How a Cell Therapy Company Eliminated Recurring Audit Findings in NetSuite

How Affini-T Therapeutics closed recurring audit findings with the Archer AI Approval Module, locked master data, and automated fixed assets across hundreds of cell therapy lab instruments.

  • life-sciences
  • cell-gene-therapy
  • ai-approvals
  • fixed-assets
  • audit-readiness
  • delegation-of-authority

"The recurring audit comment was structural, not procedural. We did not need another remediation cycle. We needed a platform that enforced what policy was asking people to enforce on their own. Archer delivered that, and the audit comments stopped." - Controller, Affini-T Therapeutics

About the client

Affini-T Therapeutics

Affini-T Therapeutics is a clinical stage biotechnology company advancing T cell receptor therapies for solid tumors. Research and development operations span Massachusetts and Washington, with a substantial fixed asset portfolio of specialized laboratory equipment including biosafety cabinets, flow cytometers, sequencers, and centrifuges.

High volume vendor payables flow through Bill.com, expense reporting runs in Expensify, and purchase orders move through Prendio, all posting into a single NetSuite OneWorld subsidiary. As a growth stage life sciences organization subject to rigorous external audits and SOX expectations, Affini-T required enterprise grade controls, unbreakable approval hierarchies, and complete audit trails directly within the ERP.

0

recurring control findings

0

manual audit trail reconciliation

100s

lab assets under automated depreciation

1

system of record for auditors

The challenge

Standard NetSuite workflows could not meet auditor expectations

NetSuite provided a working foundation, but as Affini-T scaled, the native capabilities exposed structural limitations that external auditors flagged year after year. Chart of accounts entries, departments, classes, locations, and journal entries could be created or modified without systematic executive review. Conventional approval workflows stalled transactions, allowed creators to approve their own work, and did not consistently capture rejection reasons or approval history under the record itself.

September 2024 meeting minutes recorded the finding directly: NetSuite reporting was not sufficient to capture change, and auditors had requested a system overlay for detailed permission and approval reporting. The recurring nature of the audit comments made the issue clear. Discipline was not the problem. The platform could not enforce the controls a scaling biotech requires.

What was breaking down

  1. Master data changes could be made without systematic executive review, leaving auditors unable to trace who created or approved records
  2. Standard workflows allowed creator approver scenarios, with no enforcement at the platform level
  3. Records remained editable after approval without triggering re approval, exposing the company to unauthorized changes
  4. Bill.com and Expensify journals were created externally without NetSuite approval controls
  5. Fixed asset acquisition, depreciation, transfers, and disposals relied on manual processes and BlackLine reconciliation
  6. Audit walk throughs required manual cross referencing of system notes, spreadsheets, and third party logs

What was at stake

  1. Recurring audit comments on approval authority and segregation of duties would continue each cycle
  2. The hundreds of high value lab assets in the portfolio would remain reconciled by hand, with error risk that compounded with scale
  3. Finance team time was being absorbed by remediation rather than strategic work and growth support
  4. External auditor confidence in the controls environment was eroding with each year of repeated findings
  5. The cost of preparing for audit walk throughs would scale with the size of the company rather than with the complexity of the underlying activity

Why Archer Insights

A structural fix from a partner who knows life sciences

Affini-T needed a partner who could evolve the existing NetSuite environment into a governed financial operating system rather than replace it. Archer Insights was selected based on its exclusive focus on life sciences companies, its Approvals App and Built for Pharma methodology, and its track record of delivering audit ready configurations for cell and gene therapy companies.

Archer brought the AI Approval Module, the Fixed Assets Management SuiteApp configuration depth, and the role design patterns that had been validated across comparable cell therapy and biopharma engagements. The work was scoped to close the recurring audit comments at the architecture level, not to add another remediation layer on top of the existing configuration.

The solution

One platform, enforced controls, audit ready from Day 01

Archer Insights partnered with Affini-T to evolve its existing NetSuite environment into a governed financial operating system. The implementation focused on three non negotiable outcomes: enforced delegation of authority at the point of every master data and transaction commitment, complete self contained audit trails stored under each record, and native automation of fixed assets, approvals, and integrations without third party workarounds.

Archer audit ready architecture flow

01

Master data control

Custom approval fields on COA, departments, classes, locations

Records lock until executive approval and require re approval for edits

02

Transaction enforcement

AI Approval Module on journal entries and related records

Creator not equal to approver as a system rule; no stuck workflows

03

Fixed asset automation

Fixed Assets Management SuiteApp

Asset proposals, depreciation, transfers, and disposals automated

04

External system governance

Bill.com and Expensify integrated under NetSuite approval controls

External journal creation flows into a governed environment

05

Audit retrieval

Full approval and change history under each record

Walk throughs run inside NetSuite without external assembly

The recurring audit comment was closed at the architecture layer. The platform now enforces what policy was being asked to enforce on its own.

