and dilutes signal)
  • The model's false-negative rate (misstatements the model misses entirely)
  • The quality and representativeness of training data
  • The threshold settings that determine what gets flagged

None of these concepts appear in AS 2201 or any PCAOB guidance. Companies must document their threshold-setting rationale explicitly, tie it to materiality, and demonstrate that the model's false-negative rate does not create a gap that would allow a material misstatement to pass undetected.

Grant Thornton identifies "precision thresholds that flag true anomalies, not noise" as a core design requirement for AI controls to survive audit scrutiny. The practical implication: threshold calibration is not a technical exercise, it is a SOX compliance decision that needs to be owned by the controller or CFO, not the data science team.

Model Drift as a Control Deficiency: An Unaddressed Risk

Model drift may constitute a deficiency in operation under AS 1305, and almost no one is talking about it.

AS 1305 defines a control deficiency as existing when "the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis." AS 2201 paragraphs .62 through .70 add that a deficiency in operation exists when "a properly designed control does not operate as designed."

Apply that to AI: if a model was properly calibrated at deployment but its performance degrades mid-year because the underlying data distribution shifted, the control is no longer operating as designed. That is a deficiency in operation, regardless of whether the model's design was sound at the start of the year.

The implications are significant:

  • Significant deficiency or material weakness: Depending on the magnitude of degradation and the importance of the control, drift could trigger either classification under AS 2201.
  • Mandatory written communication: AS 1305 requires auditors to communicate all significant deficiencies and material weaknesses in writing to management and the audit committee. An AI control that drifted without detection and failed to catch a misstatement creates exactly this exposure.
  • Remediation design: Companies need documented drift-detection procedures, with clear thresholds for when drift triggers re-calibration, re-testing, or escalation to a compensating control.

Grant Thornton recommends "monitoring for drift and bias with documented tester sign-offs and issue logs" as a governance requirement. That is the minimum; the SOX implication is that drift monitoring itself needs to be a control, with evidence of operation.

How AS 2601 Applies to AI Vendors: The Service Organization Problem

Most companies relying on AI controls have not thought through their AS 2601 obligations, and most AI vendors cannot satisfy them.

AS 2601 applies when a company uses a third-party service organization whose controls are relevant to ICFR. An AI model provider, including foundation model vendors and AI-powered GRC platforms, may qualify as a service organization if its systems process transactions or execute controls relevant to financial reporting.

The practical consequence: companies may need SOC 1 Type II reports from AI vendors. Most AI vendors, including major foundation model providers, do not currently provide SOC 1 Type II reports. They provide SOC 2 Type II reports, which cover security and availability but do not address the financial reporting control objectives that AS 2601 requires.

The problem compounds through the AS 2601 AI 18 interpretation, which extends the service organization analysis to subservice organizations. If a company uses an AI GRC platform that itself calls a foundation model API, both the GRC platform and the foundation model provider may need to be evaluated. This "AI supply chain" problem has no regulatory answer and is almost entirely absent from existing practitioner guidance.

Practical steps companies can take now:

  1. Map every AI tool used in ICFR-relevant processes to the AS 2601 service organization test.
  2. Request SOC 1 Type II reports from AI vendors; where unavailable, document the gap and implement compensating controls.
  3. Review AI vendor contracts for audit rights, data processing terms, and change-notification obligations.
  4. Evaluate subservice organization exposure for any AI platform that relies on third-party model APIs.

Agentic AI and Segregation of Duties: A Structural Problem

Agentic AI systems, those that autonomously orchestrate multi-step control workflows, create a structural segregation of duties conflict that has no clean regulatory answer.

KPMG's July 2025 paper on "The Agentic Shift in SOX Compliance" identifies agentic AI as capable of executing entire control-testing workflows. The SOD problem is this: when the same AI system initiates, approves, and records a transaction, or both executes a control and monitors for exceptions, it replicates the exact conflict that SOD requirements exist to prevent.

Grant Thornton explicitly flags "segregation of duties enforced across AI-assisted workflows to avoid conflicts" as a design requirement, but does not resolve how to implement it when the agent is the same system performing multiple roles.

The practical design principle, pending regulatory guidance, is to enforce SOD at the human review layer:

  • The AI can execute and flag, but a human with no operational role in the underlying transaction must approve exceptions.
  • The human reviewer's sign-off must be documented with sufficient detail to show independent judgment, not rubber-stamping.
  • The criteria for when AI can auto-clear versus route to human review must be pre-approved and documented before the control goes live.

For a broader framework on classifying agentic AI controls within your SOX program, see Finrep's SOX and AI Controls: The 2026 Governance Framework for CFOs and Controllers.

How AS 2605 Applies When Internal Audit Uses AI for SOX Testing

When internal audit uses AI tools to perform control testing, external auditors must assess the competence and objectivity of the internal audit function, including the AI tools it uses.

AS 2605 requires evaluation of "quality of working-paper documentation, reports, and recommendations." AI-generated testing documentation must meet this standard. What constitutes adequate AI-generated documentation is undefined, but the Internal Audit Collective's March 2026 survey of 850+ attendees found that only 3% had formally embedded generative AI within their SOX methodologies and governance, suggesting most teams have not yet confronted this question in practice.

The emerging practitioner consensus, based on responses from the same survey, is that AI prompts used in testing should be documented in workpapers, all AI outputs should be human-reviewed before inclusion as evidence, and external auditors should be informed of AI tool usage as part of the evidence package. None of this is codified in AS 2605 or any PCAOB guidance.

The AS 2110 Amendments: The Most Recent Regulatory Update

The AS 2110 amendments, effective December 15, 2026, are the most current update to the risk assessment framework and have direct implications for AI-related risks.

