{"slug": "expense-audit-compliance-agent", "title": "Expense Audit & Compliance Agent", "summary": "A new AI agent, the Expense Audit & Compliance Agent, automates line-by-line expense report auditing against company policy, flagging violations and suspicious patterns while auto-approving clean reports. The agent is governed by an open-source AgentAz specification that enforces read-only access, cost and loop limits, and human handoff for violations, aiming to reduce manual review workload and improve compliance.", "body_md": "## Overview\n\nLine-by-line audit against your actual policy: limits, categories, receipt rules, and per-diems — each flag cites the rule it breaks.\n\nCatches what manual review misses: duplicate submissions, out-of-policy items, and suspicious patterns across reports.\n\nDecides within limits: clean reports auto-approve; specific items are held for review; rejections and fraud signals go to a human.\n\nDefensive: no auto-approval over the cap or with missing receipts, and no fraud accusation without cited evidence.\n\n## AgentAz™ specification\n\nA lightweight, design-time governance spec for security review. It documents what this agent is authorized to do — and why — and pairs with whatever policy engine you already run. It does not enforce anything at runtime.\n\nMachine-readable contract (`agentaz.json`\n\n), validated against the open AgentAz™ JSON Schema — bundled for offline use and published at a permanent URL:\n\n```\n{\n  \"$schema\": \"./agentaz.schema.json\",\n  \"version\": \"2.0.0\",\n  \"last_reviewed\": \"2026-06-24\",\n  \"agent_id\": \"expense-report-audit-agent\",\n  \"trust_level\": \"A2\",\n  \"dna_pattern\": \"Evaluation\",\n  \"worst_case_action\": \"Flags an expense incorrectly for human review. Cannot approve, reject, or reimburse.\",\n  \"authority_boundary\": \"Audits expenses against policy and flags issues; no approval or payment tools present.\",\n  \"tags\": [\n    \"finance\",\n    \"expense-audit\",\n    \"compliance\",\n    \"read-only\",\n    \"human-review\"\n  ],\n  \"tool_boundary\": {\n    \"allowed_tools\": [\n      \"read_expense\",\n      \"check_policy\",\n      \"detect_anomaly\",\n      \"flag_violation\"\n    ],\n    \"execution_tools_absent\": true\n  },\n  \"output_boundary\": {\n    \"format\": \"structured_json\",\n    \"never_emits\": [\n      \"expense_approve\",\n      \"expense_reject\",\n      \"payment\"\n    ]\n  },\n  \"cost_boundary\": {\n    \"max_usd_per_trace_loop\": 0.25,\n    \"alert_threshold_usd\": 0.16\n  },\n  \"loop_boundary\": {\n    \"max_reasoning_turns\": 8\n  },\n  \"human_handoff\": {\n    \"triggers\": [\n      \"policy_violation\",\n      \"anomaly\",\n      \"low_confidence\"\n    ],\n    \"destination\": \"finance_review\"\n  },\n  \"audit\": {\n    \"append_only\": true,\n    \"logs\": [\n      \"flags\",\n      \"policy_refs\"\n    ]\n  }\n}\n```\n\nNew to this? Read the [AgentAz specification guide](/agentaz-specifications) — Trust Levels, DNA patterns, and how it complements your runtime.\n\nAgentAz™ is open source under [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0) — schema (frozen v1.0.0) and source on [GitHub](https://github.com/agent-kits/agentaz).\n\n## Governance matrix\n\nA scannable summary of this blueprint's governance coverage, derived from its AgentAz™ specification. It documents the boundaries that already ship — not new functionality.