What Archer Built

01

Archer AI Approval Module with custom approval fields

The AI Approval Module was deployed with extended approval fields across chart of accounts, departments, journal entries, locations, and related records. The fields capture approval status, next approver, created by, step, check, and withdraw, plus automated locking and history. Records now default to Pending Approval, lock automatically until reviewed by Controller or CFO roles, and retain complete history including rejection reasons under a single record.

The stuck transactions that had previously plagued routing were eliminated. The workflow either advances or carries an explicit reason for rejection, captured under the record rather than in an email thread.

02

Delegation of authority workflows for master data

Master data records, chart of accounts, departments, classes, and locations were restricted under DOA. Edits to approved records require re approval through a controlled Update Required path. The exposure that had concerned auditors, where records could be modified after approval without triggering review, was closed structurally.

03

Fixed Assets Management across hundreds of lab instruments

The Fixed Assets Management SuiteApp was configured for automated asset proposals from transactions, straight line depreciation, transfers, and disposals. The biosafety cabinets, flow cytometers, sequencers, and centrifuges that drive cell therapy research and development are tracked under one register. Net book value is accurate across the portfolio. BlackLine reconciliation runs cleanly against the NetSuite asset master.

Asset transfers across Massachusetts and Washington sites and disposals at end of useful life produce the audit history auditors expect without manual reconstruction.

04

Bill.com and Expensify integration with enforced approvals

The journal volume from Bill.com and Expensify, which had previously bypassed NetSuite approval controls, was brought under the governed workflow. Vendor bills flow from Bill.com into NetSuite under approval routing. Expense reports flow from Expensify under expense approval policies. The external systems remain in use; the governance lives where the GL lives.

05

Role based security with custom Controller and FP and A roles

Custom roles for Controller, Accountant, and FP and A were designed alongside a pending approvals portlet that gives approvers real time visibility into what is waiting. Each role carries the minimum permissions required, and the permissions that would create conflicts of duty are structurally separated. The pending approvals portlet removed the email reminders that had previously surrounded approval routing.

Modules Deployed

ModuleWhat it doesImpact at Affini-T
Archer AI Approval ModuleCustom approval fields and automated locking across master data and transactionsCreator not equal to approver; full history under each record; stuck transactions eliminated
Delegation of Authority WorkflowsPending approval to locked state for COA, departments, classes, locations, journal entriesMaster data restricted until executive approval; edits require re approval
Fixed Assets Management SuiteAppAutomated asset proposals, depreciation, transfers, disposalsHundreds of lab instruments under one register with clean BlackLine reconciliation
Bill.com and Expensify integrationAutomated journal creation with NetSuite approval controlsExternal payables and expense flows enter the governed environment
Role based security and remindersCustom Controller, Accountant, and FP and A roles plus pending approval portletPrecise permissions with real time visibility for approvers

Outcomes

What changed after go live

Operational results

  1. Master data and transactional records default to Pending Approval and lock on approval with re approval required for edits
  2. Hundreds of lab assets brought under automated proposal, straight line depreciation, transfer, and disposal workflows
  3. Bill.com and Expensify journals flow into NetSuite under approval controls rather than bypassing them
  4. Pending approvals portlet replaced the email reminders that had previously surrounded approval routing
  5. Stuck transactions eliminated; routing either advances or carries an explicit captured reason

Finance and control results

  1. 0 recurring control findings related to approval authority or segregation of duties in subsequent audit cycles
  2. Auditors access approval chains, journal entry support, and fixed asset history directly inside NetSuite
  3. ICFR walk throughs run without external assembly of system notes, spreadsheets, and third party logs
  4. Finance team time redirected from control remediation to strategic analysis and growth support
  5. BlackLine reconciliation runs cleanly against an accurate NetSuite asset master across the lab portfolio

The Archer edge

Audit readiness as architecture, not a quarterly exercise

Companies that treat audit readiness as a quarterly exercise spend disproportionate time preparing documentation. Companies that embed audit ready architecture into their financial platform produce the required evidence as a byproduct of normal operations.

Archer Insights designs every NetSuite engagement, especially in life sciences, around this principle: every financial commitment, master data change, and transaction must carry a complete, system generated, immutable audit trail from initiation through approval, posting, and reconciliation. For a clinical stage biotech like Affini-T with external auditors and SOX expectations, this is not aspirational. It is operational necessity.

The recurring nature of audit comments at Affini-T before the engagement was not a discipline problem. It was a platform problem. Closing the comment at the architecture layer ended the recurrence and returned finance team capacity to the work the team was hired to do.