The Code is the New Controller

Published on: Tue Aug 15 2023 by Ivar Strand

The Code is the New Controller: When Software Makes Financial Decisions

In any large-scale program, the role of the financial controller is fundamental. This position is the human safeguard for fiduciary integrity, applying rules and judgment to ensure funds are used correctly. Today, that role is undergoing a significant, and often unexamined, transformation. Core control functions are being delegated to software.

This migration of responsibility from human to algorithm raises a critical question. When automated systems make substantive decisions about payments, compliance, and risk, and the logic driving those decisions is not fully understood, who is truly in control?

The Locus of Control Has Shifted

A financial controller’s work was traditionally defined by observable actions: reviewing documents, challenging dubious entries, and providing an expert check on transactions. This human oversight was the primary internal control.

Now, that locus of control has shifted. Key fiduciary decisions are increasingly automated:

• An algorithm decides if a submitted expense claim meets codified compliance rules.
• Software flags transactions for fraud review based on pre-set patterns.
• Financial reports are generated through automated aggregations, with outputs treated as definitive.

The controller is no longer just a person in an office; it is a complex system of software making autonomous judgments. This is not a simple efficiency gain; it is a structural change to how governance is performed.

The Challenge of Algorithmic Opacity

The core challenge is that this new, automated controller often operates with significant opacity. While a human can be asked to explain their reasoning, an algorithm cannot. This creates distinct risks for accountability and effectiveness, particularly in development and aid programming.

1. An Accountability Deficit. If an automated system incorrectly blocks payments to a legitimate beneficiary or fails to flag a non-compliant transaction, where does accountability lie? The lack of transparent logic makes it difficult to assign responsibility and correct the underlying fault.
2. Embedded Analytical Bias. Algorithms are only as neutral as the data and assumptions used to build them. A system designed with incomplete data can systematically disadvantage certain groups or fail to recognize legitimate activity in challenging contexts, undermining programmatic goals.
3. Static Rules in Dynamic Environments. The environments we work in are seldom static. A codified rule that is appropriate today may be counterproductive after an exogenous shock or a shift in local market conditions. Unlike a human expert, most automated systems lack the capacity for adaptive judgment.

Restoring Control Through Technical Assurance

The solution is not to discard these technologies. The solution is to submit their logic to the same level of scrutiny we would apply to a human controller. Oversight must evolve to include technical verification.

This involves establishing a new assurance function: the audit of the algorithm itself. At Abyrint, we have found that effective monitoring in these environments requires the capacity to test the system’s decision-making logic against programmatic objectives. This is about ensuring that the automated controller is not just efficient, but also fair, context-aware, and aligned with its intended purpose.

As software takes on more decision-making authority, our ability to verify its integrity becomes paramount. It is the foundation for maintaining donor confidence and ensuring that aid delivers on its promise in an increasingly automated world.