A nine-dimension audit
of every month’s books.
On the 18th of every month, the last three months of expenses are re-fetched, aggregated, and scored across nine dimensions. New vendors, dormant software, capex drift, missing category prefixes, cost-of-service ratio. One Slack summary, one detailed markdown report, every month, on schedule.
The close is not the audit. Stop pretending it is.
Most companies treat the monthly close as the P&L review. It is not. Close is bookkeeping: getting the numbers into the ledger. Review is asking whether any of those numbers are trying to tell you something. That second step almost never happens, because it is tedious, easy to defer, and there’s always something louder on the calendar.
This blueprint does the review for you. On the 18th of every month it re-fetches the last three months of expenses (so late-entered payroll and post-close vendor invoices are included), aggregates by category and vendor, and scores nine dimensions that catch the things a CFO would catch if they had a full day to read the books.
What you read is the answer: a Slack summary with the flags that matter, plus a full markdown report with MoM and YoY tables, top 20 vendors, and the reasoning behind each flag. Every month. On schedule. Whether anyone asks for it or not.
Why it matters.
The P&L audit is the meeting everyone agrees should happen and nobody actually does. This runs it while you’re doing something else.
On the 18th. Every month. No meeting required.The things that quietly drain a P&L are not dramatic. A cost-of-service line creeps up by twelve percent; a software subscription outlives the team that used it; a one-off capex becomes three one-off capexes in a row; a new vendor shows up at $4,200 and nobody asks what it is. In a month-by-month view each of those looks fine. Scored across a trailing window with the right factors, they stand out.
Nine specific dimensions, each earned. Each one flags a class of drift that has caught at least one recovered dollar or one real issue in a real engagement. This is not generic outlier detection. It is a review you would run yourself if you had the discipline and the day, written into a schedule that runs whether you do or not.
How it actually works.
Four steps, run monthly on the 18th. Deterministic where the data lives, AI judgment where the classification happens.
The last three months of expenses are re-fetched from your accounting system. Late-entered payroll, post-close vendor invoices, and batch imports from the accountant all land in the window. The report is never built on a partial view.
Expenses are rolled up by category, subcategory, and vendor. Month-over-month and year-over-year deltas are computed. A top-20 vendor ranking is built. Every aggregation is deterministic and reproducible.
MoM category change. Subcategory change above $1k. Single expense above $5k. Cost-of-service ratio. New vendor above $500. Dormant software. Capex volatility. Equipment-per-head ratio. Missing category prefixes.
The LLM formats a Slack summary (alerts, warnings, notes) plus a full markdown report with MoM/YoY tables, top-20 vendors, and a one-line explanation for each flag. The markdown becomes the CEO’s monthly reading artifact.
Trust is structural, not promised.
A P&L audit that cries wolf stops being read. The system is designed so that every flag is grounded, every number is reproducible, and every claim is traceable back to a line in your accounting system.
No credential ever reaches the LLM.
Accounting system API tokens live in a dotenv file. Python handles every API call. A prompt injection in a vendor name or expense memo cannot exfiltrate a credential, because the credential is never in the prompt.
Every flag points to an exact line.
No flag is abstract. Every alert in the Slack summary cites the specific expense, vendor, or category that triggered it, with the amount, the date range, and the factor that fired. The markdown report contains the full audit trail.
Late entries never break the report.
The trailing resync re-fetches three months of expenses every run. Late-entered payroll, post-close vendor invoices, and batch imports all land in the window. The report is never built on a partial view, regardless of when the accountant closed.
Nothing is ever modified in your books.
The blueprint is read-only against your accounting system. It fetches expenses, it aggregates, it writes a report. It never creates, edits, or deletes a line. The human reads the report and decides what to do about it.
Known exceptions stay quiet.
A known-exception list keeps the channel credible. A recurring landlord invoice, a chronic seasonality pattern, an expected payroll cycle, none of these need to fire every month. The flags that do fire are worth reading.
What you give it, what you get back.
- API access to your cloud accounting system (Zoho Books, Xero, QuickBooks Online, NetSuite, Sage Intacct, etc.)
- A Slack workspace with a finance notifications channel
- Your chart of accounts and a short conversation about how you actually use it
- A known-exception list: recurring patterns you already understand and don’t want flagged every month
- One Slack summary on the 18th of every month: alerts, warnings, notes
- One detailed markdown report: MoM and YoY tables, top 20 vendors, one-line explanation per flag
- Trailing 3-month coverage so late entries never distort the view
- A full append-only log that traces every flag back to its specific expense line
This blueprint fits when…
You close the books on a regular cadence but nobody systematically reviews the P&L for drift after close.
Expenses sometimes get entered late by an accountant or bookkeeper, which makes “this month’s numbers” unreliable for a few weeks.
You suspect there’s money leaking through dormant software, creeping cost-of-service, or unapproved new vendors, but you don’t have a system to catch it.
Your accounting system (Zoho Books, Xero, QuickBooks Online, NetSuite, Sage Intacct) exposes expenses via API.
You have an in-house FP&A team that already runs a monthly anomaly review and trusts the output.
Your monthly expense base is tiny (a dozen line items). There’s nothing for the factors to work on.
Questions you’re probably asking.
How much does it cost?
It depends on the size and shape of your chart of accounts, how many entities roll up into the P&L, and how much tuning the factor thresholds need. Pilots are fixed-fee; ongoing operation is a small monthly run-cost. No surprise invoices, no hidden line items.
Which nine factors, exactly?
Month-over-month category change; subcategory change above $1k; single expense above $5k; cost-of-service ratio; new vendor above $500; dormant software (subscribed, not used); capex volatility; equipment-per-head ratio; missing category prefixes. Each threshold is tuned to your operation during setup.
Why nine? Why not more? Why not machine learning?
Each of these nine has caught a real issue or a recovered dollar in a real engagement. Generic outlier detection looks impressive in a demo and produces noise in production. A small set of specific, interpretable factors, tuned to your accounts, is what actually gets read month after month.
What if the accountant enters things late?
That’s exactly what the trailing resync is for. Every run re-fetches the last three months of expenses, so late-entered payroll, post-close vendor invoices, and batch imports all land in the window. The 18th is chosen deliberately: it gives the accountant a typical close-plus-reconcile window before the audit runs.
How fast is rollout to production?
One close cycle. We map your chart of accounts, tune thresholds, and seed the known-exception list during setup. The first report lands on the 18th after kickoff. After that it runs on its own rhythm.
Does it modify our accounting data?
Never. The blueprint is strictly read-only against your accounting system. It fetches expenses, aggregates them locally, scores them, and writes a report. No creates, no edits, no deletes. The human reads the report and decides what action, if any, belongs in the books.
Does this replace our FP&A function?
No, and it’s not trying to. It replaces the monthly scan you would run yourself if you had the discipline and the day. If you have FP&A, this makes their work start from a clean sheet instead of a cold-read of the raw ledger. If you don’t, it makes the audit actually happen.
Can we start small?
Yes. Run the audit on a single entity, or a single expense category, for the first few cycles. Once the Slack summaries feel useful and the flags feel grounded, you expand. No multi-year commitment to find out if this fits.
Want this running on your P&L?
This blueprint is live in production today. If you have a cloud accounting system with an API and you’ve been meaning to review the books more rigorously, we can scope a version for your operation in a 30-minute call.