Skip to content

[Codex] Add candidate AP/P2P Audit Pack templates to Analytics #128

Description

@sergstack

Goal

Add a minimal candidate AP/P2P Audit Pack to the [Analytics] project as templates/checklists only, without creating a new finance/audit project and without production automation.

Context from AI OS

KB supports Accounts Payable anti-fraud checks and AP/P2P analytics at medium confidence. Evidence supports AP/P2P as an analytics/audit use case. Checked KB does not support concrete DPO improvement benchmarks or real penalty amounts.

Related work:

  • Open issue [Codex] Add Analytics Finance Core templates #127: Add Analytics Finance Core templates.
  • AIOS_04_GOAL_PACKS_AND_COMMAND_SURFACE.md includes audit_anomaly_review, analytics_factory_loop, finance_memo_factory, and candidate reconciliation_builder.
  • Command Surface includes Audit Anomaly.

First step

Inspect issue #127 and existing [Analytics] folder conventions before creating or editing files. Decide whether AP/P2P should remain this separate linked issue, become a scoped follow-up comment/subtask to #127, or be closed as duplicate if #127 already covers the same scope.

Scope

Add minimal templates/checklists only, if repo conventions support the destination.

Candidate files, subject to repo convention check:

  • AP_P2P_CONTEXT_PACK.md
  • AP_P2P_RISK_LIBRARY.md
  • AP_P2P_EXCEPTION_REGISTER_TEMPLATE.md
  • AP_P2P_AUDIT_FINDING_TEMPLATE.md
  • AP_P2P_QA_CHECKLIST.md

Candidate destination, subject to inspection:

  • ChatGPT/[Analytics]/Templates/
  • or the existing equivalent [Analytics] repo convention.

Template requirements

Each template/checklist should cover the relevant subset of:

  • data contract
  • source tables
  • grain
  • period
  • currency
  • key fields
  • risk scenario
  • deterministic checks
  • false-positive checks
  • exception output
  • finding template
  • QA status
  • confidence
  • limitations
  • human acceptance

AP/P2P risk scenarios to include

Vendor master:

  • duplicate vendor identity
  • duplicate tax ID / registration ID
  • duplicate bank account
  • duplicate address / phone
  • inactive vendor with recent payment
  • new vendor with large first payment

Invoice:

  • same vendor + same invoice number
  • same vendor + same amount + close dates
  • normalized invoice number match
  • invoice just below approval threshold
  • invoice without PO
  • invoice after payment

PO / receipt / invoice / payment:

  • invoice before goods receipt
  • invoice amount above tolerance
  • payment without receipt
  • multiple invoices against same PO line
  • closed PO with new invoice

Payment:

  • weekend / holiday payment
  • urgent / manual payment run
  • split payments
  • changed bank account before payment
  • payment to inactive / blocked vendor
  • large one-off payment

Wording rule

Use cautious audit wording:

  • exception
  • risk indicator
  • requires review
  • possible duplicate
  • potential control breach

Do not label fraud, misconduct, manipulation, or confirmed duplicate payment unless separately evidenced and accepted by the human reviewer.

Forbidden

  • No new project folder.
  • No new Finance/AP workflow layer.
  • No broad routing rewrite.
  • No changes to PROJECT_INSTRUCTIONS.md unless required and justified.
  • No SQL/Python/scripts/pipeline implementation in the first PR unless separately requested.
  • No production automation.
  • No autonomous retrieval.
  • No vector DB.
  • No embeddings.
  • No semantic search.
  • No web UI.
  • No fraud/misconduct conclusion without evidence and human review.
  • No DPO benchmark claims.
  • No real client/vendor/employee/bank/invoice/payment/tax ID/personal data examples in public repo.
  • No auto-merge.

Checks to run

python3 scripts/check_project_instructions_length.py
python3 scripts/check_repo_public_safety.py
python3 scripts/check_codex_goal_mode_defaults.py
python3 scripts/check_manifest_paths.py
python3 scripts/check_knowledge_bundles.py
git diff --check

Acceptance criteria

  • AP/P2P pack is added as candidate templates/checklists only.
  • Existing routing remains unchanged.
  • Audit Anomaly can reference AP/P2P templates as a candidate/preset, not production runtime behavior.
  • LLM arithmetic remains forbidden.
  • Exception Register and Audit Finding templates separate facts, assumptions, confidence, and limitations.
  • DPO/penalty claims are marked not found / needs evidence unless separately supported.
  • Candidate packs remain candidate; no promotion without pilot evidence and owner acceptance.
  • Upload/manifest references are updated only if repo conventions require it.
  • Checks pass or blockers are documented.
  • PR summary includes files changed, checks, risks, rollback, and no auto-merge.

Stop conditions

Stop and report blockers if:

  • no clear destination folder convention exists;
  • [Codex] Add Analytics Finance Core templates #127 already covers the same scope and this issue would duplicate work;
  • implementation requires routing rewrite or new project structure;
  • implementation requires production automation or blocked promotion items;
  • implementation requires private/client/vendor/bank/personal data examples;
  • implementation requires SQL/Python pipeline in the first PR without separate task scope.

Rollback

If the PR is rejected or checks fail without a safe fix, revert only added AP/P2P template files and any related manifest/upload references.

Expected PR summary

  • Added candidate AP/P2P Audit Pack templates for Analytics.
  • No routing rewrite.
  • No new project layer.
  • No production automation.
  • No implementation code.
  • No candidate promotion.
  • Checks listed.
  • Residual risks and rollback documented.
  • No auto-merge.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions