Contributor: Max Demeola, Audit & Assurance, Senior Manager, Deloitte & Touche LLP
Talking points
Technology, media, and telecommunications (TMT) companies have long shown they’re not just creators of emerging technology; they’re also among the fastest to put it into practice. It’s no surprise then that the industry has eagerly embraced ERP digital transformation to keep up with rapid market shifts and constant innovation.
Recently, this momentum has only accelerated, thanks to the rapid rise of cloud computing . Gartner projects that end-user spending on public cloud services will reach a remarkable $723 billion this year—a 21.5% jump from 2024’s $525.6 billion.¹
In the sections ahead, we explore how TMT companies may enhance and navigate growth with a well-managed ERP cloud migration incorporating internal controls—built with automation such as AI—that mitigate risk throughout the cloud transformation workstream.
How ERP systems are evolving to meet TMT industry complexity
Today’s ERP systems face mounting pressure to keep pace with accelerating industry challenges. Think faster software and gaming release cycles, new or evolving revenue streams, and advancing internet and wireless technologies, to name just a few. To stay ahead, ERP systems within TMT organizations should evolve to tackle a range of more complex and demanding tasks, such as:
ERP cloud migration risks
To meet these rising challenges, TMT companies are opting to transform their ERP systems and migrate to cloud platforms to access needed performance enhancements. But they’re facing a new set of risks and challenges that come with cloud migrations—from audit documentation retention and access security management to segregation of duties, data migration management, and legacy system rearchitecting to fit the cloud.
Embedding modern, robust controls—controls built with automation such as AI—into the cloud migration workstream can mitigate these risks and streamline the transition of data and processes into the cloud. These embedded, automated controls can also address ongoing post-migration risks within financial reporting, audit, and compliance workstreams, including Sarbanes-Oxley (SOX).
Leveraging system accelerators and AI in ERP systems to automate
controls increases confidence that risks are identified and mitigated. These
modern controls enhance operational efficiency, data integrity, and system
security.
Consequences of inadequate controls
What happens when controls fall short? During cloud migration, inadequate controls, which are often manual or outdated, increase the risk of issues such as data loss, corruption, and unauthorized access. Post-migration, they can create ongoing financial reporting and operational risks, such as reconciliation discrepancies and regulatory compliance issues. The consequences can be severe, ranging from financial misstatements and regulatory penalties to data breaches, intellectual property theft, operational disruptions, and diminished stakeholder trust.
Enhancing ERP controls with game-changing technology
Leveraging system accelerators and AI in ERP systems to automate controls increases confidence that risks are identified and mitigated. These modern controls enhance operational efficiency, data integrity, and system security. Generative AI, autonomous AI agents, robotic process automation (RPA), and machine learning technology can be strategically applied to streamline critical accounting, IT, governance, and operational control processes, including:
Leading practices for implementing AI-powered internal controls
AI and other accelerators alone won’t provide the internal controls benefits discussed here. Effective control design and implementation are also essential. Deloitte’s internal controls framework includes these leading practices for designing and implementing a robust control-ready framework during your system transformation:
What role can Deloitte play?
Deloitte’s dedicated risk and controls practice helps enable TMT companies to identify efficiencies, automate processes, manage AI risks, and streamline cloud migrations. We can advise you on how to embed robust, compliance-ready, AI-powered ERP internal controls throughout the design and development of your ERP system. To learn more, read our new ERP transformation and controls article. You can also contact your Deloitte representative or reach out to us for more information.
Endnotes
1 Gartner, “Gartner forecasts worldwide public cloud end-user spending to total $723 billion in 2025,” press release, November 19, 2024.
The services described herein are illustrative in nature and are intended to demonstrate our experience and capabilities in these areas; however, due to independence restrictions that may apply to audit clients (including affiliates) of Deloitte & Touche LLP, we may be unable to provide certain services based on individual facts and circumstances.
This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.
Copyright © 2025 Deloitte Development LLC. All rights reserved.
Kajal is an Audit & Assurance partner with Deloitte & Touche LLP, based in San Jose, CA. She serves as our west region governance, risk, and controls (GRC) leader within our Accounting and Reporting Advisory business. Kajal brings more than 17 years of combined work experience in external audit, Sarbanes-Oxley (SOX) compliance, internal audit, investment banking and tax advisory at multinational organizations. In her current role within Deloitte’s Accounting Advisory and Transformation Services business, Kajal focuses on overall risk management including SOX readiness, SOX co-sourcing, operational internal audit, enterprise risk management (ERM), mergers and acquisitions (M&A) related internal controls, material weakness remediation, general IT controls, internal controls related to ESG, SOX modernization, automation, and other relevant areas. Kajal has been interviewed on SOX and internal control matters by business journals and has also co-authored various Deloitte thoughtware around GRC. Prior to her current role, she worked as an internal audit professional at several multinational companies. Kajal received her bachelor’s of commerce from University of Mumbai, India, is a Chartered Accountant from India, and a CPA in California.
Melanie is an Audit & Assurance Principal with more than 15 years of experience in external audit, Sarbanes-Oxley (SOX) compliance, and internal audit at multinational organizations. She is passionate about advising companies on navigating SOX compliance, SOX co–sourcing, general IT control assessments, ERP transformations, IPO readiness and process remediation. She spends her time collaborating with clients in the Technology, Media & Telecommunications (TMT) industry across the three lines. In her current role as the TMT Industry Marketplace Leader for Digital Controls, AI and Automation and Business Controls Advisory, Melanie focuses on risk management, digital transformations, SOX modernization, automation, and risk and controls around ERP transformations.
Charlie is a managing director with Deloitte’s Risk & Financial Advisory practice. He has 25 years of experience with technology risk and controls. Prior to joining Deloitte, Charlie focused his career within Information Technology where he was involved with data center operations, application development, server and database administration, as well as network and firewall administration. At Deloitte, Charlie has spent his time applying his knowledge of technology with IT risks and controls to assist many clients across multiple frameworks (e.g., NIST, ISO, COBIT, PCI CSA CCM, HITRUST, GLBA, FFIEC, NYDFS). His primary focus is within the IT risk space, supporting engagements requiring his technical skills such as internal audit, cloud computing, IT risk and governance, IT SOX optimization, and System and Organization Control (SOC) reports. Over the past 10 years, Charlie has been active with Deloitte’s cloud computing initiative for internal audit and he is Deloitte’s primary contact for internal audit cloud-related services. He has also been involved in Deloitte’s innovation initiative to help clients prepare for future American Institute of Certified Public Accountants (AICPA) cybersecurity risk management examinations. Charlie has been a featured speaker at several industry events, sponsored by SIFMA, ISACA, and the Institute of Internal Auditors (IIA), among others. In addition, Charlie has developed cloud computing training curriculum for ISACA for a course that has been running for the past nine years. He has written articles on risks associated with the cloud that have appeared in Deloitte’s module of the Wall Street Journal Risk and Compliance Journal and was one of the primary authors of Deloitte’s paper, “Will risk rain on your move to the Cloud?” Charlie was a member supporting the development of ISC2’s Certified Cloud Security Professional (CCSP) training to certify cloud security professionals. He helped support development of the AICPA SOC 2 publication, as a member of the ASEC Trust Information Integrity Task Force and Cloud Computing working group. Finally, Charlie was a member of SIFMA’s SOC2/AUP/NIST Cybersecurity for Critical Infrastructure Third-Party Assessment Standard task force.