If there is one accounting workflow that justifies dual-keyed agent attribution on its own, it is the annual audit packet. The auditors will ask who prepared every schedule, who reviewed it, and what evidence backs each number. "An agent did it" is not an answer that survives a PwC senior associate, an audit committee, or a SOC 1 walkthrough. The packet has to name a human, and that human has to have actually looked.
Where Dock sits in the stack
The GL system stays source of truth. NetSuite, Sage Intacct, QBO, or Xero holds the trial balance, the journal entries, the subledger detail. Dock does not replace any of that. Dock holds the agent OUTPUT layer: the PBC list the agent assembled, the sample-pull suggestions, the support-doc roll-ups, the footnote drafts, and the dual sign-off records that bind every artifact to a named preparer and a named reviewer. Each Dock row references the underlying transaction IDs in the GL so an auditor can drill from a packet line back to the journal entry. Agents read fresh from the GL API and from doc storage (SharePoint, Google Drive, Box) at every run. Dock's dual-key audit trail captures both the agent-prepared draft and the human-signed-off final, with timestamps and cryptographic continuity between them.
The surface
One Dock doc, embedded tables down the page. Columns: Schedule (e.g. "Revenue cutoff testing, Q4"), Source GL reference (journal IDs or report URL), Agent-prepared support (link to the roll-up doc the agent built), Reviewer (the controller or senior who signed), Sign-off (timestamp plus second key), Auditor query log (every PwC or EY question and the response). The doc is the packet. The packet is the audit defense.
The workflow, end to end
Two weeks before fieldwork, the engagement partner sends the PBC list. The agent ingests it, maps each request to a GL extract or a doc-storage folder, and drafts the support. For sample-pull items, the agent proposes a stratified selection and flags any destructive or irreversible step such as a journal reclass for review before execution. The controller opens each row, reviews the agent's work against the GL source, and applies the second key. Anything unsigned stays out of the packet. When fieldwork starts, auditor queries land in the query log table. The agent drafts a response, the reviewer signs, the auditor sees the dual attribution in the export. Tie this back to your month-end close discipline and the AI-assisted bookkeeping cadence; a clean close makes a clean packet.
Why this matters
Audit committee defensibility is the first answer. When the chair asks "who prepared this," the response is a name, a timestamp, and a cryptographic signature, not a model version string. Agent transparency is the second: the prep work is visible, not buried in a chat log nobody can subpoena. And SOC 1 / SOC 2 evidence is the third. PCAOB AS 2201 requires evidence that controls operate effectively; AICPA SAS 145 sharpens the auditor's risk assessment around the entity's system of internal control. Dual-keyed sign-off on agent output is a control. It tests. It documents. It scales.
See how Dock fits the rest of the accounting stack.
FAQ
How does the agent know what belongs on the PBC list? It works from the prior-year PBC plus the current-year engagement letter. The reviewer decides scope; the agent prepares against it.
What happens when an external auditor sends a query? The query lands in the doc's query log table. The agent drafts a response with cited GL references, the reviewer signs, and the export carries both attributions.
How are sample pulls executed? The agent proposes a stratified sample with the methodology written out. The reviewer either accepts, adjusts, or rejects before any extract runs. Sampling is a controlled step, not an agent shortcut.
How long is evidence retained? Dock retains packet artifacts and dual-key signatures for the full statutory retention window (typically seven years for public companies). Exports are available in audit-ready PDF and machine-readable formats.