The trust gap in numbers: What CFOs are actually saying
Headline CFO survey data tells a story that many enterprise AI vendors would prefer to ignore. Despite the widespread adoption of the technology, confidence in their outputs remains shockingly thin. Wolters Kluwer’s 2026 inTouch polling of global CFOs found that 58% still describe their finance environments as largely manual or siloed. Further, 47% cite trusted data as the single most important prerequisite for AI adoption.
Their published Future Ready CFO Report also found similar themes. Most notably, AI investment is accelerating, but the needed governance layer is lagging behind deployment.
The hallucination issue is particularly pertinent for tax. Unlike a general business analysis, where a confident-sounding answer that’s wrong is just inconvenient, an AI-generated tax error can have major legal and financial ramifications. In early 2026, the academic Journal of Accountancy flagged that incorrect indirect tax calculations, intercompany transactions, and multijurisdictional filings were the highest risk in agentic AI workflows.
Inherently, the trust gap is a governance design issue. Finance teams that are seeing success moving agentic AI from a pilot phase to governed production all share one common thread: They built the key oversight architecture before they scaled deployment.
The four governance architectures enterprise finance teams are using
There is no single governance model that has emerged as the industry standard. At least not yet.
However, four distinct architectures account for the vast majority of enterprise deployments in 2026. Each reflects a different answer to the same core question: At what point does an AI agent’s output require a human before it can become an action?
Architecture 1: Tiered risk and materiality thresholds
AI operates autonomously below a defined dollar or risk threshold under this model. Human sign-off is required for any amount above it. PwC's Data Controls Engine with Google Cloud uses a tiered system that allows clients to calibrate their tax operating model in accordance with their risk and materiality. The practical effect is that routine and low-value transactions move without friction, whereas anything material requires a qualified reviewer.
Architecture 2: Human-in-the-loop (HITL) checkpoints
Structured review gates embedded at specific process stages before the agent acts on regulated outputs are the path some companies take. EY's CIO playbook on agentic AI explicitly identifies human-in-the-loop oversight and governance systems as one of four core enterprise infrastructure pillars. The key distinction is that HITL checkpoints are baked into the process from the start, meaning the agent can’t go to the next step without a documented human confirmation.
Architecture 3: Multieye review for complex tax outputs
Multieye review adapts a familiar accounting control to agentic AI: the party that prepares a material output is not the party that approves it. In practice, an agent’s tax calculation passes through layered human checkpoints before anything is filed, and the depth of review scales with stakes. A routine diagnostic might need a single reviewer, whereas a multijurisdictional filing or an intercompany position calls for two or three sign-offs and a documented trail that shows auditors who reviewed it and when. For the highest complexity tax positions, these structured multireviewer sign-off cadences can help govern the process and reduce errors.
Architecture 4: Embedded governance within core finance platforms
Rather than a bolt-on oversight layer, this model integrates AI controls and anomaly alerts directly into close, plan, and report workflows within Corporate Performance Management platforms. Wolters Kluwer's CCH Tagetik, as noted by Fabrizio Tocchini, the vice president of technology product management, envisions this as a prerequisite for moving AI from pilot to governed production.
The threshold question: When does the agent act vs. route to a human?
Defining the autonomous action threshold is where many governance frameworks fall apart. Those that appear the most durable share three key characteristics:
- They are written, not just understood.
- They are jurisdiction-aware.
- They are reviewed on a defined cadence.
Written threshold policies should specify which filing types, jurisdictions, dollar ranges, and transaction categories are eligible for AI action vs. mandatory routing.
Jurisdiction awareness matters because indirect tax complexity is naturally geographic. A threshold that may be appropriate for a domestic sales tax in a single jurisdiction may be insufficient for the European Union, Value-Added Tax, Canadian Goods and Services Tax or Harmonized Sales Tax, or state-level economic nexus determinations.
Governance frameworks on AI that only apply a single materiality threshold across every jurisdiction where business is performed may be underestimating risk in some of the most complex exposure areas.
Further, threshold review cadences matter because both the AI agent’s capabilities and the underlying regulatory landscape change rapidly. Reviewing thresholds on a quarterly basis is the best way to stay on top of these changes. Additionally, triggering out-of-cycle reviews when any new jurisdiction is added or when an AI agent’s scope of work expands can help your organization determine whether a current threshold is miscalculated.
Audit trail standards: What's becoming table stakes
The audit trail question is one where many governance programs separate into two tiers: those building for external scrutiny and those building for internal comfort. This distinction matters more than you may think.
The IRS, state tax authorities, and external auditors are all focused on developing AI-specific examination protocols, and the standard they’re coming together on is not one of passive oversight. It’s of documented accountability.
For instance, EY Canada’s six-step agentic AI governance framework identifies decision logging and traceability as two nonnegotiable requirements for regulated finance tasks. The specific standard is that every action taken by an AI agent should create a log entry that details the decision made, what data was used, whose authority it’s under, and at what time it was made. This log should also be structured in such a way that an external auditor can reconstruct the AI’s entire reasoning.
