A manager sits down to review a control test. The workpaper looks clean. Twelve samples examined, no exceptions noted, evidence references attached to each row. The preparer field at the top reads — and this is the question that defines the next decade of audit operations — what?
For most of the profession's history, that field has read a human name. For the last two years, it's read a human name with AI assistance noted in the methodology section. The interesting question is what should sit there when an agent does most of the per-sample execution and a human only reviews.
The answer is not "remove the field." The answer is not "let AI sign." The answer is the version of the model that's been in front of us all along: the human who clicked "run" and accepted the result is the preparer, even when the work between those two clicks was done by an agent.
That sounds like a small linguistic choice. It is also the load-bearing decision for how the entire preparer/reviewer model adapts to AI.
The original logic of preparer/reviewer
The preparer/reviewer split exists for one reason: independence between the person doing the work and the person checking it.
Independence isn't about strangers. It's about the second pair of eyes not having executed the procedure, so they can challenge it without being defensive about their own choices. That's why most audit standards prohibit self-review — not because the preparer's work is suspect, but because their judgment is anchored to it.
This is the principle that doesn't move when AI enters the picture. If anything, it gets more important. AI-generated work has a particular failure mode — it sounds confident even when wrong — and a reviewer who didn't watch the AI run is the right human to catch that.
The temptation to dissolve the model
There are two tempting moves when AI does the preparer-side work, and both are wrong.
Tempting move one: let the AI prepare and the same human review. The reasoning goes — the human didn't do the original work, so there's no self-review problem. Independence preserved.
This misses what self-review actually protects against. The auditor who runs the agent and reviews its output is anchored to its conclusion the moment they read it. They are not coming to the workpaper fresh. They are, in a real sense, both the preparer (because they scoped it, ran it, and accepted what came back) and the reviewer (because they're now signing as reviewer). The single-pair-of-eyes problem is structural, not procedural. The AI doesn't change it; it might worsen it.
Tempting move two: remove the human preparer role and have AI prepare, human review. This is the version that some vendors are selling, and it sounds modern. It also fails for a different reason: the AI cannot be held accountable. The defensibility model assumes that the named preparer can be questioned, can explain choices, can be deposed if needed. An agent without a named human owner sitting behind it doesn't satisfy that requirement, and no audit standard will accept the agent itself as the named owner anytime soon.
What actually works is the third option, which is mostly invisible because it's the most obvious one.
The human who ran the agent is the preparer
The auditor who scoped the test, configured the agent, ran it, and reviewed its work is the preparer of that test. They signed off because they accepted the result. They can defend it because they reviewed it.
The reviewer is a different human — one who did not run the agent — who looks at the same workpaper, with the same agent trail visible, and concurs or doesn't. They have the same independence relationship to the work that they would have had to a manually executed test. The agent is preparer-side. The reviewer reviews everything preparer-side, including the agent's actions.
This is the same model the profession has used for decades. It also handles the AI case without modification.
The only operational change is that the preparer is reviewing more than they're executing, and the reviewer is reviewing more reviewing-of-AI than they are reviewing-of-human-execution.
Why the review bar rises
Here's where the model gets sharper, not looser.
When a human preparer executes a test, the reviewer's job is to confirm that the work was done correctly. Most of the time, it was, because the preparer was applying training and judgment as they went. The reviewer is checking, but they're checking against a human's careful work.
When an agent executes a test, the agent did not apply training and judgment the way a human does. It applied a procedure mechanically. It may have done it correctly. It may have made an error that no human would make — accepting a piece of evidence at face value that a human would have questioned, or missing context that any auditor with three years' experience would have caught.
The reviewer is now checking against the agent's mechanical execution, which means they need to bring more judgment, not less. The cases where the reviewer's eye matters most are the ones the agent could not have caught — and those are the cases the reviewer has to be looking for.
This is why the right operational change is to raise the review bar, not relax it. Reviewers should be senior. They should be slow. They should be paid attention to. The agent gives them time to do this; the temptation will be to use that time to review more workpapers, but the right use is to review each workpaper more carefully.
How this shows up in the software
A few practical implications for any audit tool that supports agentic execution.
The preparer field should remain a human field. The agent's name can appear elsewhere in the trail, but the named owner is human.
The reviewer field should remain a different human. No-self-review enforcement should hold at the database level, not as a UI suggestion. The same human cannot be both preparer and reviewer of the same workpaper, regardless of whether AI did the in-between work.
The agent's actions should be visible to the reviewer in the same workpaper, not hidden in a "model details" sidebar. If the reviewer can't see what the agent did without opening a separate UI, they will skip it.
The override path should be one click. When the reviewer disagrees with the agent's conclusion, recording that disagreement in the workpaper should be as easy as agreeing. If overriding is harder than approving, reviewers will silently approve more than they should.
The preparer/reviewer model survives AI because it was never about who did the work. It was about who is accountable for what was signed off. AI doesn't change who is accountable. It changes the texture of the work the accountable humans are reviewing.
The temptation to flatten the model — let the AI prepare, let one human review, let the trail handle the rest — will produce audits that don't hold up under serious scrutiny. The version that does hold up is the one that keeps the boundary between preparer and reviewer exactly where it has always been, and uses the time AI saves to make each side of that boundary sharper.
Same model. Sharper edges. More important than before.