call at: (248)602-2682 OR Schedule a time to meet: Sonareon Schedule

Attend one of our Webinars and gain back time! Information below.
Book a free consult
Book a free consult

Agentic AI: Why CPA and Law Firms Need a Governance Layer Now

What HAL 9000 Can Teach CPA and Law Firms About AI Risk and Governance

Peter Serzo

5/25/20262 min read

"I'm sorry, Dave. I'm afraid I can't do that."

HAL 9000's refusal in 2001: A Space Odyssey has become the shorthand for AI gone wrong. But the real lesson of HAL isn't that he refused the mission it's that no one had designed a governance system for what to do when he did.

Gartner projects that 40% of enterprise organizations will deploy task-specific AI agents by the end of 2026. That figure was under 5% at the start of 2025. If the trajectory holds, agentic AI systems that take autonomous action on your behalf, without a human touching each step will be the dominant mode of enterprise workflow within 18 months.

For CPA firms and finance teams, this shift is already visible: AI agents ingesting GL data, flagging variance anomalies, drafting memo language, and generating reconciliations at a pace no human team can match. The Dynamic Audit Solution (DAS), developed by Caseware in partnership with AICPA and CPA.com, is a concrete example of what this looks like in practice. The agent handles repetitive ingestion and documentation; the auditor focuses on the judgment call the agent surfaces.

For Law Firms the scenario could be an autonomous litigation agent. Having a relative in the business he is seeing first-hand AI in motion and briefs. Imagine an agent that ingests case files, prior rulings and discovery documents. It can then draft a motion, cite supporting case law and even file documents into an e-filing system. It is confident, technically proficient, and efficient.

No supervision. No human review. No Governance.

This is exactly where frameworks like COSO and regulatory expectations intersect with ethics:

  • Accountability: You must trace outputs back to inputs and decisions

  • Control activities: You need enforced review gates before filings

  • Information & communication: Outputs must be explainable and verifiable

  • Monitoring: You must detect drift, hallucinations, and failure patterns

COSO has a 2026 framework: "Achieving Effective Internal Control Over Generative AI." This applies the Internal Control–Integrated Framework to generative AI governance.

The core principle: autonomous agents need control environments, not because the technology is inherently untrustworthy, but because trust is something you document, not assume.

Accountability controls require that you can demonstrate who made a decision, when, with what inputs, and under what model version. Without that documentation layer, the speed advantage of agentic AI becomes a liability in any review, audit, or regulatory inquiry.

HAL 9000 didn't fail because he was evil. He failed because no one built the governance layer for what happens when the agent's mission objective and human oversight come into conflict.

Your AI-assisted workflows need that layer before the agents start running the mission not after the first exception surfaces.

Build the governance layer before the agent hits "submit."

How far along is your firm in defining the human-in-the-loop checkpoints for your AI-assisted audit and advisory workflows?

Connect

Email: info@sonareon.com

© 2025 Sonareon. All rights reserved.

Phone: (248-602-2682

Schedule a time to meet: Sonareon Schedule

Phone: 248-429-9110

Sonar is a way to navigate objects by listening; hence the name Sonareon
Sonareon Privacy Policy
Bright living room with modern inventory
Bright living room with modern inventory