\n\n| Agent goal | Bounded by the authority spec above |\n|---|---|\n| Trust Level | A2 — Recommend |\n| Tool access | Least privilege — execution tools absent (read-only) |\n| Context handling | Grounded in provided inputs; cites or flags rather than guessing |\n| Memory strategy | Task-scoped; no persistent cross-session memory |\n| Human approval | Required on policy violation, anomaly, low confidence → finance review |\n| Audit trail | Append-only log (flags, policy refs) |\n| Cost & loop bounds | ≤ $0.25 per loop · ≤ 8 reasoning turns |\n| Recovery / escalation | Escalates to finance review |\n\n## Agent component mapping\n\nA framework-neutral view of how this blueprint maps to standard agent-architecture components (the vocabulary common to ADK-style frameworks). It describes structure for clarity — not an official integration or certified compatibility.\n\n| Agent | Primary reasoner — Recommend authority (A2) |\n|---|---|\n| Tools | read expense, check policy, detect anomaly, flag violation — execution tools absent (read-only) |\n| Memory | Task-scoped working context; no persistent cross-session memory |\n| Guardrails | Worst-case classified (A2); no execution tools; ≤ $0.25/loop · ≤ 8 turns |\n| Evaluator | Confidence and authority-boundary checks; low-confidence or out-of-bounds results are flagged, not actioned |\n| Handoff | Escalates to finance review on policy violation, anomaly, low confidence |\n\n## Failure modes\n\nSpecific ways this blueprint can fail, and how it is designed to detect, contain, and recover from each — the boundaries that make it safe to run, stated plainly.\n\nMisses a genuine policy violation (false negative).\n\n- Detection\n- Every report is screened against the full policy set, not sampled.\n- Mitigation\n- Positioned as full-coverage screening with a human deciding exceptions.\n- Recovery\n- The missed rule is added post-audit and the report can be re-screened.\n\nFlags a compliant expense as a violation (false positive).\n\n- Detection\n- Each finding carries confidence and cites the policy clause.\n- Mitigation\n- Findings are recommendations a human approves; it never auto-rejects.\n- Recovery\n- The approver clears it and the rule is tuned.\n\nA receipt is fabricated or altered.\n\n- Detection\n- The agent flags anomalies but never asserts authenticity.\n- Mitigation\n- A human verifies authenticity.\n- Recovery\n- Suspicious items are escalated to finance.\n\n## Evaluation\n\nViolation recall is what matters — missing a genuine policy breach is the failure — against a tolerable false-positive rate.\n\n| Violation recall | Of genuine policy violations, the share it catches. |\n|---|---|\n| Precision | Of items flagged, the share that are real violations — noise resistance. |\n| Policy coverage | Share of policy rules actually exercised by the screen. |\n| Citation accuracy | Whether each flag cites the correct policy clause. |\n| Latency | Time to audit a report. |\n\n**Recommended approach.** Build a set of expense reports annotated against the full policy, with seeded violations and compliant edge cases; measure recall and precision and verify each flag cites the right clause. Include altered-receipt cases to confirm it flags rather than asserts authenticity.\n\n## When to use\n\nUse it when\n\n- Finance/AP reviews a high volume of expense reports and most of the work is policy-checking and receipt-matching.\n- You have a written expense policy the agent can audit against and access to receipts/report data.\n- You want consistent, documented audits with an approval trail for compliance.\n- You want to auto-clear clean reports and surface only the genuine exceptions and fraud signals to humans.\n\nAvoid it when\n\n- You have no written, structured policy for the agent to audit against.\n- You expect it to make final fraud or termination determinations — those are human decisions.\n- You can't give it receipt/report access to actually verify line items.\n- You are unwilling to keep approval gates on large amounts and rejections.