Something fundamental is changing inside enterprise ERP systems. Autonomous AI agents are beginning to approve invoices, route procurement workflows, reclassify journal entries, and adjust inventory allocations, decisions that used to require a human signature on a paper trail.
The technology is moving fast. The governance is not.
For CFOs, controllers, and internal audit leaders, this creates a problem that no existing framework fully addresses. SOX Section 404 requires that management assess and attest to the effectiveness of internal controls over financial reporting every year. The 2013 COSO framework that underpins those assessments was written before autonomous agents existed. IT General Controls, the backbone of ERP governance for two decades, were designed for a world where humans initiated transactions and software simply processed them.
That world is ending. In the world replacing it, the question is no longer “Who approved this transaction?” It is “Which autonomous process did what, under which policy, and can we prove it?”
This article argues that the answer lies in a discipline most boardrooms associate with quality assurance, not governance: continuous testing. Specifically, that in an agentic ERP environment, continuous testing is the control layer, the mechanism that generates the evidence auditors and regulators will demand to confirm that autonomous agents operated within their intended boundaries.
The Control Gap Autonomous Agents Create
When a procurement specialist approves a purchase order in SAP, there is a control trail: a user identity, a timestamp, a segregation-of-duties check, an approval workflow, and an audit log that connects the decision to a person, a policy, and a business justification. When an AI agent approves that same purchase order, most of that trail evaporates.
The agent has credentials, but no identity in the way governance frameworks understand identity. It has access, but its permissions were likely defined once and never reviewed through a formal recertification cycle. It made a decision, but the logic behind that decision may be opaque, probabilistic, or influenced by context the agent inferred rather than rules it was explicitly given.
This is the control gap. It is not a hypothetical risk. Gartner projects that 40% of enterprise applications will feature task-specific AI agents by the end of 2026. The EU AI Act’s full enforcement began in August 2026, requiring documented human oversight, audit trails, and risk management for AI systems that affect financial reporting. In the United States, the SEC’s December 2025 cybersecurity disclosure rules now pull identity failures in financial systems into the scope of securities regulation.
The question is no longer “Is our ERP secure?” It is “Can we prove that every autonomous action inside our ERP was authorized, bounded, and correct?”
For internal audit teams, this gap is especially acute. Their existing test plans, control matrices, and evidence collection processes were built to verify that humans followed procedures. They were not built to verify that autonomous agents stayed within boundaries that may not even be formally documented yet.
Why Traditional IT General Controls Don’t Cover Agent Decisions
IT General Controls, access management, change management, program development, and computer operations, are the foundation of ERP governance. They work well for the environment they were designed for: one where humans initiate transactions, software processes them deterministically, and control testing verifies that the software behaved as configured.
Autonomous agents break each of these assumptions:
Access management assumes static identities. Traditional access controls assign permissions to human users and verify them through periodic reviews. AI agents operate through service accounts, API tokens, and system credentials that rarely go through the same lifecycle management. A recent analysis found that most enterprises discover mid-audit that AI is embedded in ERP modules, RPA platforms, and analytics tools they did not explicitly provision or govern.
Change management assumes deterministic behavior. ITGCs verify that software changes follow a controlled process: development, testing, approval, promotion. But an agent’s behavior changes every time its model updates, its context shifts, or its training data evolves, without any of those changes going through a formal change advisory board. The same agent, given the same input, may produce different outputs depending on context. Traditional change controls have no mechanism for governing this kind of drift.
Control testing assumes periodic verification is sufficient. SOX testing typically happens on a sample basis, at defined intervals. When a human approves invoices, testing a sample of approvals provides reasonable assurance. When an agent approves thousands of transactions per hour, periodic sampling cannot provide the same confidence. The volume, speed, and variability of agent decisions demand continuous verification, not quarterly spot-checks.
None of this means ITGCs are obsolete. They remain essential for the human and system layers of ERP governance. But they are insufficient for the agent layer. A new control mechanism is needed, one designed for continuous, autonomous, non-deterministic decision-making at scale.
Testing as Continuous Evidence for Auditors
Here is the reframe that matters: in an agentic ERP, continuous testing is not a quality assurance function. It is a governance function. It is the mechanism that produces the evidence auditors need to attest that autonomous agents operated within their intended boundaries.
Think of it this way. When your external auditor tests a manual control, they examine a sample of transactions and verify that the right person followed the right procedure. When they test an automated control, they verify that the software was configured correctly and processed transactions as intended. When they need to test an agent-driven control, they need something new: continuous evidence that the agent’s decisions were consistent with business rules, within approved tolerances, and traceable to a policy.
That evidence can only come from continuous testing. Not the kind of testing that verifies whether a button works. The kind that validates whether a business process completed correctly, whether the journal entry posted to the right account, whether the procurement approval followed the delegation matrix, whether the inventory adjustment stayed within approved thresholds.
ERP AI compliance testing is not about finding bugs. It is about producing the auditable proof that autonomous agents did what they were supposed to do, and nothing else.
This is where the worlds of quality assurance and financial governance converge. The same discipline that tells a QA team “your ERP update didn’t break anything” also tells an auditor “every autonomous transaction in this period was validated against the control framework.” The outputs are different. The underlying mechanism, continuous, automated validation of ERP business processes, is the same.