PCAOB Release No. 2024-005 amends AS 2110 to address risks from "information systems that fail to accurately capture business transactions." By analogy, this provision applies to AI systems used in financial reporting processes. The amendments do not specifically address AI, but they are the most recent signal of how the PCAOB is thinking about technology-related risks of material misstatement.

AS 2110 Appendix B, "Consideration of Manual and Automated Systems and Controls," is the closest existing PCAOB guidance to AI controls. It was written for traditional ERP-era automation. The analogy breaks down for probabilistic, non-deterministic AI outputs, where the same input can produce different outputs depending on model state. Companies applying Appendix B to AI controls should document where the analogy holds and where it does not.

The "Human in the Loop" Requirement: How Much Is Enough?

Every Big-4 firm says AI controls require human oversight. None of them defines how much.

This is the most actionable gap in current guidance. Based on the available practitioner consensus and the underlying logic of AS 2201's operating effectiveness requirements, a defensible human-in-the-loop design should include:

ElementMinimum Standard (Practitioner Consensus)
Exception reviewHuman with no operational role in the underlying transaction reviews and approves all AI-flagged exceptions
Auto-clear criteriaPre-documented, management-approved criteria for what AI can resolve without human review
Review documentationReviewer sign-off with sufficient detail to show independent judgment, not just a timestamp
FrequencyContinuous or near-real-time for key controls; at minimum aligned to the financial reporting cycle
Escalation pathDocumented procedure for when AI output is ambiguous or the model produces unexpected results
Evidence retentionAI outputs, reviewer decisions, and exception logs retained in auditable form for the full audit period

The PCAOB's own hypothetical illustrates the stakes. Board Member Stein's September 2025 speech described two scenarios when an audit firm uses AI to test 100% of journal entries: inspectors might recognize it as an improvement over sampling, or they might flag it as non-compliant due to the absence of clear standards. The same ambiguity applies to company-side AI controls. Better coverage does not automatically equal compliance.

What PCAOB Inspectors Are Actually Looking For

The PCAOB inspected 255 Big-4 audit engagements and 179 non-Big-Four annual firm engagements in 2024. The Big Four audit approximately 80% of the market capitalization of U.S.-listed public companies, which means Big-4 AI audit practices will effectively set the de facto standard for AI control reliance ahead of any formal PCAOB guidance.

Based on the available evidence, PCAOB inspectors reviewing AI-assisted controls are likely to focus on:

  • Whether the AI control has a documented, management-approved design with clear precision thresholds
  • Whether operating effectiveness evidence covers the full audit period, not just a point-in-time snapshot
  • Whether human review is documented with sufficient specificity to demonstrate independent judgment
  • Whether AI vendor reliance has been evaluated under AS 2601
  • Whether model changes, retraining events, or drift incidents have been documented and assessed for control impact
  • Whether the internal audit function's use of AI tools has been disclosed to and evaluated by external auditors under AS 2605

The PCAOB has approximately 430 FTEs in its Firm Inspections Group. That capacity, combined with the concentration of AI adoption among large-cap filers audited by the Big Four, means AI control scrutiny is not a future risk. It is a current one.

FAQ

Does my company need to disclose AI control reliance in the 10-K? No specific SEC rule requires disclosure of AI control reliance in the ICFR section or MD&A as of mid-2026. However, if a failure in an AI control could materially affect ICFR, the general materiality framework and the SEC's cybersecurity disclosure rules (2023) may require disclosure in risk factors or MD&A. Companies should assess this question with counsel, particularly if AI controls are key controls for material accounts.

What happens if an AI control produces a false negative and misses a misstatement? A false negative that allows a material misstatement to pass undetected is a control failure. Depending on severity, it could constitute a significant deficiency or material weakness under AS 2201 paragraphs .62 through .70, triggering mandatory written communication under AS 1305 and potential restatement risk. The liability and disclosure implications are unaddressed in current guidance, which is precisely why precision calibration and drift monitoring are non-negotiable design requirements.

Can external auditors rely on AI-generated testing evidence, or must they re-perform? External auditors are inconsistent on this point. Some accept AI-generated evidence with adequate human review documentation; others require re-performance. The safest approach is to document AI-generated evidence in a format that allows an independent party to re-perform the procedure, including the prompt, the output, the reviewer's judgment, and the conclusion. Sharing this documentation with external auditors proactively reduces the risk of a re-performance requirement.

Should we engage a specialist to support our SOX assessment of AI controls? For AI controls that are key controls over material accounts, yes. A data scientist or AI auditor who can evaluate model risk, training data quality, and drift detection provides the technical competence that most internal audit and SOX teams currently lack. Grant Thornton notes that "most organizations are not yet using AI in SOX compliance, due to skills gaps" and that "tools without training rarely deliver ROI." The skills gap is not just an efficiency problem; it is an ICFR risk.

How does COSO 2013 apply to AI controls? The SEC's Management Guidance requires companies to use COSO 2013 as their ICFR assessment framework. Several of COSO's 17 principles need reinterpretation for AI-driven environments, particularly those covering control activities (Principle 10), information and communication (Principles 13 and 14), and monitoring (Principles 16 and 17). The February 2026 COSO publication "Achieving Effective Internal Control Over Generative AI" is the most structured framework currently available for this mapping, though it is not a PCAOB standard.

When will the PCAOB issue AI-specific guidance? No timeline has been announced. The TIA Future State Deliverable recommends the PCAOB develop risk management guidance and establish an Innovation Lab for structured experimentation, but neither has an implementation date. Given that the Future State Deliverable itself took 15 months to move from completion to public release, companies should plan their AI control frameworks around the current standards, not anticipated guidance.

Run your financial reporting on Finrep