Controls & Governance

Outputs you can stand behind.

Finance can't sign off on a black box. Every riicu agent runs inside a control framework: scoped access, recorded actions, reviewable outputs, and the audit evidence your controllers and auditors expect.

Talk to our team Back to our approach

Four pillars

Built around finance controls, not bolted on.

Role-based access (RBAC)

Every agent action is bound to a user role and scope. Preparers prepare, reviewers review, approvers approve - the same separation of duties finance already runs on.

End-to-end audit trail

Every prompt, data source, output, override, and approval is recorded with timestamp and actor. Reproducible evidence, not screenshots.

Reviewable outputs

Agents surface their working: source rows, formulas, and assumptions are visible and exportable. No output goes to a number without a trail.

Scoped data access

Agents see only the entities, ledgers, and periods their role permits. Row-level security at the data layer, not just the UI.

Audit trail

Every action, recorded.
Reproducible by design.

Each interaction with a riicu agent generates a structured event: who asked, what data was queried, what was returned, what was overridden, and who approved.

Events are immutable, exportable, and queryable - built to satisfy SOX, ISAE 3402, and your internal audit playbook.

Event log - variance.agent.session.4f12a

14:02:11PROMPT

Asked variance agent: 'Why did EMEA opex move +4.2% MoM?'

j.silva@client

14:02:14DATA

Pulled GL postings: entities EMEA-01..04, period 2026-03

agent.variance

14:02:16OUTPUT

Output: 3 drivers identified (HC +€180k, IT licences +€62k, FX +€41k)

agent.variance

14:08:02APPROVAL

Reviewed and approved narrative for board pack

m.costa@client

Event log

session.4f12a

PROMPT14:02:11
Asked variance agent: 'Why did EMEA opex move +4.2% MoM?'
j.silva@client
DATA14:02:14
Pulled GL postings: entities EMEA-01..04, period 2026-03
agent.variance
OUTPUT14:02:16
Output: 3 drivers identified (HC +€180k, IT licences +€62k, FX +€41k)
agent.variance
APPROVAL14:08:02
Reviewed and approved narrative for board pack
m.costa@client

Role-Based Access Control

Roles that mirror how finance already works.

Preparer

Run agents on assigned entities. Draft outputs, no approvals.

QueryDraftComment

Reviewer

Review preparer outputs across a defined entity group.

ReviewCommentReject

Approver

Final sign-off on AI-assisted outputs entering reporting or close.

ApproveOverrideReopen

Admin

Manage roles, scopes, and agent configurations. No data access by default.

ConfigureAuditDelegate

Controls framework

What auditors will actually ask for.

SOX-aligned controls

Preparer/reviewer/approver separation enforced at the agent level, not just process documentation.

Anomaly thresholds

Configurable guardrails: agents flag and pause when output deviates beyond defined materiality.

Data residency & isolation

Customer data isolated by tenant. Configurable region pinning for EU and other residency requirements.

Auditor-ready exports

Full event logs and approval trails exportable in formats your internal and external auditors already use.

Want to see the controls in action?

We'll walk your finance, IT, and audit stakeholders through how RBAC, audit trails, and review workflows hold up under real scrutiny.

Book a governance walk-through