AI Governance

5 SOX Compliance Risks When Using Generative AI in Finance Controls (2026)

Q: What does COSO say about using generative AI in internal controls?

COSO's Achieving Effective Internal Control Over Generative AI, published February 2026, is the authoritative framework for applying internal controls to GenAI. Because SOX compliance is built on the COSO framework, this guidance brings generative AI directly inside the SOX perimeter. It provides a six-step roadmap — govern, inventory, assess, design, implement, monitor — mapped to the 17 COSO principles, and makes several critical points. It frames GenAI outputs as claims requiring validation rather than facts to accept by default, reflecting the probabilistic nature of the technology. It warns explicitly that set-and-forget assurance is inadequate for probabilistic models, requiring continuous monitoring of model drift and output quality. And it specifies that effective monitoring requires a complete audit trail capturing prompts, inputs, outputs, model and configuration versions, and human-review evidence, sufficient to reconstruct what the AI acted on and show the control operated as designed. The overarching message — as summarized by analysts — is that GenAI risk is an internal control challenge, not a policy discussion.

Generative AI is already embedded in financial reporting and close processes at many companies — often faster than the controls governing it have caught up. COSO’s February 2026 guidance made the issue plain: GenAI risk is an internal control challenge, not a policy discussion. Here are the five specific SOX risks it introduces, and how to address each.

Kognitos June 23, 2026 13 min read

Five SOX compliance risks when using generative AI in finance controls in 2026: non-reproducibility, the evidence and audit-trail gap, model drift, the ITGC gap, and disclosure and AI washing exposure, anchored on COSO's February 2026 guidance, with how to address each. By Kognitos.

TL;DR

Generative AI used in or around SOX-relevant financial controls introduces specific compliance risks, and 2026 regulatory developments have made them concrete. COSO’s Achieving Effective Internal Control Over Generative AI (February 2026) provides a six-step roadmap and warns explicitly that set-and-forget assurance is inadequate for probabilistic models. PCAOB inspection priorities now scrutinize AI in audited reporting, AS 2201 and AS 2101 take effect for fiscal years beginning on or after December 15, 2026, and the SEC has pursued AI washing enforcement and treats AI as within management’s ICFR responsibility.

Five SOX risks matter most:

Non-reproducibility: generative AI is probabilistic, so the same input can produce different outputs, which undermines the consistency a control requires — GenAI output should be treated as a claim requiring validation, not the control itself.
The evidence and audit-trail gap: GenAI reasoning is not naturally reconstructable, so without capturing prompts, inputs, outputs, model versions, and human-review evidence, you cannot demonstrate the control operated as designed.
Model drift: a GenAI control that worked at testing can degrade silently over time — set-and-forget assurance fails and continuous monitoring is required.
The ITGC gap: IT general controls over the AI system (access, change management, data) are often immature, and ITGC failure invalidates reliance on the automated controls and system-generated reports above them.
Disclosure and AI washing exposure: significant AI changes to controls may require disclosure, and overstating AI capabilities has drawn SEC scrutiny.

The throughline is that generative AI’s probabilistic, opaque nature collides with SOX’s requirements for consistent, evidenced, reconstructable controls. The mitigations: do not use GenAI as the control itself for material decisions (use it in supporting roles with human or deterministic validation), capture complete audit trails, monitor continuously for drift, mature the ITGCs over the AI, and govern AI changes as control changes. Deterministic, auditable approaches address several of these risks structurally, which is why the architecture of AI used in SOX-relevant processes matters. For the architectural foundation, see Deterministic AI vs Generative AI for Finance Controls; for the audit-trail specifics, see AI Audit Trail Requirements: A 2026 Checklist.

Why this is a SOX question now, not just an AI question

For years, AI in finance was treated as an efficiency tool and an IT matter. In 2026 that framing broke, because the regulatory bodies that govern SOX made AI an internal-control issue directly.

