AI in finance without governance is a control failure waiting to happen. The Mysoft Agentic Finance Governance Framework defines the authority structures, audit requirements, and review cadences that make AI-augmented finance sustainable and auditable.
The Governance Framework is built on five design principles that apply across all four maturity stages — from basic automation at Stage 2 through to fully agentic operations at Stage 4.
Every AI-assisted or automated process has a defined human in the loop. The framework specifies who has authority at each tier, what escalation triggers apply, and what happens when an exception falls outside defined parameters. Autonomy is earned through demonstrated performance, not assumed by default.
Every automated decision generates an audit record that captures the input data, the logic applied, the output produced, and the human review action taken. This is not a post-hoc logging requirement — it is an architectural constraint. Systems that cannot produce this record do not receive automation governance.
Low-value, low-risk transactions can be fully automated with minimal oversight. High-value, high-risk transactions require CFO-level sign-off regardless of automation capability. The Tiered Approval Model maps this relationship explicitly — ensuring governance overhead is proportionate to actual risk.
The Quarterly AI Optimisation Review (QAOR) is a structured cadence for assessing automation performance against defined benchmarks — exception rates, straight-through processing rates, approval cycle times, and audit trail completeness. Governance without measurement is aspiration, not control.
Governance requirements at Stage 2 (intelligent automation) are different from those at Stage 4 (agentic operations). The framework is versioned and updated as maturity advances — ensuring governance remains relevant and proportionate at each stage rather than becoming either a barrier or a formality.
Defines which processes are eligible for automation, the entry conditions that must be satisfied before automation is activated, and the process documentation requirements that enable exception handling. No process is automated without a completed process governance record.
The Tiered Approval Model — four tiers mapped to transaction type, value band, and risk category. Tier 1 (fully automated, no human review required); Tier 2 (automated with exception review); Tier 3 (automated with Finance Manager approval); Tier 4 (CFO sign-off required). Every automated transaction sits within a defined tier.
Defines the audit trail requirements for each process type, the retention period for AI decision records, the access controls on audit data, and the evidence pack format required for external audit. Designed to satisfy Big Four audit methodology requirements.
The Quarterly AI Optimisation Review (QAOR) structure — agenda, metrics, attendees, escalation criteria, and output documentation. Includes the annual governance framework review process that assesses whether the current framework remains appropriate for the organisation's maturity stage.
The Tiered Approval Model is the operational core of the governance framework. It maps transaction type to approval tier — ensuring every automated transaction has a defined human authority structure.
| Tier | Approval Model | Transaction Types | Value Threshold |
|---|---|---|---|
| Tier 1 | Fully automated — no human review | Matched purchase invoices, low-value recurring payments, automated bank reconciliation entries | Within pre-approved supplier contract; below defined value limit |
| Tier 2 | Automated with exception review | Partially matched invoices, travel & expense claims within policy, automated journal entries | Within policy parameters; exceptions escalate to Tier 3 |
| Tier 3 | Finance Manager approval | Unmatched invoices, out-of-policy expenses, budget variances above threshold, accrual journals | Organisation-defined; typically £5k–£25k depending on sector |
| Tier 4 | CFO sign-off required | Capital expenditure, significant contract commitments, period adjustments, manual override of automation | Organisation-defined; typically above £25k or any manual override |
Source: Mysoft Agentic Finance AI Governance Framework, Layer 2.
The QAOR is the mechanism by which governance remains live rather than becoming a document that sits on a shelf. It is a structured 90-minute review conducted quarterly by the Finance Director, IT lead, and Mysoft engagement manager.
We offer a structured governance assessment for finance leaders who want to understand how their current AI controls compare to the Mysoft Governance Framework — and where the gaps are before they become audit findings.