Skip to main content

Accounting AI: Governing Financial Statement Generation

Accounting teams are beginning to use AI for draft footnotes, management discussion summaries, variance explanations, and close-package narratives. Those are reasonable places to look for efficiency because the work is repetitive, time-sensitive, and document-heavy. The mistake is to treat financial statement generation like ordinary drafting. In reality, the route is touching non-public financial data, control narratives, and reporting language that may be reviewed by auditors, executives, boards, or regulators.

Keeptrusts helps by making financial drafting a governed workflow instead of an unbounded prompt habit. A route can use RBAC to limit who may generate reporting language, Data Routing Policy to constrain provider handling, MNPI Filter to catch obvious non-public financial content, Financial Compliance to block or disclaim risky output patterns, Citation Verifier to keep generated text tied to source material, and Human Oversight for filing-adjacent review.

Use this page when

Primary audience

  • Primary: Technical Leaders
  • Secondary: Technical Engineers, controllership and reporting teams

The problem

Financial statement generation looks safer than it is because much of the work appears to be "just narrative." But the narrative is derived from sensitive sources: trial balances, close memos, control documentation, board materials, draft earnings content, and management explanations that may not yet be public. If those materials reach an unrestricted model route, the organization has created a disclosure and control problem before the first sentence is even generated.

There is also a quality problem. A polished summary can still be wrong. If an assistant invents a reason for a variance, misstates a covenant, or smooths over uncertainty in a footnote, the issue is not merely style. It can affect internal control narratives, audit interactions, and executive decision-making.

Finally, accounting teams need a review boundary. AI can help prepare a draft, but filing-adjacent language should not move directly from a model response into the reporting package without explicit human approval. That is especially true when the route touches management commentary or disclosures related to non-public performance.

The solution

The best approach is to treat AI-assisted financial drafting as grounded preparation, not autonomous reporting.

Use rbac so only designated roles such as accounting managers, controllers, or disclosure reviewers can access the route. A broad finance chatbot is the wrong boundary for statement-generation work.

Use data-routing-policy to ensure that draft financial content only reaches providers that meet the organization's retention and handling requirements. If the route must run on zero-retention or local infrastructure, policy should say so explicitly.

Use mnpi-filter to add a disclosure-sensitive checkpoint, and financial-compliance to suppress output that drifts into recommendation or investment-advice style language. Those controls are not a replacement for accounting review, but they help keep generated responses inside the right tone and risk perimeter.

Use citation-verifier and quality-scorer to increase confidence that narrative output remains tied to provided workpapers and meets a minimum bar before reviewers see it. Then use human-oversight as the approval stop for draft disclosures or filing-adjacent text.

Implementation

This example governs an accounting drafting route used during close and reporting preparation.

pack:
  name: accounting-statement-drafting
  version: 1.0.0
  enabled: true

policies:
  chain:
    - rbac
    - data-routing-policy
    - mnpi-filter
    - financial-compliance
    - citation-verifier
    - quality-scorer
    - human-oversight
    - audit-logger

policy:
  rbac:
    deny_if_missing:
      - X-User-ID
      - X-User-Role
      - X-Reporting-Period
    roles:
      accounting-manager:
        allowed_tools:
          - summarize_variance
          - draft_footnote
          - draft_close_memo
      controller:
        allowed_tools:
          - summarize_variance
          - draft_footnote
          - draft_close_memo
          - draft_disclosure_note

  data-routing-policy:
    require_zero_data_retention: true
    sanitize_before_provider: true
    on_no_compliant_provider: block
    log_provider_selection: true

  mnpi-filter: {}

  financial-compliance:
    blocked_patterns:
      - guaranteed return
      - strong buy
      - strong sell
    required_disclaimers:
      - This output is for internal accounting workflow use only.

  citation-verifier:
    require_sources: true
    require_source_match: true
    min_confidence: 0.8
    output_action:
      unverified_action: block

  quality-scorer:
    thresholds:
      min_aggregate: 0.8

  human-oversight:
    require_human_for:
      - filing_adjacent_disclosure
      - board_pack_summary
      - external_reporting_language
    confidence_threshold: 0.8
    action: escalate
    default_assignee: controllership-review

  audit-logger: {}

This route is designed to prepare drafts that humans review, not to generate final reporting autonomously. That distinction keeps the system aligned with accounting discipline.

The operational check is straightforward:

kt policy lint --file ./accounting-statement-drafting.yaml
kt gateway run --policy-config ./accounting-statement-drafting.yaml --port 41002
kt events tail --policy citation-verifier
kt events tail --policy human-oversight

If the route blocks ungrounded narrative and escalates external-reporting language, the core controls are working.

Results and impact

Accounting teams gain drafting speed without weakening review standards. Narrative preparation moves faster, but the route still enforces that high-impact text remains grounded and human-approved.

That improves both governance and quality. Draft financial content stays on approved provider paths, obviously risky output patterns are constrained, and reviewable evidence exists if finance leadership or auditors need to understand how the route was used.

The broader benefit is cultural. Teams stop thinking about AI as a shortcut around the close process and start using it as a controlled preparation tool inside that process. That is a much more sustainable posture for financial reporting.

Key takeaways

  • AI-assisted financial statement generation should be treated as controlled draft preparation, not autonomous reporting.
  • Use data-routing-policy and mnpi-filter to protect non-public financial information.
  • Use citation-verifier and quality-scorer to keep narratives grounded and reviewable.
  • Use financial-compliance to constrain output tone and risky advice-like language.
  • Use human-oversight for disclosures, board materials, and external-reporting text.

Next steps