Mapping Agent Validation to SOX and Control Frameworks
For practitioners building this capability into their SOX programs, the alignment between continuous testing and existing control frameworks is more direct than it appears. The following mapping illustrates how agent-level testing connects to COSO principles and SOX requirements:
| COSO Principle | Traditional ITGC Approach | Agent-Era Testing Approach |
| Principle 10: Select & develop control activities that mitigate risk | Define controls around user access, change management, and processing logic; test periodically | Define agent boundaries and expected outcomes; validate continuously through automated business process testing |
| Principle 11: Select & develop technology controls | Access reviews, segregation of duties, password policies, change tickets | Agent credential lifecycle, permission scoping, behavioral drift detection, continuous output validation |
| Principle 13: Use relevant, quality information | Sample-based testing of transaction accuracy; rely on deterministic system behavior | Continuous transaction-level validation with full audit trails; account for non-deterministic agent behavior |
| Principle 16: Evaluate & communicate deficiencies | Annual or quarterly control testing; exceptions reported to audit committee | Real-time exception detection with automated alerting; continuous evidence available for auditors on demand |
The critical shift is from periodic to continuous. Traditional ITGCs test at intervals and assume stability between tests. An agent control layer tests continuously and assumes nothing about stability, because agent behavior, by definition, is not guaranteed to be stable between invocations.
For internal audit teams preparing for their next SOX cycle, this has practical implications. When AI agents influence financial reporting processes, auditors will need to see that the organization has a mechanism for continuously verifying that agent outputs conform to business rules and control objectives. That mechanism is continuous testing. The absence of it will increasingly be treated as a control deficiency.
How Sofy Provides the Audit-Ready Record
This is the challenge Sofy’s ERP Test Agents were designed to address. Not as a governance, risk, and compliance platform, but as the continuous validation layer that makes governance provable.
Sofy deploys autonomous AI test agents trained on specific ERP modules, SAP Finance, Dynamics 365 Supply Chain, D365 Sales, and others. Each agent understands the business rules, transaction flows, and expected outcomes within its module. It continuously validates that ERP processes are completing correctly, whether those processes are initiated by humans, triggered by workflows, or executed by autonomous agents.
For the CFO and internal audit perspective, this means three things:
Continuous evidence generation
Every validation Sofy’s agents perform produces a timestamped, auditable record: which business process was tested, what the expected outcome was, what the actual outcome was, and whether the result was within approved tolerances. This evidence is generated continuously, not quarterly, not annually, but with every transaction cycle. When your auditor asks “how do you know the agent stayed in bounds?”, the answer is a complete validation record, not a narrative explanation.
Business-logic-level validation, not UI-level checking
Most testing tools verify that screens rendered correctly or that buttons produced expected responses. Sofy’s agents validate at the business process level: did the journal entry post to the correct account? Did the procurement approval follow the delegation of authority? Did the revenue recognition treatment align with the policy? This is the level of assurance that SOX testing requires, and it is the level at which agent-driven errors create financial statement risk.
Self-healing that maintains control continuity
When ERP environments change, a Dynamics 365 release wave, an SAP support pack, or an agent’s behavior shifting after a model update, Sofy’s test agents adapt automatically. They detect the change, adjust their validation logic, and continue producing evidence without manual intervention. For governance teams, this means the control layer does not develop gaps between update cycles. Coverage is continuous, not intermittent.
What This Means for the Board Conversation
AI agent governance for ERP is no longer a technology risk discussion. It is a financial reporting risk discussion. And it belongs in the audit committee, not just the IT steering committee.
Three questions every audit committee should be able to answer by the end of 2026:
1. Which autonomous agents are operating inside our financial systems, and who owns them? Most organizations will discover that AI is already embedded in ERP modules, analytics platforms, and RPA tools, often without formal provisioning. An inventory is the non-negotiable first step.
2. What continuous controls exist to verify that agent decisions are consistent with our policies? Periodic ITGC testing is no longer sufficient. The board should expect management to articulate a continuous testing strategy that produces auditable evidence of agent compliance.
3. Can we produce that evidence on demand? When the external auditor asks — and they will — the answer cannot be “we’ll pull it together during audit season.” Continuous testing produces evidence continuously. It should be available on demand, not reconstructed after the fact.
The organizations that treat this as a 2027 problem will find themselves explaining control deficiencies to their audit committee. The ones that invest now in a continuous testing layer for their ERP environment will have the evidence ready before anyone asks for it.
The Case for Testing as Governance
The discipline the enterprise world has called “testing” for decades is about to matter in ways it never has before. Not because ERP systems are getting buggier , but because the agents operating inside them are getting more autonomous, and the regulatory framework has not caught up.
In that gap between agent autonomy and regulatory clarity, continuous testing is the control mechanism. It is the thing that proves, transaction by transaction, that autonomous processes stayed within their intended boundaries. It is the evidence layer that gives auditors confidence, gives regulators traceability, and gives the CFO the ability to attest — under oath, that internal controls are effective.
Testing is no longer just a QA function. In the agentic enterprise, it is a governance imperative.
In the agentic enterprise, continuous testing is not optional. It is the control layer that makes every other governance commitment credible.
See What an Audit-Ready Testing Record Looks Like
Sofy’s ERP Test Agents produce the continuous validation evidence that governance teams need in the age of autonomous agents. See it running against your SAP or Dynamics 365 environment.