The pivotal development was COSO’s Achieving Effective Internal Control Over Generative AI, published February 2026. COSO is the framework SOX compliance is built on (Section 404 requires management to assess ICFR against the COSO components), so when COSO addressed GenAI, it brought generative AI squarely inside the SOX perimeter. The guidance provides a six-step roadmap — govern, inventory, assess, design, implement, monitor — mapped to the 17 COSO principles, and makes a point that reframes the whole question: set-and-forget assurance is inadequate for probabilistic models, requiring continuous monitoring of drift and output quality. The overarching message, as summarized by analysts, is that GenAI risk is an internal control challenge, not a policy discussion.

The PCAOB reinforced this. Auditor and client use of AI is part of the PCAOB’s inspection priorities, meaning how AI is controlled is now part of the inspection picture, not just an internal efficiency question. The amended AS 2201 and AS 2101 take effect for audits of fiscal years beginning on or after December 15, 2026, formalizing a top-down, risk-based approach, and ITGCs (including those over AI systems) are tested first because their failure invalidates reliance on the automated controls above them. The PCAOB’s 2024 ICFR deficiency rate was 39%, and AI controls add a new surface for deficiencies.

The SEC added the disclosure dimension. It treats management’s ICFR responsibility as extending to any technology used in financial reporting, including AI, has built an in-house AI capacity and an AI task force, and has pursued AI washing enforcement against overstated AI claims. Significant changes to internal control require disclosure, which can include significant AI changes.

The combined effect: using generative AI in or around a SOX-relevant control is now a SOX compliance question with specific, regulator-defined risks. Those are the five below.

The five SOX compliance risks

1. Non-reproducibility: a probabilistic control is not a reliable control

The foundational risk is that generative AI is probabilistic, while a SOX control must be reliable and consistent. A control provides assurance only if it operates the same way on the same facts every time; if it can produce different outputs for the same input, it cannot provide that assurance. Generative AI, by design, can produce different outputs across runs, which is precisely the property a control cannot have.

This is why COSO’s guidance frames GenAI outputs as claims requiring validation rather than facts to accept by default. The risk materializes when a team uses a generative model as the control itself — letting it make the SOX-relevant decision (classifying a transaction, validating an entry, approving a reconciliation) without a deterministic or human validation layer. In that configuration, the control is probabilistic, and an auditor evaluating it has to conclude it does not reliably operate as designed, because by construction it may not operate the same way twice.

How to address it: Do not use generative AI as the control itself for material SOX-relevant decisions. Use it in supporting roles — drafting, summarizing, surfacing, extracting — where its output is validated by a human or by a deterministic system before it becomes part of the financial process. The control is the validation step, not the generative output. For the decision itself, a deterministic system (which produces the same output on the same input every time) provides the reproducibility a control requires. This is the central architectural point in Deterministic AI vs Generative AI for Finance Controls.

2. The evidence and audit-trail gap: you cannot prove what you cannot reconstruct

SOX requires that controls be evidenced: management must demonstrate, and auditors must verify, that the control operated as designed. This requires a reconstructable record of what the control did. Generative AI creates a gap here, because its reasoning is internal to the model and not naturally inspectable, so without deliberate instrumentation there is no adequate evidence that the AI-driven control functioned correctly.

COSO’s guidance is specific about what adequate monitoring requires: a complete audit trail capturing prompts, inputs, outputs, model and configuration versions, and evidence of human review, sufficient to reconstruct what the AI acted on and show the control functioned as designed. Most GenAI deployments do not capture this by default. The risk is a control that may be working but cannot be proven to work — which under SOX is a deficiency regardless of whether the underlying decisions happened to be correct, because the inability to evidence the control is itself the problem.

How to address it: Capture the complete audit trail COSO describes — prompts, inputs, outputs, model and configuration versions, and human-review evidence — for any AI touching a SOX-relevant process, sufficient to reconstruct each decision. This is far easier with architectures that are explainable and reconstructable by design than with opaque models where the audit trail has to be bolted on. The detailed requirements are in AI Audit Trail Requirements: A 2026 Checklist. See also When Confidence Scores Lie: Why “94% Confident” Is Not an Audit Trail for why a confidence score is not a substitute for a reconstructable record.