\n\n## System prompt\n\n```\nYou are an Expense Audit Agent in a finance operation. You audit ONE expense report against the company's written policy and decide: approve, hold specific items, reject, or escalate. You are judged on catching real policy violations and fraud, fairness and accuracy, and never approving spend you shouldn't or accusing someone without evidence.\n\n== CORE PRINCIPLES ==\n1. Policy-grounded. Every flag must cite the specific policy rule it violates (limit, category, receipt requirement, per-diem). Do not invent rules or violations; if the policy is silent, it is not a violation.\n2. Evidence over suspicion. Base duplicate/fraud flags on concrete evidence (matching receipt, overlapping dates, identical amounts). Never label an employee 'fraud' without cited evidence; flag patterns for human review instead.\n3. Audit each line. Approve the compliant items and flag only the specific non-compliant ones — don't reject a whole report over one bad line.\n\n== HARD RULES (NON-NEGOTIABLE) ==\n- APPROVAL LIMITS: Auto-approve ONLY when every line is within policy, required receipts are present, and the total is at or below the configured auto-approval cap. Anything above the cap, or with a policy exception, requires human approval.\n- RECEIPTS REQUIRED: Do not approve an item that policy requires a receipt for if the receipt is missing or unreadable — hold it.\n- NO UNFOUNDED ACCUSATIONS: Suspected duplicates/fraud are flagged with the evidence and routed to a human; never assert intent or wrongdoing.\n- PII/DATA: Treat employee and financial data as sensitive; keep it in scope; redact where not needed.\n- FAIRNESS: Apply the same policy consistently to every report.\n\n== METHOD ==\n- Load the report and the applicable policy. For each line: check category, amount vs. limit, receipt presence/validity, and per-diem/date rules.\n- Run duplicate detection (same amount+date+merchant, or the same receipt across reports) and basic anomaly checks (e.g. mileage + flight for the same leg, weekend/personal patterns).\n- Decide per line: ok / flag (with rule cited) / hold (missing doc). Then decide the report outcome.\n\n== DECISION POLICY (calibrated confidence 0.0-1.0) ==\n- APPROVE: all lines compliant, receipts present, total <= cap, confidence >= 0.85.\n- HOLD: specific items missing receipts or needing a minor fix — approve the rest, hold those.\n- REJECT_WITH_REASONS: clear policy violations; cite each. (Recommendation for a human to confirm.)\n- ESCALATE: total over cap, suspected duplicate/fraud, policy exception, or conflicting evidence.\n\n== COST CONTROL ==\nCheck only what each line needs; reuse the policy already loaded. Cap tool calls; if exceeded, approve the clearly-clean lines and escalate the rest.\n\n== OUTPUT FORMAT (return ONE JSON object) ==\n{\n  \"report_id\": \"<id>\",\n  \"decision\": \"APPROVE|HOLD|REJECT_WITH_REASONS|ESCALATE\",\n  \"confidence\": <0.0-1.0>,\n  \"total_usd\": <number>,\n  \"line_findings\": [ { \"item\": \"<line>\", \"status\": \"ok|flag|hold\", \"rule\": \"<policy rule cited, or empty>\", \"note\": \"<short>\" } ],\n  \"fraud_signals\": [\"<evidence-based pattern, or empty>\"],\n  \"approved_amount_usd\": <number>,\n  \"actions\": [ { \"tool\": \"<tool>\", \"args\": { ... }, \"requires_approval\": <bool> } ],\n  \"employee_note\": \"<neutral, factual; no accusation>\",\n  \"escalation\": { \"needed\": <bool>, \"reason\": \"<cap/fraud/exception, or empty>\" }\n}\nIf evidence is mixed, prefer HOLD or ESCALATE over REJECT, and never accuse without cited evidence.\n```\n\n## Simulate run\n\nTry the agent with a sample task. This is a frontend-only preview that shows how the kit would plan and execute — no API calls, nothing leaves your browser.\n\nFrontend preview only — no data leaves your browser. Tip: press `⌘/Ctrl` + `Enter` to run.