12: AI GOVERNANCE AND THE CFO OFFICE
The i-Shares Expanded Tech - Software Sector ETF (IGV) experienced a structural downward shift in late Feb 2026. In March, sell-off of the sector intensified and as of 02 Apr 2026, the sector is down 24% YTD and has lost almost one-third of its value since its September peak.
The stimulator of this sell - off was Anthropic’s Claude Code. Investors realized that AI agents could now automate tasks that previously required expensive per seat licenses.
Terms such as “Death of the per seat model” or “Software is dead” were heard and seen.
While the indiscriminate selling of software stocks was mainly to do with Anthropic’s product releases, valuation resets were also a long time coming.
But, the damage to the software industry had already been done.
There was also a direct and profound impact on the office of the CFO.
In an article titled “Labor impacts of AI ..”, Anthropic called out “Business and Finance” as the top field to be disrupted by them and other leading Large Language Models (LLMs).
Critics (and in the Software camp) ridiculed the theory ..
1. You can’t replace legacy software applications at the drop of a hat.
Partially true. Not everybody can.
But, experts working with the office of the CFO can 100% build applications directly with the use of an LLM versus simply using a software application.
2. How do you make sure the solution is compliant e.g. SOC2 Type II, etc?
There are various governance and compliance hurdles to cross for every company in the age of AI. SOC 2 Type II is just one compliance hurdle.
3. Our existing software application already works with AI.
I find this one particularly amusing because with this argument, it is essential to distinguish what the software application is actually offering to you as the end user when it comes to AI capability.
Remember, your software vendor charges your organization fixed subscription fees and instead pays AI companies a mixture of fixed and variable fees, so it is reasonable to expect your software vendor to tune subscription fees higher or moderate the availability of AI capability in their product to you.
Then, there is also the question of what LLM version is offered versus one that’s the best or most optimum for a particular task.
It is quite understandable for Finance teams to be nervous with adopting and using AI without there being a software application to interact with.
It is the fear of the unknown. But in most cases, as found, that fear is overblown.
The following section outlines how you would overcome these hurdles and fully embrace the “Homegrown Finance” trend, whilst unlocking immediate ROI, upskilling your Finance teams and making your teams smarter, tech-savier and having them equipped and ready for truly strategic decision making.
1. AI governance framework
“Set the tone at the top’. This couldn’t be more relevant than the current times we are in. An AI Governance Framework is a structured set of rules, policies, and technical guardrails that an organization uses to ensure its AI systems are safe, ethical, and legally compliant.
This policy needs to be understood by everybody in the organization.
2. Achieving the levels of SOC 2 Type II compliance
For those unfamiliar with this standard, SOC standards for “System and Organization Controls”. Type I compliance is a sign off that security rules were followed at a point in time whereas Type II means they were followed over a period of time and is therefore the gold standard. Those that have been involved in the software procurement process would most acknowledge the importance of this standard.importance of this compliance certification.
Specific versions of LLMs and specific security restrictions at a user level in your Finance organization ensure that you are not prone to any more risk than otherwise using a SOC 2 Type II compliant (and expensive) software application.
The Finance Pro’s deployment model inherits the SOC 2 Type II security of your existing environment, ensuring that data gravity stays within your perimeter while we manage the granular logic and financial guardrails.
3. Adhering to Human in the loop (HITL) thresholds
No CFO will sign up to the idea of an agent having 100% autonomy over any aspect of a finance function, e.g. an agent that controls every aspect of liquidity management.
If you are working with an external Pro Serve expert, it is mandatory that you understand thresholds being used and that you are comfortable with the detailed workflow.
4. Data residency and privacy
Knowing what LLM models to use and setting appropriate external permissioning rules make sure data is only processed and not used for training LLM models.
5. Auditability & Logging
Developing AI solutions that create an auditable log is an aspect that is table stakes today. At any point in time, should there be an ability for the solution to enable retrospective assessment of the sequence of actions taken. A detailed log of actions taken is table stakes to governance.
e.g. a payment agent approved an invoice for $50k that somehow failed, will require an understanding of how, why and where it failed.
6. Internal permissioning
Think about your homegrown AI solution being ‘modular’, like you are used to, with software applications. They come with read and write access depending on a team member’s role.
Similarly, specific permissioning rules can be created for agents. An Accounts Payable agent does not need ‘write’ access to the Invoice folder. It does need write access to the tracking sheet.
Appropriate permissioning rules will not only boost security but also performance of the agent.
To end to reiterate the push to Homegrown Finance, here is what Gartner found in their recent study ..
A report titled “Finance 2030: 8 Forces Shaping the Future of Finance” had the following three areas listed as needle movers:
Rise of Do-It-Yourself Tech.
A workforce of AI agents.
Machine - dominated decision making.
