GL entry review methodology
Sigmodx records approve, flag, and block decisions on journal entries without storing full GL subledgers or employee identity. Auditors verify period attestations using SIGMODX-GL-[ORG]-[HASH] strings at /verify.
Input hashing
Hash JE reference, GL account code, amount, posting period, and an anonymized poster identifier (role or hashed user id — not names). Your ERP data stays in your environment.
Flag subtypes
| Subtype | Meaning |
|---|---|
duplicate_risk | Entry may duplicate an existing journal record |
round_number | Amount is a suspicious round number |
unusual_poster | Poster rarely posts to this account |
outside_hours | Entry created outside configured business hours |
threshold_skirting | Amount just below an approval threshold |
segregation_of_duties | Creator and approver are the same person — auto-blocked |
backdated | Posting date precedes entry creation |
suspense_account | Entry posts to suspense or clearing |
missing_documentation | No document reference attached |
SOD auto-block
Segregation of duties violations are always recorded as block decisions, regardless of agent ALLOW/LIMIT/BLOCK state. The block is immutable once attested.
Reliability signals
- False positive rate — flagged/blocked entries a human cleared
- False negative rate — approved entries a human later escalated
- SOD violation detection rate — SOD cases correctly blocked
- Block accuracy — blocked entries confirmed by reviewers
- Escalation rate — critical flags escalated
Computed state ALLOW / LIMIT / BLOCK uses org thresholds in gl_review_thresholds. Supervisors may override via agent_state_overrides with a mandatory reason.
PCAOB AS 2201
Attestations support evidence that automated journal-entry review controls operated for the period, including SOD enforcement and reviewer disagreement rates.