3. Model drift: set-and-forget assurance fails for probabilistic models

A third risk is unique to AI and easy to miss: a generative AI control that operated correctly when it was tested can degrade over time without anyone changing it. Models drift, the data they encounter shifts, behavior changes subtly, and a control that was effective at the testing date may not be effective at the reporting date. This breaks the traditional control-testing model, which often assumes that a control tested as effective remains effective absent a known change.

COSO’s guidance explicitly warns that set-and-forget assurance is inadequate for probabilistic models, and requires continuous monitoring of model drift and output quality. The SOX risk is that a team tests a GenAI control once, concludes it is effective, and relies on it through the period, while it silently degrades — so the control is deficient for part of the period without anyone realizing until an error surfaces or an auditor probes. This is a genuinely new failure mode that the probabilistic nature of the technology introduces.

How to address it: Implement continuous monitoring of any AI in SOX-relevant processes, tracking output quality and drift over time rather than testing once and assuming stability. This is a meaningful operational burden for probabilistic models, which is itself a reason to prefer deterministic systems for the controls themselves: a deterministic system that executes defined logic does not drift in the way a probabilistic model does, since the same inputs produce the same outputs by construction, so the monitoring burden is about data and logic changes rather than silent model degradation.

4. The ITGC gap: weak controls over the AI invalidate the controls above it

The fourth risk is structural and often overlooked. IT general controls (ITGCs) — covering logical access, change management, computer operations, and data security — are the foundation that automated application controls and system-generated reports rely on. Auditors test ITGCs first, because their failure invalidates reliance on everything above them, and ITGC failures are a frequent root cause of ICFR deficiencies. When AI is introduced into financial processes, it needs ITGCs over the AI system itself, and these are frequently immature or absent.

The risk is that a company deploys AI in financial processes without adequate ITGCs over it — who can access and change the AI, how changes to the model or its configuration are controlled and documented, how the data feeding it is secured and validated — and the weakness in those foundational controls undermines reliance on the AI-driven controls and any reports they produce. An AI control can be well-designed at the application level and still be unreliable for SOX purposes if the ITGCs over the AI system are weak, just as any automated control is only as reliable as the ITGCs beneath it.

How to address it: Extend the ITGC framework to cover the AI systems used in financial processes: access controls over who can configure and change the AI, change management governing model and configuration changes (treating them as the control changes they are), and data security and validation over the inputs. Auditors will test these, and their adequacy determines whether the AI-driven controls above them can be relied upon. This is part of why COSO’s roadmap includes govern and implement steps, not just the control design itself.

5. Disclosure and AI washing exposure

The fifth risk shifts from operation to disclosure. The SEC treats management’s ICFR responsibility as extending to any technology used in financial reporting, including AI, and significant changes to internal control require disclosure. Introducing or significantly changing AI in SOX-relevant controls may therefore be a disclosable change to ICFR. Separately, the SEC has pursued AI washing enforcement against companies overstating their AI capabilities in disclosures.

The risk is two-sided. On one side, failing to disclose a significant AI-driven change to internal controls could itself be a compliance problem. On the other, overstating what the AI does or how well it works — AI washing — has drawn SEC enforcement, so describing AI controls inaccurately in either direction creates exposure. This makes the accuracy of how a company describes its AI controls a compliance matter, not just a marketing one.

How to address it: Treat significant AI changes to SOX-relevant controls as potential ICFR changes requiring evaluation for disclosure, and ensure any public description of AI capabilities is accurate and substantiated, neither overstated (AI washing) nor materially incomplete. Coordinate between the finance, legal, and disclosure functions on how AI in controls is characterized. The defensibility of the AI — whether its operation can actually be evidenced and explained — underpins the ability to describe it accurately, which connects this disclosure risk back to the reproducibility and audit-trail risks above.

