Audit Scenarios/Invoice Approval

Invoice Approval Audit Trail

Every invoice approval decision your AI agent makes — logged, hashed, and independently verifiable. Without touching your invoice data.

Request pilot accessAgent API reference

AI agents are approving invoices. Most have no audit trail.

Finance teams are deploying AI agents to review and approve invoices at scale. The agents check purchase orders, vendor history, and GL records, then approve, reject, or escalate. Fast, consistent, and increasingly hard to audit.

SOX Section 404 requires documented internal controls over financial reporting. When AI agents are part of that process, auditors will ask: what did the agent decide, why did it decide that, and how do you know the record hasn't been altered? Most teams don't have a clean answer.

What gets logged for every decision

The decision

Approve, reject, or escalate — with timestamp, agent ID, and the amount and vendor reference as submitted by the agent.

The input fingerprint

A SHA-256 hash of the data the agent consumed before deciding. Your invoice data stays in your environment. Sigmodx stores only the hash — proof the agent used specific inputs, without seeing what they were.

The rationale

The agent's stated reason for its decision, recorded as an immutable string. "Invoice matches PO #4821. Vendor in good standing. Amount within delegated authority threshold."

The outcome

What happened after the decision — processed, rejected, reversed, or disputed. Recorded post-facto and immutable once set.

How the agent's state is determined

  1. Continuous evaluation

    Your team reviews a sample of agent decisions each week — typically 30–60 minutes. Reviewer agreement rate, error rate, and escalation rate are computed automatically.

  2. State assignment

    Based on those signals, the agent is assigned a state: ALLOW, LIMIT, or BLOCK. State is computed by the reliability worker and enforced by cinmon-control before any transaction executes.

  3. State changes are logged

    Every state change — and the reason for it — is written to the append-only log. If an agent moves from ALLOW to LIMIT, the record shows exactly why and when. Supervisors can manually override state with a mandatory reason field.

What you give your auditors

Your verification string

SIGMODX-INVOICE-E54ECE50-D331D86614C1

Your auditors submit this string to sigmodx.com/verify. They receive cryptographic confirmation that the audit record for the attested period is intact and unaltered.

They get proof. They don't get your data.

You retain all underlying invoice records internally and produce them directly to auditors if required. Sigmodx is the proof layer.

Integration is one afternoon

  1. Install the SDK

    pip install sigmodx
    npm install @sigmodx/sdk

    Python SDKTypeScript SDK

  2. Add three lines to your agent

    from sigmodx import SigmodxClient, InvoiceDecision

client = SigmodxClient(api_key="...", agent_id="...")
input_hash = client.hash_inputs(invoice_payload)
result = client.submit_invoice_decision(
    InvoiceDecision(
        decision_type="approve",
        input_hash=input_hash,
        rationale=agent_rationale,
        invoice_amount=amount,
        vendor_id=vendor_id,
    )
)

  3. Decision events appear in your org dashboard immediately

    No infrastructure changes. No vendor access to your systems.

Agent API reference →

Available now

The invoice approval scenario is live in production. Pilot access is available for Q3 2026. 90 days, no charge, no contract.

Request pilot access →See how verification works →