How does the Agent detect SoD conflicts in real time?

Every transaction posting is evaluated against your control matrix (roles, permissions, role-incompatibility rules) the moment it hits the ERP write queue. Conflicts — same user creating + approving, requesting + receiving, paying + reconciling — are flagged at transaction time, not at quarter-end. High-confidence conflicts block the post; borderline ones queue for review with the full role-history chain attached.

What does the quarterly attestation workflow look like?

Each control owner receives a pre-filled attestation in their queue — the Agent has already pulled the evidence, sampled the period, documented exceptions and remediation. Owners review the auto-assembled pack, add commentary where needed, and sign off in one click. Material exceptions auto-escalate to the Audit Committee. The spreadsheet round-robin disappears.

What's covered in the SOX-readiness evidence pack?

Control descriptions + ownership map + walkthrough documentation + sample test results + exception log + remediation trail + management attestation. Aligned with ISO 27001:2022 control families + CyberVadis assessment scope. Auditor portal handoff supported for Big-4 + Big-6 firms.

New

Internal Controls Agent

Monitors. Enforces. Attests. Reports

Continuous Segregation-of-Duties monitoring + dual-approval enforcement + quarterly attestation. Watches every transaction against your control matrix. Flags conflicts before they hit the GL. Replaces the quarterly spreadsheet attestation with real-time visibility. AuditBoard + Vanta territory, agentic.

Activate This Agent View Demo

Internal Controls Agent. Monitors. Enforces. Attests. Reports.

By the numbers

Internal Controls Agent by the numbers.

Real-time

SoD scanning

100%

Control attestation

Audit-ready

Evidence

<5 min

To activate

The use case

Watch every transaction. Enforce every control. Attest with one click.

Internal Audit + Compliance teams running a controls program built on quarterly spreadsheet round-trips. SoD matrix defined in 2019 — half the role mappings drifted after the ERP upgrade. Dual-approval policy lives in a SharePoint doc nobody reads. Quarterly attestation is two weeks of chasing control owners for sign-offs they barely understand. SOX-readiness assessment from the external auditor lands every two years — €200K + four weeks of distraction.

Internal Controls Agent watches every transaction against your control matrix, blocks dual-approval breaches at posting time, pre-fills the quarterly attestation from the real evidence trail, and assembles the SOX + ISO 27001 evidence pack on demand. Pairs natively with Sanctions Agent (block-at-onboarding) and Audit Prep Agent (auditor handoff). Control owners attest in one click — the Agent already did the work.

For who

Internal Audit Director

“SoD attestation is quarterly. Conflicts run for 90 days before we see them.”

CFO

“SOX-readiness assessment from external auditor — 4 weeks of work, costs €200K.”

Compliance Officer

“Dual-approval policy exists. Nobody enforces it.”

Group Controller

“Control evidence in 6 systems. Walk-through takes a week.”

Capabilities

What Internal Controls Agent actually does.

01Capability

Transaction-Time SoD Conflict Detection

Scans every posting against your control matrix in real time. Catches role-overlap conflicts (create + approve, request + receive, pay + reconcile) the moment they occur — not 90 days later at attestation.

02Capability

Dual-Approval Enforcement

Blocks transactions above threshold until the second approver signs. No more policy-on-paper. The Agent enforces the workflow inside your ERP — SAP, Oracle, Microsoft, NetSuite, Sage, Cegid, Odoo.

03Capability

Quarterly Attestation Workflow

Pre-fills control owner sign-offs from the actual evidence trail. Owners review and attest in one click. Replaces the spreadsheet round-robin that eats two weeks every quarter.

04Capability

Automated Control Testing with Sampling

Runs walkthroughs on a statistically valid sample each period. Documents results, exceptions, and remediation. Auditor-ready evidence pack generated automatically.

Continue exploring

More on Templates.

ISO 27001:2022 · GDPR · EU-hosted · Full audit trails · Trust Center →

See Internal Controls Agent on your stack.

Start free. See your first workflow run before the next quarter close.

Activate This Agent View Demo

ISO 27001

GDPR

CyberVadis

PA Certified

Peppol