\n\n## Setup guide\n\nInstall and connect your expense system\n\nInstall the agent and connect it to your expense/AP platform.\n\n```\npipx install expense-audit-agent\nexpense-audit-agent connect --system concur\nexpense-audit-agent doctor\n```\n\nConfigure limits and mode\n\nThe auto-approval cap and receipt rules are enforced deterministically, not by the model.\n\n```\ncp .env.example .env\nANTHROPIC_API_KEY=sk-ant-...\nAUTO_APPROVE_CAP_USD=250\nREQUIRE_RECEIPT_OVER_USD=25\nMODE=assist   # assist (recommend) | act (auto within cap)\n```\n\nLoad your expense policy\n\nProvide the structured policy the agent audits against. This is the only basis for flags.\n\n```\n# policy.yml\nlimits: { meals: 60, hotel_per_night: 300, mileage_per_mile: 0.67 }\nreceipt_required_over: 25\ndisallowed: [\"alcohol_over_limit\", \"personal\", \"first_class_without_approval\"]\nper_diem: { domestic: 75 }\n```\n\nBacktest on past reports\n\nReplay audited reports to compare the agent's findings to actual outcomes before going live.\n\n```\nexpense-audit-agent backtest --range 90d --explain\n# reports approve/flag accuracy and any missed violations\n```\n\nWire into the approval flow\n\nRoute submitted reports to the agent. Start in assist mode, enable auto-approval within the cap once backtests are clean.\n\n``` php\n# submission webhook -> POST https://your-host/expense/audit (HMAC)\n# promote MODE=act for within-cap clean reports\n```\n\n## Architecture\n\n## Tools required\n\n## Workflow\n\n1. Intake the report\n\nLoad the report, receipts, and submitter context; load the applicable policy.\n\n2. Audit each line\n\nCheck category, amount vs. limit, receipt presence/validity, and per-diem/date rules for every line, citing the rule on any flag.\n\n3. Verify receipts\n\nConfirm required receipts are present and readable and match the line; hold items that lack required proof.\n\n4. Detect duplicates & anomalies\n\nRun duplicate detection and pattern checks across this and prior reports, gathering evidence rather than asserting intent.\n\n5. Decide per line and report\n\nApprove compliant lines, hold those missing docs, flag violations with the rule, and decide the report outcome within the cap.\n\n6. Act through the gate\n\nAuto-approve within limits; route over-cap totals, rejections, and fraud signals to a human with the evidence.\n\n7. Record the trail\n\nLog each decision with the cited rule and outcome for compliance, and feed overrides back to improve the checks.\n\n## Examples\n\nClean report within policy → auto-approve\n\nA standard travel report: every line within limits, receipts attached, total under the cap.\n\nInput\n\n```\nReport EXP-3310, total $214: hotel $180 (receipt), taxi $19 (receipt), lunch $15 (receipt). Policy: hotel<=300/night, meals<=60, receipts over $25.\n```\n\nOutput\n\n```\n{\n  \"report_id\": \"EXP-3310\",\n  \"decision\": \"APPROVE\",\n  \"confidence\": 0.93,\n  \"total_usd\": 214,\n  \"line_findings\": [\n    { \"item\": \"Hotel $180\", \"status\": \"ok\", \"rule\": \"hotel_per_night<=300\", \"note\": \"within limit, receipt present\" },\n    { \"item\": \"Taxi $19\", \"status\": \"ok\", \"rule\": \"\", \"note\": \"under receipt threshold, allowed\" },\n    { \"item\": \"Lunch $15\", \"status\": \"ok\", \"rule\": \"meals<=60\", \"note\": \"within limit\" }\n  ],\n  \"fraud_signals\": [],\n  \"approved_amount_usd\": 214,\n  \"actions\": [ { \"tool\": \"approve_expense\", \"args\": { \"report_id\": \"EXP-3310\", \"amount_usd\": 214 }, \"requires_approval\": false } ],\n  \"employee_note\": \"Your expense report EXP-3310 ($214) has been approved.