Your AI Bookkeeper Has Admin Access You Can't Audit

A founder I work with runs a 38-person SaaS business at $11M ARR. Her bookkeeper retired in February. In March they switched to an AI bookkeeping platform that pulls bank feeds, categorizes transactions, and posts journal entries automatically. The first month closed three days faster than it ever had. She sent me the numbers and asked what I thought.

I asked one question. Who at her company has the password to the AI agent's QBO connection, and what's the scope of what it can post.

She didn't know. The vendor set it up.

What changed

AICPA's 2026 audit guidance update, effective for fiscal years beginning January 1, treats AI agents as control objects. Same posture as a contractor with login credentials. Same documentation expected.

For private companies that don't get audited, this still matters. Lender reviews ask. Buy-side diligence asks. Your bookkeeper's eventual replacement is going to ask. The question is some version of: how did this entry get posted, who authorized it, and where's the log.

If the answer is "the AI did it, and I don't have the log," you're not running automated bookkeeping. You're running an unsigned blank check against your general ledger.

Three artifacts have to exist.

First, agent identity. The AI agent connects to QBO under some user account. That account has a name, a permission set, and an audit trail. If it's running under your CFO's personal login, every JE looks like a CFO entry to anyone reviewing the system later. Create a service user with a name that signals what it is. Document who manages its credentials.

Second, permission scope. Most AI bookkeeping platforms ask for full admin during setup because it's the easy path. Full admin means the agent can void invoices, modify customers, change chart of accounts, reverse posted JEs. The agent doesn't need most of that. Scope the role down to what it's actually doing. Write the scope in a one-pager.

Third, the audit log. The platform either streams events out to your file system or it doesn't. If it doesn't, you're trusting the vendor's internal log, which you can't pull on demand. Move to a platform that pushes a daily log, or stand up a script that pulls the QBO audit log nightly into your drive.

An AI agent in your books is a control object. Treat it as a person with login credentials, because that's what it is to anyone reviewing your system later.

What to do this month

Pull the user list from QBO or NetSuite this week. Find every login that isn't a human. Map each one to a person who manages it. If that person is a vendor's customer success rep, flag it. If you can't name the person, the agent doesn't have a steward.

Then ask your AI bookkeeping platform two questions in writing. What permission level does the agent run with, and can you scope it to read plus a defined posting role. Do you provide an exportable audit log of agent actions, with timestamps and entity identifiers.

A platform that hesitates on either question is telling you something. Most won't hesitate. The ones that do are the ones you need to document around or replace before your next review.

Your agent already wrote to the books. Whether you can prove what it wrote is the question.