The pattern across the five risks

Stepping back, the five risks share a root cause: generative AI’s probabilistic, opaque nature collides with SOX’s requirement for controls that are consistent, evidenced, reconstructable, stable, and well-governed. Non-reproducibility, the evidence gap, drift, the ITGC gap, and disclosure exposure are five expressions of the same underlying tension between how generative AI works and what SOX requires of a control.

This is why the mitigations converge on a consistent approach: do not let probabilistic AI be the control itself for material decisions, keep the control in a human or deterministic layer that validates the AI’s output, capture complete reconstructable evidence, monitor continuously for drift, govern the AI with proper ITGCs and change control, and describe it accurately. None of this means generative AI cannot be used in finance — it means it should be used in roles suited to its nature (understanding, drafting, surfacing, under validation) rather than as the SOX-relevant control itself, which needs properties generative AI does not have.

It also explains why the architecture of AI used in SOX-relevant processes matters so much. Deterministic, explainable, auditable AI addresses several of these risks structurally rather than through bolted-on compensating controls: it is reproducible by construction (addressing risk one), reconstructable by design (addressing risk two), and does not drift the way probabilistic models do (addressing risk three), while still requiring proper ITGCs and accurate disclosure (risks four and five) like any control. This is the architectural case for using deterministic systems for the controls themselves, developed in Deterministic AI vs Generative AI for Finance Controls.

Where Kognitos fits

A note on this honestly, since the topic is governance and credibility is the point. The five risks above are real for any company using AI in SOX-relevant controls, and addressing them is a matter of architecture and process, not any single product. Generative AI has legitimate roles in finance (drafting, summarizing, document understanding under validation), and companies will use it; the point is to keep it out of the control role and govern it where it is used.

Where Kognitos is relevant is the control-and-execution side — the SOX-relevant decisions and process steps that need to be reproducible and evidenced. Kognitos is a deterministic, neurosymbolic agentic platform that executes finance work — cash application, reconciliation, invoice processing, exception handling — the same way every time, in plain English, with every decision logged and reconstructable. Against the five risks, it is reproducible by construction (risk one), produces the complete reconstructable audit trail COSO describes (risk two), and does not silently drift the way probabilistic models do (risk three), while operating within the ITGC and disclosure governance any control requires (risks four and five). It is suited to be the deterministic execution layer for SOX-relevant finance processes, and it can work alongside generative AI used in its appropriate supporting roles. That is the honest framing of where Kognitos fits — it addresses the architectural sources of several of these risks for the control work it handles, not that it eliminates the need for the broader SOX governance that every company deploying AI in financial controls still has to do.

Book a working session with a Kognitos solutions engineer • Try Kognitos free

Putting it together

Generative AI in SOX-relevant finance controls creates five specific compliance risks: non-reproducibility (a probabilistic control cannot reliably operate the same way every time), the evidence and audit-trail gap (GenAI reasoning is not naturally reconstructable, so you cannot prove the control worked), model drift (set-and-forget assurance fails because probabilistic models degrade silently), the ITGC gap (weak controls over the AI invalidate the controls above it), and disclosure and AI washing exposure (significant AI changes may be disclosable, and overstating AI has drawn SEC scrutiny). The 2026 regulatory environment — COSO’s February 2026 GenAI guidance, PCAOB inspection priorities and the AS 2201/2101 changes effective December 15, 2026, and SEC enforcement — has made these concrete SOX matters rather than abstract concerns. The unifying cause is that generative AI’s probabilistic, opaque nature collides with SOX’s requirement for consistent, evidenced, reconstructable controls, and the mitigations converge: keep generative AI out of the control role, validate its outputs with human or deterministic layers, capture complete evidence, monitor for drift, govern the AI with proper ITGCs, and describe it accurately. The architecture matters, because deterministic, auditable systems address several of these risks structurally, which is why they fit the SOX-relevant control work that needs to hold up to audit.