IBM’s June 2025 governance research makes an even stricter claim. They say that most organizations running autonomous AI agents can’t currently demonstrate who approved what or under whose authority. By addressing this gap, you can ensure your governance program isn’t just compliant-ready, but also audit-proof.
There’s also one more dimension to this that shouldn’t be overlooked. Capitol Technology University published a 2026 report on IRS AI adoption that added an interesting factor to the equation. They posit that the IRS is deploying AI tools to analyze filing data at scale and, as such, that the audit trail quality is no longer just an internal governance concern but is now a factor in any audit examination, too. There has never been a more critical time to ensure that your governance strategy isn’t just meeting internal compliance requirements but also protecting your business from future audits.
The three failure modes governance programs most commonly miss
Even the most well-designed governance programs can fail. More often than not, it’s in a predictable manner. The three most common failure modes are structural problems that have shown up repeatedly in finance AI deployments:
1. Dirty data, governed confidently
Governance frameworks are only as reliable as the data feeding the agents. When data lacks context or semantic structure, agents can hallucinate. When this happens, your governance layer will systematically validate wrong outputs as correct. Per Wolters Kluwer's inTouch 2026 polling, 47% of finance professionals cite trusted data as the top prerequisite, yet most organizations are not there yet.
2. Security theater (oversight without accountability)
Having a human review step doesn’t constitute governance on its own if there is no documented record of who approved what decision, under what authority, and at what time. Most teams running autonomous AI agents can’t demonstrate this. IBM's governance research identifies this as the transition from passive oversight to automated, technical control.
3. Governance bolt-ons that live outside core systems
When AI agents are deployed outside of the systems of record, CFOs lose the deep data context agents need to be accurate. Further, they also lose the integration points that make governance enforceable. Wolters Kluwer's CEO Maria Montenegro explicitly warns against this, believing agentic AI tools need to be embedded in core finance platforms as opposed to sitting off to the side.
On-record voices from enterprise finance and tax technology leaders
It’s one thing to read about the trends defining the implementation of agentic AI into finance, but it’s another to hear directly from the source. Dom Megna, Owen Ryan, Julie Iskow, and Fabrizio Tocchini all shared their thoughts on the topic in recent articles, offering a glimpse into the mindset of some of the foremost leaders:
- Dom Megna, U.S. AI tax leader, PwC (via CFO.com, June 2025): "We’re not just pushing a button and accepting the result. Our agents still live within a human-reviewed, multi-eye process. Especially for complex outputs, like tax calculations, the oversight is strong."
- Owen Ryan, CEO, BlackLine (via Diginomica, May 2026): "Our customers are telling us they want to move fast with AI, but they also tell us that trust, reliability and security are non-negotiables... Every one of those AI-generated transactions eventually hits the general ledger. Everyone must be reconciled, validated and audited."
- Julie Iskow, CEO, Workiva (via Diginomica, May 2026): "In the Office of the CFO, the tolerance for error is zero. And as reliance on AI increases and there's more unverified data and there are more unverified data sources, trust in data becomes even more critical."
- Fabrizio Tocchini, VP technology product management, CCH Tagetik (via Wolters Kluwer, May 2026): "Finance teams make progress with AI when it is grounded in trusted financial data, embedded directly into the workflows they already use, and designed to support decisions under real scrutiny."
A framework for enterprise finance leaders
The organizations that are moving agentic AI into governed production, specifically in tax and finance functions, all share one common thread. They understand that it is not a technology-first deployment. Rather, it is about starting with the governance protocols and implementing the technology afterward. Below are six quick tips to set your organization up for success when building a governance framework for AI.
- Fix data before you scale agents: Data readiness is cited by 44% of the finance leaders surveyed by Wolters Kluwer as the key driver for increasing AI adoption, and without a semantic or context layer, governance is simply validating noise.
- Define written threshold policies: Document all materiality thresholds, filing types, and jurisdictions where agents act autonomously versus route to a human, then review them on a defined cadence.
- Embed governance in systems of record: Governance that lives outside core enterprise resource planning or corporate performance management platforms creates blind spots. Effective oversight requires integration, not parallel systems.
- Build the audit trail as a design requirement: Traceability, decision logging, and reversibility should be designed in from day one, not retrofitted after the fact.
- Distinguish oversight from accountability: A review step is not governance unless it is documented, attributed, and defensible to external auditors and regulators.
- Adopt a phased risk tolerance model: Start with high-volume, lower-complexity tasks such as data extraction, reconciliation diagnostics, and classification, opting to gate progression to complex indirect tax filings behind demonstrated accuracy thresholds.
Human oversight is responsible adoption
The small number of CFOs who say they completely trust AI outputs are either running simple workflows or just haven’t encountered a hallucination with major ramifications. Other wary individuals are intently focused on building governance architectures that last. The gap between those two groups will likely start to show up in audit findings, penalty exposure, and filing restatements over the coming years.