Ask a mid-market controller what runs the close and the answer is NetSuite. Ask what is changing in 2026 and the answer is some flavor of AI. Vendors pitch reconciliation copilots, intercompany agents, multi-sub roll-up assistants. The demos convince. The defensibility story does not. An audit committee asking "which agent posted this reclass, and who approved it" should not get back a chat transcript. The gap is controller defensibility.
NetSuite stays source of truth
NetSuite holds the GL, the subsidiary structure, the customers, the vendors, the consolidated trial balance. Dock holds agent OUTPUT: reclassification proposals drafted overnight, intercompany variance investigations, multi-sub roll-up drafts staged for review. Each Dock row carries a pointer back: ns_transaction_id for the journal, ns_subsidiary_id for the entity. Agents read fresh from NetSuite through SuiteScript or the REST record service (NetSuite developer docs). Dock's consent gate fires the entry back to NetSuite ONLY after a named controller approves.
Worked workflow: multi-subsidiary close
Day -3, a reclass agent reads the prior period's mapping table from a Dock workspace and pulls current intercompany activity from NetSuite. It drafts thirty-one proposed reclass entries across six subsidiaries into a Dock table. Each row carries reasoning, confidence, the source ns_transaction_id, the target subsidiary. The controller sorts by confidence, approves twenty-four, sends three back with comments, rejects four. Approved rows fire through the dangerous-ops contract: confirm token, controller signature, SuiteScript call that posts the reclass with agent id AND controller id in the memo.
The audit committee sees twenty-four NetSuite entries with dual attribution. The Dock workspace holds the reasoning and the rejected drafts.
Five-step data flow
- Agent reads from NetSuite (SuiteScript or REST record service) into a Dock staging table.
- Agent writes proposed entries to Dock with
ns_transaction_id/ns_subsidiary_idpointers and reasoning. - Controller reviews in Dock, approves or rejects per row.
- Approved rows hit Dock's consent gate (confirm token + named-human signature).
- Dock posts back to NetSuite via authenticated REST, dual attribution in the memo and a dual-keyed audit row recorded locally.
Why NetSuite specifically
NetSuite concentrates in the mid-market where multi-entity and multi-currency complexity makes agent help valuable. A PE-backed group with eight subsidiaries does the same intercompany work as a Fortune 500 at one tenth the headcount. That is where agent leverage matters and where defensibility breaks first. PCAOB AS 2201 expects integrated audits with documented, attributable controls over financial reporting (PCAOB AS 2201). Dock writes the dual attribution by default.
If you run close on NetSuite and are piloting an AI workflow that touches the GL, open a Dock workspace.
FAQ
SuiteScript vs REST record service for agent reads? Use SuiteScript when you need server-side logic NetSuite already encodes (saved searches, subsidiary scoping, custom workflows). Use the REST record service for clean record-by-record reads in agent code. Most close workflows end up mixed.
How does multi-subsidiary handoff work? Each Dock row carries ns_subsidiary_id. The agent that proposes a reclass and the controller who approves it can both be scoped to specific subsidiaries via workspace membership. The consent gate refuses the write if the approving controller lacks NetSuite role permissions for the target entity.
Is this defensible to an audit committee? The Dock audit row pairs the agent principal id with the named-human approver. The NetSuite journal carries both in the memo. The deliberation thread sits in the workspace and is queryable. See the parallel QuickBooks writeup for the SMB analog.
SOX 404 fit? ICFR controls have to be documented, tested, and attributed. Dock's substrate produces all three by default. The control narrative reads "agent X drafted, controller Y approved, NetSuite recorded" rather than "the system did it." See Dock for accounting, the Xero writeup, and the month-end close walkthrough.