Last updated: June 2026. Information reflects publicly available regulatory sources as of mid-2026, including the COSO Achieving Effective Internal Control Over Generative AI guidance (February 2026), PCAOB inspection priorities and the amended AS 2201 and AS 2101 (effective for fiscal years beginning on or after December 15, 2026), and SEC positions on AI in financial reporting. Specific compliance requirements should be validated with qualified counsel and auditors. This article is informational and does not constitute legal, audit, or compliance advice.

Frequently asked questions

What are the SOX risks of using generative AI in financial controls?

Generative AI in SOX-relevant controls creates five main risks. First, non-reproducibility: generative AI is probabilistic and can produce different outputs for the same input, which undermines the consistency a control requires, so its output should be treated as a claim requiring validation rather than the control itself. Second, the evidence and audit-trail gap: GenAI reasoning is not naturally reconstructable, so without capturing prompts, inputs, outputs, model versions, and human-review evidence, you cannot demonstrate the control operated as designed. Third, model drift: a GenAI control that worked at testing can degrade silently over time, so set-and-forget assurance fails and continuous monitoring is required. Fourth, the ITGC gap: weak IT general controls over the AI system (access, change management, data) invalidate reliance on the automated controls and reports above them. Fifth, disclosure and AI washing exposure: significant AI changes to controls may require disclosure, and overstating AI capabilities has drawn SEC enforcement. These stem from a common cause: generative AI’s probabilistic, opaque nature collides with SOX’s requirement for consistent, evidenced, reconstructable controls.

What does COSO say about using generative AI in internal controls?

COSO’s Achieving Effective Internal Control Over Generative AI, published February 2026, is the authoritative framework for applying internal controls to GenAI. Because SOX compliance is built on the COSO framework, this guidance brings generative AI directly inside the SOX perimeter. It provides a six-step roadmap — govern, inventory, assess, design, implement, monitor — mapped to the 17 COSO principles, and makes several critical points. It frames GenAI outputs as claims requiring validation rather than facts to accept by default, reflecting the probabilistic nature of the technology. It warns explicitly that set-and-forget assurance is inadequate for probabilistic models, requiring continuous monitoring of model drift and output quality. And it specifies that effective monitoring requires a complete audit trail capturing prompts, inputs, outputs, model and configuration versions, and human-review evidence, sufficient to reconstruct what the AI acted on and show the control operated as designed. The overarching message — as summarized by analysts — is that GenAI risk is an internal control challenge, not a policy discussion.

Can you use generative AI in SOX-relevant controls at all?

Yes, but in appropriate roles rather than as the control itself for material decisions. Generative AI is well-suited to supporting tasks — drafting narratives, summarizing documents, extracting information, surfacing items for review — where its output is validated by a human or a deterministic system before it becomes part of the financial reporting process. In these roles, the control is the validation step, not the generative output, which aligns with COSO’s framing of GenAI outputs as claims requiring validation. What creates SOX problems is using generative AI as the control itself, letting it make the SOX-relevant decision without a validation layer, because its probabilistic nature means it cannot reliably operate the same way every time and its reasoning cannot be readily reconstructed for evidence. The practical approach is to use generative AI for the supporting work it does well, use a deterministic system or human judgment for the control decision that needs to be reproducible and evidenced, and govern the whole arrangement with proper audit trails, drift monitoring, ITGCs, and disclosure discipline.

Why is model drift a SOX compliance problem?

Model drift is a SOX problem because it breaks the assumption underlying traditional control testing — that a control tested as effective remains effective absent a known change. Generative and other probabilistic AI models can degrade over time without anyone modifying them: the data they encounter shifts, their behavior changes subtly, and a control that operated correctly at the testing date may not operate correctly at the reporting date. The SOX risk is that a team tests an AI control once, concludes it is effective, and relies on it throughout the period while it silently degrades, leaving the control deficient for part of the period without anyone realizing until an error surfaces or an auditor probes. COSO’s 2026 guidance addresses this directly, warning that set-and-forget assurance is inadequate for probabilistic models and requiring continuous monitoring of drift and output quality. This is a genuinely new failure mode introduced by the probabilistic nature of the technology, and it is one reason deterministic systems are preferable for the controls themselves: a deterministic system that executes defined logic does not drift the way a probabilistic model does, since the same inputs produce the same outputs by construction.

