Teaching a Machine to Think Like a CFO
Part 2 of 3: The Shadow AI Fiduciary Audit Series
In my last post, I talked about the "Shadow AI" problem—the gap between a board’s high-level strategy and the actual tools employees are buying on their credit cards. Strategy is just a wish list until you have a way to enforce it. To solve this, I didn’t build a chatbot; I built a Fiduciary Swarm.
Here is exactly how I taught a collection of AI agents to think like a skeptical auditor, a cautious lawyer, and a pragmatic business leader.
The Workflow: How it actually functions
Most people think of AI as a single window where you ask a question and get an answer. But for real governance, you need a process. You need a relay race where one specialist hands off their work to another. Here is the visual logic of the Fiduciary Gatekeeper:
- [THE INTAKE]: An employee submits a request: "I want to buy Translate-AI for $2,500/month."
- STEP 1: THE STRATEGY AUDIT: The Intake Strategist (Powered by Gemini 1.5 Pro) reads my Field Manual. It checks: Does this tool fit our pillars? Is the ROI real or just a guess?
- STEP 2: THE LEGAL DEEP-DIVE: The Risk Sentry (Powered by Claude 3.5 Sonnet) ignores marketing hype and hunts for "Data Training" clauses—the ones that say the vendor owns your data.
- STEP 3: THE FIDUCIARY VERDICT: The Board Reporter takes the findings from Step 1 and 2. It weighs cost against risk and writes a 3-bullet point brief for the C-Suite.
- [THE DECISION]: Result: REJECT, APPROVE, or RENEGOTIATE.
Why "Multi-Agent" is the Secret Sauce
If you ask a single AI to "Review this tool," it will often be too polite. It tries to be helpful. It might miss the legal risk because it’s focusing on the productivity gain.
By building a Swarm, I’ve created a system of "checks and balances." The Strategist only cares about business value. The Sentry only cares about protecting Intellectual Property. The Reporter only cares about a clear, risk-adjusted decision. They don't always agree, and that’s the point. I lowered their "creativity" settings and turned up their "accuracy" settings. I don’t want my auditor to be a poet; I want it to be a forensic accountant.
Distilling Experience into Code
The most important part of this architecture isn't the code—it’s the experience behind the rules.
I fed the agents my actual Field Manual, but that document isn't just a list of instructions I thought up yesterday. It is a distillation of my career spent architecting and deploying AI initiatives within complex operational realities. These rules are built on the hard lessons learned from seeing exactly where digital transformations succeed on the shop floor and where they quietly fail due to lack of oversight.
The agents look for my specific red flags—like "Talent Silos" or "Unvalidated ROI"—because I’ve seen firsthand how those issues can destroy a P&L. I’ve essentially cloned my strategic brain and my operational "gut feel," putting them on a 24/7 watch.
Coming Up Next
In the final post of this series, I’m going to show you a real audit I ran on a high-cost translation tool. I’ll show you the exact moment the agent found a deal-breaking clause that would have cost the company ownership of its most valuable data.
The question for you: If you had a digital auditor that cost $0 to run and worked in 2 minutes, how many of your current "approved" tools would actually pass the test?
Series Navigation
Pillar Classification: Target Operating Model Integration