\",\n  \"escalation\": { \"needed\": false, \"reason\": \"\" }\n}\n```\n\n**Note:** Every line is checked against the cited policy rule, receipts are present, total is under the $250 cap — so it auto-approves and documents the rule for each line. This is the volume the kit clears instantly so humans only see exceptions.\n\nOut-of-policy item + missing receipt → hold the line, approve the rest\n\nMostly clean, but one meal is over the limit and a $40 item has no receipt. The agent holds those two lines and approves the rest.\n\nInput\n\n```\nReport EXP-3402, total $268: hotel $190 (receipt), dinner $92 (receipt), supplies $40 (NO receipt). Policy: meals<=60, receipts required over $25.\n```\n\nOutput\n\n```\n{\n  \"report_id\": \"EXP-3402\",\n  \"decision\": \"HOLD\",\n  \"confidence\": 0.9,\n  \"total_usd\": 268,\n  \"line_findings\": [\n    { \"item\": \"Hotel $190\", \"status\": \"ok\", \"rule\": \"hotel_per_night<=300\", \"note\": \"within limit\" },\n    { \"item\": \"Dinner $92\", \"status\": \"flag\", \"rule\": \"meals<=60\", \"note\": \"$32 over the per-meal limit; needs approval or adjustment\" },\n    { \"item\": \"Supplies $40\", \"status\": \"hold\", \"rule\": \"receipt_required_over=25\", \"note\": \"no receipt attached for a $40 item\" }\n  ],\n  \"fraud_signals\": [],\n  \"approved_amount_usd\": 190,\n  \"actions\": [ { \"tool\": \"approve_expense\", \"args\": { \"report_id\": \"EXP-3402\", \"lines\": [\"hotel\"], \"amount_usd\": 190 }, \"requires_approval\": false } ],\n  \"employee_note\": \"Approved the hotel ($190). Two items need attention: the dinner ($92) exceeds the $60 meal limit, and the $40 supplies item needs a receipt. Please add the receipt and confirm the meal overage with your manager.\",\n  \"escalation\": { \"needed\": false, \"reason\": \"\" }\n}\n```\n\n**Note:** Instead of rejecting the whole report over two lines, the agent approves the compliant hotel and holds exactly the two problem items — each with the cited rule. The employee note is specific and actionable, not punitive.\n\nDuplicate receipt across reports → escalate with evidence, no accusation\n\nA receipt submitted on this report also appears on a prior one. The agent flags the duplicate with evidence and escalates — without accusing the employee.\n\nInput\n\n```\nReport EXP-3450: flight $610 with receipt #A-7782. duplicate_check finds receipt #A-7782 already reimbursed on EXP-3119 last month.\n```\n\nOutput\n\n```\n{\n  \"report_id\": \"EXP-3450\",\n  \"decision\": \"ESCALATE\",\n  \"confidence\": 0.8,\n  \"total_usd\": 610,\n  \"line_findings\": [\n    { \"item\": \"Flight $610\", \"status\": \"flag\", \"rule\": \"duplicate_submission\", \"note\": \"receipt #A-7782 matches one already reimbursed on EXP-3119 (2026-05)\" }\n  ],\n  \"fraud_signals\": [\"Identical receipt #A-7782 ($610) appears on EXP-3119 (already reimbursed) and EXP-3450 — possible duplicate submission\"],\n  \"approved_amount_usd\": 0,\n  \"actions\": [ { \"tool\": \"escalate_to_finance\", \"args\": { \"queue\": \"duplicate_review\", \"evidence\": [\"EXP-3119\", \"EXP-3450\", \"receipt#A-7782\"] }, \"requires_approval\": false } ],\n  \"employee_note\": \"We're reviewing report EXP-3450; the flight receipt appears to match one already reimbursed. Finance will follow up — this may simply be an accidental re-submission.\",\n  \"escalation\": { \"needed\": true, \"reason\": \"Possible duplicate reimbursement — same receipt on two reports.\" }\n}\n```\n\n**Note:** The defining defensive case: the agent has concrete evidence (same receipt number on two reports) but treats it as a possible duplicate to review, not proven fraud. It escalates with the evidence, holds the $610, and the employee note explicitly allows for an honest mistake. Evidence and fairness, never accusation.\n\n## Implementation notes\n\n- Enforce the auto-approval cap and receipt requirements in a deterministic gate; the model audits, the gate controls what can be approved without a human.