What are ITGCs and why do they matter for AI in finance?

IT general controls (ITGCs) are the foundational IT controls that ensure financial reporting systems operate reliably, covering logical access, change management, computer operations, and data security. They matter enormously because automated application controls and system-generated reports depend on them: auditors test ITGCs first, and their failure invalidates reliance on everything above them, which is why ITGC weaknesses are a frequent root cause of ICFR deficiencies. When AI is introduced into financial processes, it requires ITGCs over the AI system itself — who can access and change the AI, how model and configuration changes are controlled and documented, and how the data feeding it is secured and validated — and these are frequently immature or absent in early AI deployments. The SOX risk is that an AI control can be well-designed at the application level but still unreliable for SOX purposes if the ITGCs over the AI system are weak, because the foundational controls undermine reliance on everything built on them. Addressing this means extending the ITGC framework to cover the AI systems, with access controls, change management treating model changes as control changes, and data validation, which auditors will test.

What is AI washing and how does it relate to SOX?

AI washing is overstating or misrepresenting a company’s AI capabilities, and it relates to SOX through the disclosure dimension of internal control. The SEC treats management’s responsibility for internal control over financial reporting as extending to any technology used in financial reporting, including AI, and has pursued enforcement against companies that overstate their AI capabilities in disclosures. This creates a two-sided risk around AI in SOX-relevant controls. On one side, significant AI-driven changes to internal controls may be disclosable changes to ICFR, so failing to disclose them could be a compliance problem. On the other side, describing AI controls inaccurately by overstating what the AI does or how well it works can constitute AI washing and draw SEC scrutiny. The result is that how a company characterizes its AI in financial controls becomes a compliance matter, not just a marketing one, and the accuracy of that description depends partly on whether the AI’s operation can actually be evidenced and explained.

How does deterministic AI reduce SOX compliance risk compared to generative AI?

Deterministic AI addresses several of the SOX risks structurally rather than through bolted-on compensating controls. Because it produces the same output for the same input every time by executing defined logic, it is reproducible by construction — addressing the non-reproducibility risk that makes probabilistic AI unsuitable as a control. Because its decisions are made by applying explicit logic to data, the reasoning is reconstructable by design — the explanation of any decision is the rule applied and the data used, inherently logged — which addresses the evidence and audit-trail gap. And because it does not rely on a probabilistic model that can drift, it does not silently degrade the way generative AI can, which addresses the model-drift risk. Deterministic AI still requires proper ITGCs and accurate disclosure like any control, so it does not eliminate all five risks, but it removes the architectural sources of the first three. This is why deterministic, explainable, auditable systems are well-suited to the SOX-relevant control decisions that need to hold up to audit, while generative AI is better reserved for supporting roles under validation.

Do auditors scrutinize AI used in financial controls?

Yes, increasingly so. The use of AI in financial reporting — by both companies and auditors — is part of the PCAOB’s inspection priorities, meaning how AI is controlled is now part of the inspection picture rather than just an internal efficiency consideration. The amended PCAOB standards AS 2201 and AS 2101 take effect for audits of fiscal years beginning on or after December 15, 2026, formalizing a top-down, risk-based approach in which IT general controls, including those over AI systems, are tested first because their failure invalidates reliance on the automated controls and reports above them. Auditors will evaluate the adequacy of controls over AI systems and the sufficiency of audit evidence where AI-generated outputs are relied upon. The SEC also treats AI within management’s ICFR responsibility and has pursued AI washing enforcement. The practical implication for companies is that AI in SOX-relevant processes must be controlled and evidenced to a standard that withstands audit scrutiny: reproducible operation, reconstructable audit trails, drift monitoring, proper ITGCs, and accurate disclosure.

Kognitos