Key Results at a Glance
- 40% time savings on controls testing across the Advisory practice, translating to 114 hours saved on PCI control testing alone
- 8% time savings on requests, saving 30 hours on PCI evidence requests through Request Agent
- 144 hours saved on a PCI engagement (38% total time savings), with Field Auditor testing in the background while practitioners worked on parallel engagements
About Frazier & Deeter
Founded in 1981 and headquartered in Atlanta, Frazier & Deeter (FD) is a Top 50 accounting and advisory firm offering a full suite of tax, audit, risk and cyber advisory, and digital transformation services. FD's advisory practice specializes in SOC reporting, PCI compliance, HITRUST assessments, and cybersecurity advisory, with every client engagement across these service lines performed end-to-end within Fieldguide.
John Deason is an Advisory Associate in FD’s Cyber Advisory Practice who specializes in the firm’s PCI engagements, including the firm’s complex, multi-framework clients. John has been at FD for just over three years. John was actively involved in FD’s Field Agents pilot, testing Fieldguide’s agentic capabilities against live PCI engagement workflows.
Where PCI's Complexity Costs the Most Hours
PCI DSS is one of the most prescriptive frameworks in FD's advisory practice. The documentation clients provide is often dense, technical, and not organized in a way that maps cleanly to the Standard. Even experienced practitioners spend meaningful time parsing vendor evidence to determine what satisfies which requirement, what's extraneous, and what's missing entirely. For team members earlier in their careers, that learning curve compounds.
"Our team has a lot of associates, and PCI evidence can be dense and technical," John explains. "Even our most senior people spend a lot of time working through it, so for anyone on the team, that's where the hours add up."
The framework's complexity hits hardest on sample-heavy controls. Consider change management testing, a staple of PCI engagements. When a client processes thousands of changes per year, FD's team may need to select a sample of 50 or more change tickets and verify that each one followed proper approval workflows and processes. That kind of testing is manual, repetitive, and time-intensive, regardless of who is doing it.
“If there’s 50 change tickets, that’s going to take even a senior practitioner a long time,” John says. “It doesn’t matter about skill level. It’s simply a lot to go through.”
For a team already stretched across multiple PCI engagements occurring in parallel, every hour consumed by manual sample testing was an hour unavailable for advisory work, professional development, or simply keeping up with competing engagement timelines. The constraint was clear: the team's capacity was defined by the speed of its most manual processes, and PCI's evidence requirements made those processes unavoidable.
Two Capabilities That Changed the Operating Model
In late 2025, FD began piloting Fieldguide’s agent workforce for PCI engagements, with John actively involved in testing the agents against PCI workflows. The pilot focused on two specific capabilities that directly addressed the team’s most persistent bottlenecks: Request Agent for evidence triage, and Testing Agent with Agent Triggers for high-volume sample controls.
Request Agent was the first one to make a visible impact. For PCI engagements, where evidence requests involve highly technical documentation that doesn't always arrive in the format or structure practitioners expect, the agent parses incoming client submissions and surfaces what's relevant, flags what appears to be missing, and calls out what doesn't belong. For associates still learning the nuances of PCI DSS, this provides a level of direction that previously required a more experienced resource to sit down and walk through the documentation with them.
"Request Agent has really helped with some of the more difficult requests on the technical side of things," John says. "It gave the younger folks more direction, and that sped things up quite a bit."
The impact here is not about removing the associate from the process. It is about giving them a starting point. Instead of spending the first hour of an evidence review figuring out what they're looking at, associates can begin with the agent's analysis and focus their time on validation and judgment. The manager review still happens, but the cycle to get there is shorter.
The second capability, Agent Triggers, changed the team's operating model at a more fundamental level. Once FD configured automatic triggers for testing workflows, Field Auditor could execute sample-based testing in the background while practitioners worked on entirely separate tasks. The testing no longer required a person to be actively engaged for the duration of the run.
“With automatic triggers, I was able to test the entire DSS at once,” John says. “Obviously I went through after the fact to parse and make sure that things were correct, but the time saved with Agent Triggers is quite impressive.”
This shift, from sequential to parallel execution, is what makes Field Agents meaningful at the engagement level. A team that previously had to finish testing one control before starting the next can now have multiple controls in-flight simultaneously, with agents doing the initial evidence evaluation while practitioners focus their attention where professional judgment is actually required.
Six Things at Once: How Parallel Testing Frees 144 Hours
The pilot's impact has shown up in the numbers. Across FD's advisory practice, Field Auditor is delivering a 40% time savings on controls testing and an 8% time savings on evidence requests. For the PCI practice specifically, that translates to 114 hours saved on controls testing and 30 hours saved on requests, a combined 144 hours returned to the team.
On high-volume controls like change management testing, where reviewing 50 or more change tickets previously consumed hours of associate time, Field Auditor now performs the initial pass and surfaces findings for practitioner review. The team's role shifts from manual evidence inspection to professional judgment on flagged items, a fundamentally different use of their time.
Across the broader engagement, the ability to run Field Auditor in parallel with other practitioner work means FD's PCI team is no longer bottlenecked by sequential testing. Team members can advance other engagements, handle client communications, or work on internal initiatives while agent runs complete in the background. The engagement doesn't stall while testing is underway.
“It just opens up more time in general for the testers to do other things, whether that’s work on other engagements or attend local chapter events, whatever it may be,” John says. “The time savings are huge.”
The economics of this shift matter at the practice level. For each PCI assessment, the engagement budget is a function of hours and rates. When testing hours compress, either through faster individual control testing or through parallel execution across multiple controls, the cost per engagement drops without sacrificing the quality of the work. That margin creates room, either to take on more engagements with the same team, or to reinvest the capacity into higher-value activities.
John sees that capacity flowing toward professional development and strategic work that has always been squeezed by engagement deadlines.
“With the time saved here, I can get into the textbooks and study up,” John says. “And that’s just one option. There are plenty of other strategic initiatives on the internal side, anywhere from thought leadership white papers to assisting with the creation of new service methodologies.”
Scaling Field Agents Across Every Advisory Line
As FD’s Advisory team moves beyond the successes of the Field Agents pilot and begins the implementation process across FD’s Advisory Practice, the team believes the benefits will continue to unfold.
“I’m sure there are things we don’t even know about that we could do, because we’ve never had the time to see,” John says. “I’m excited to see what doors this will open, as I’m sure there will be plenty.”
And the broader implications extend beyond the PCI team. FD conducted parallel pilots across three service lines: SOC, PCI, and HITRUST, with each team evaluating Field Auditor against their specific framework requirements. The firm's approach was threefold: validate in controlled environments, confirm the output meets quality standards, then expand.
For a team that has run every engagement through Fieldguide for four years, Field Agents represent the next step in a platform they already trust. The foundation of centralized evidence collection, client collaboration, and engagement management was already in place. Now the capacity ceiling is moving.