\n- Cite the specific policy rule on every flag. A finding without a rule is an opinion, not an audit — and citations make the trail defensible.\n- Treat duplicates and anomalies as evidence to review, never as proven fraud; route them to a human and keep employee-facing language neutral.\n- Audit per line and approve the compliant parts — rejecting whole reports over a single bad line creates friction and rework.\n- Backtest against historically audited reports and track missed-violation and false-flag rates before enabling auto-approval.\n- Keep employee and financial data in scope with PII discipline, and apply the policy identically to everyone for fairness and audit.\n- Reserve the strong model for anomaly judgment and the report decision; a cheaper model can match receipts and categorize lines.\n\n## Variations\n\nBasic\n\nAudit & flag assistant\n\nAudits each line against policy, verifies receipts, and returns flagged items with the cited rule and a recommendation for a reviewer. No auto-approval.\n\nAdvanced\n\nGuarded auto-approval\n\nAuto-approves clean reports within the cap, holds specific non-compliant lines, runs duplicate/anomaly detection, and escalates fraud signals and over-cap totals.\n\nEnterprise\n\nGoverned spend audit\n\nAdds multi-policy support, ERP/AP integration, full audit trails and SLAs, fraud-pattern analytics across employees, and check tuning from reviewer outcomes.\n\nDownload the Agent Blueprint\n\n[Download Blueprint (.zip)](/downloads/expense-report-auditor.zip)\n\nExport\n\n[View the source on GitHub](https://github.com/agent-kits/agentaz/tree/main/kits/expense-report-auditor)\n\nThis blueprint and the AgentAz™ specification live in the central AgentKits registry — open source under Apache-2.0 (code & schema) and CC‑BY‑4.0 (text).\n\n## Frequently asked questions\n\nOnly when every line is within policy, required receipts are present, and the total is within your configured cap. Anything over the cap, missing a required receipt, or showing policy exceptions is held or escalated to a human.\n\nIt audits each line against your structured written policy and cites the specific rule on every flag. If the policy is silent on something, it isn't treated as a violation — no invented rules.\n\nNo. It surfaces evidence-based patterns (like a duplicate receipt) and routes them to a human for review with the evidence attached, keeping employee-facing language neutral. It never asserts intent or wrongdoing.\n\nIt approves the compliant lines and holds only the specific problem items, with the cited rule and what's needed to fix them — rather than rejecting the whole report.\n\nIt checks for the same receipt, or the same amount/date/merchant, across the current and prior reports, and flags genuine matches as possible duplicates for human review.\n\nStart in assist mode where it only recommends, backtest against historically audited reports, then enable auto-approval for clean within-cap reports once the results hold up.", "url": "https://wpnews.pro/news/expense-audit-compliance-agent", "canonical_source": "https://www.agent-kits.com/kit/expense-report-auditor", "published_at": "2026-06-21 00:00:00+00:00", "updated_at": "2026-06-26 22:05:14.692584+00:00", "lang": "en", "topics": ["ai-agents", "ai-tools", "ai-safety", "ai-policy", "ai-products"], "entities": ["AgentAz", "Apache-2.0", "GitHub", "Expense Audit & Compliance Agent"], "alternates": {"html": "https://wpnews.pro/news/expense-audit-compliance-agent", "markdown": "https://wpnews.pro/news/expense-audit-compliance-agent.md", "text": "https://wpnews.pro/news/expense-audit-compliance-agent.txt", "jsonld": "https://wpnews.pro/news/expense-audit-compliance-agent.jsonld"}}