AT Think

The AP audit problem starts before the AI

We have all heard the warnings that AI within the accounts payable function will not survive an audit. The reasoning is architecturally based, drawing on a belief that these systems cannot explain how they reached a decision, and the new wave of AI-led audits will catch that out. 

Processing Content

PwC has already spent roughly a billion dollars building a platform of this kind, which is being piloted right now as the firm moves toward its intention to audit every client this way by 2028, examining every transaction rather than a sample. The pressure is mounting for AP functions that haven't thought their AI strategy through.

As it turns out, the warning is fair, but it points at the wrong black box. The reason most AP AI fails an audit isn't necessarily due to architecture but because you cannot audit a process that the organization hasn't actually defined. 

Used properly, the arrival of AI in finance isn't what puts the audit at risk but is what finally forces the discipline that should have been there all along — and there are practical steps any team can take before they introduce AI into AP.

The black box is already in your AP

Ask an AP team why a particular invoice was paid on the 14th of the month, for that amount and approved by that person. Usually nobody can say. The invoice arrived by email, sat in an inbox, was approved by whoever was at their desk, and somebody cleared the exception using knowledge they have never written down. There is no record of the reasoning. People call AI a black box but manual AP is a black box too, just one built out of inboxes and habits rather than code. AI doesn't create that opacity but inherits it.

This scenario is more common than one might think. Ardent Partners' 2025 research puts the average invoice exception rate at 18.4% — nearly one in five invoices drops out of the normal flow to be fixed by hand. The average invoice still takes 8.2 days and costs $9.84 to process although as the best-run teams do it for roughly four-fifths less, the gap is driven by process, not by technology.

Audit has been based on sampling for decades. Test a slice, infer the rest, and a messy process survives because most of it is never examined. Read the whole population in close to real time and that cover is gone. The improvised corners of your process stop being private and start becoming findings. Some of these cost real money; 76% of U.S. organizations were hit by attempted or actual payment fraud last year, according to AFP's 2026 survey, with duplicate payments and miscodings slipping through the same gaps that fraud does.

Governance is a process problem before it's a technology problem

The prompt "show me the payment from the 14th and everything behind it" only works if there is a defined, logged process behind it. A workflow that lives as habits in people's heads cannot be handed to a machine but likewise, it cannot be handed to an auditor either.

This is also why AI keeps stalling in finance teams. MIT's NANDA study last year examined 300 enterprise deployments and found 95% produced no measurable effect on the bottom line. The cause, the researchers were clear, was organizational, not technical. Companies never wired the tools into how the work actually gets done. Finance is no further ahead. Ardent's 2025 numbers show just 44% of AP teams using AI at all, and most of that is drafting emails through a chatbot — a long way from letting a model play a meaningful role in AP.

A pilot that never reaches production and an audit finding nobody can explain come from the same place — a process that was never written down.

Done properly, automation makes AP more auditable, not less

Plug a model into documented chaos and the audit will expose everything. Define the process first and automation can achieve the reverse. Automating something properly forces a team to write down the rules, agree who approves what, and decide what happens to every exception. The result is structured data instead of PDFs in an inbox and a record of every decision instead of a shrug.

For example, take a multisite business running a large vehicle fleet. Their monthly fuel invoice runs to 30 pages of refuels across dozens of vehicles and cost centers and used to take up to two days of manual reconciliation across two disconnected systems. The audit problem there wasn't really the speed but that hundreds of purchase orders sat permanently open in their operational system because closing them was a manual step the team often skipped. With the right AI infrastructure, each PO is closed automatically and every invoice posted into the ERP with full accounting dimensions. That is what auditable AP looks like in practice.

Manual AP was never made to explain itself, but automation done well can be the turning point.  By 2028 most companies will be audited transaction by transaction. Better to put the process in now than have an auditor find out you never had one.

Four things to settle before you add AI

The work that makes AP auditable is not technical but governance, and it has to come first. Four things are worth getting explicit before any model gets near the payables function.

It starts with your decision rights, which must be clear. For example, a finance director can approve spending without board sign-off up to a certain amount and an AP team lead can release payments under a different amount without dual authorization. Most organizations have never actually mapped this and instead run on convention.

Next comes accountability. Name the individual who owns the outcome when something goes wrong, not just the team. If AP automation misfires, the answer is not "finance" or "ops" but a person. 

With accountability comes oversight and escalation. Define what gets reported, to whom and on what cadence. Crucially, it must also be clear what triggers an escalation. This is where governance can fail. Organizations design well-staffed committees and never define what actually causes something to surface in the first place.

Finally, insert change control. New tools, new integrations and new rules all need an evaluated route in. Without that, governance erodes the moment circumstances change because people quietly route around it. If teams can do this work now, they will control how the audit gets done. Wait, and that decision will lie with the auditor instead.


For reprint and licensing requests for this article, click here.
Audit Technology Artificial Intelligence Audit software
MORE FROM ACCOUNTING TODAY
Load More