ERP with AI: Use Cases and Controls

·

AI inside an ERP creates value when it cuts down on classification, search and decision-prep work, but it should never gain permissions equivalent to an administrator. Low-impact functions can be automated with sampling; payments, closings, vendor onboarding, tax changes and decisions about people require deterministic rules, validation and approval.

Use cases by risk level

Case Benefit Control
Classify documents Less manual work Sampling
Extract fields Faster data entry Per-field validation
Forecast demand Better planning Baseline comparison
Detect anomalies Early warning Human investigation
Draft journal entry Time savings Accounting approval
Create payment High impact Dual approval
Change master record Cross-system effect Controlled workflow

Autonomy only increases with evidence.

Architecture

AI should never write directly to the ERP's tables. The system exposes bounded tools through APIs or services that validate schema, identity, permission, rule and context before executing any action.

The layers of this architecture are:

Data and master records

A model working on duplicate or incomplete data speeds up errors instead of reducing them. Before rolling out any feature, customers, products, taxes, vendors, units and statuses must be reviewed.

Inferred outputs are flagged as proposals, never as facts. The system keeps the source, the confidence level and the person who validated each piece of data.

Document extraction

For invoices, orders or contracts, accuracy is measured field by field. The tax ID, the amount, the date, the IBAN and the tax rate carry different weight if they fail. Critical fields require mathematical validations and cross-checks against the master data.

AI does not decide on its own whether a document is legitimate.

Forecasting

Demand or cash-flow forecasting must always be benchmarked against simple methods. The reference metrics are:

If the model does not beat a simple baseline, it doesn't justify the added complexity.

Agents with tools

An agent can check stock and draft a purchase order, but it must not approve the purchase without limits. Every tool separates read from write and defines a maximum amount, approved vendors and idempotency.

OWASP identifies excessive agency as a risk specific to these systems. Controls must live outside the prompt, not inside it.

Human oversight

The approval screen must always show:

Rubber-stamping is not oversight.

Permissions

The agent uses its own identity, never that of an administrator. Permissions are restricted by:

A person's termination or role change must automatically revoke the permissions of their associated agent.

Security

The main threats to watch are:

Allow-lists, segregation, multi-factor authentication, validation and alerts are applied. Text embedded inside a document cannot override the system's instructions.

Traceability

Every execution must log:

Logs are minimised and protected.

Quality and regression

The test suite must cover closings, taxes, refunds, duplicates, incomplete data and attacks. It runs every time the model, the prompt, the connector or the ERP version changes.

Critical classes have zero tolerance.

Cost and ROI

Cost per valid task is calculated by adding up model, infrastructure, integration, review, support and incidents. Theoretical savings don't count if they end up increasing rework.

90-day plan

Days 1-30

Scoped use case, baseline, data and permissions.

Days 31-60

Integration, testing, logs and oversight.

Days 61-90

Pilot, metrics, risk and decision.

Common mistakes

  1. Turning on features without an owner.
  2. Granting the agent administrator permissions.
  3. Relying on poor-quality master data.
  4. Measuring speed alone.
  5. Allowing direct writes to the ERP.
  6. Not validating IBAN and taxes.
  7. Approving by default.
  8. Not versioning prompts.
  9. Mixing data across companies.
  10. Scaling without regression tests.

Checklist

Frequently asked questions

Can AI post accounting entries automatically?

It can prepare journal-entry proposals. Full automation depends on risk, rules, accumulated evidence and human approval.

Can AI make payments?

It shouldn't, without strict controls, amount limits and dual approval outside the model itself.

Does AI replace BI?

No. BI describes and monitors; AI can forecast or assist, but it needs quality data and metrics to do so reliably.

At Summum Sistemas we help integrate AI into the ERP with permissions, testing and oversight suited to each risk level.