How robust internal controls mitigate risk and strengthen ERP cloud system transformations in the TMT industry

Contributor: Max Demeola, Audit & Assurance, Senior Manager, Deloitte & Touche LLP

Talking points 

• To meet evolving industry demands, technology, media, and telecommunications (TMT) companies are accelerating intelligent enterprise resource planning (ERP) transformations and cloud migrations.
• These transformations, if not effectively managed, can expose TMT companies to heightened risks specific to the cloud environment.
• With Deloitte’s internal controls methodology, Deloitte can advise TMT organizations to build and embed robust controls, using AI and accelerators, into the transformation workstream to mitigate risks before, during, and after cloud migration.

Technology, media, and telecommunications (TMT) companies have long shown they’re not just creators of emerging technology; they’re also among the fastest to put it into practice. It’s no surprise then that the industry has eagerly embraced ERP digital transformation to keep up with rapid market shifts and constant innovation. 

Recently, this momentum has only accelerated, thanks to the rapid rise of cloud computing . Gartner projects that end-user spending on public cloud services will reach a remarkable $723 billion this year—a 21.5% jump from 2024’s $525.6 billion.¹ 

In the sections ahead, we explore how TMT companies may enhance and navigate growth with a well-managed ERP cloud migration incorporating internal controls—built with automation such as AI—that mitigate risk throughout the cloud transformation workstream. 

How ERP systems are evolving to meet TMT industry complexity

Today’s ERP systems face mounting pressure to keep pace with accelerating industry challenges. Think faster software and gaming release cycles, new or evolving revenue streams, and advancing internet and wireless technologies, to name just a few. To stay ahead, ERP systems within TMT organizations should evolve to tackle a range of more complex and demanding tasks, such as:

• Processing larger volumes of digital transactions to support fast-moving business models.
• Adapting to rapidly evolving AI technology and proactively managing the risks it introduces. 
• Integrating and cleansing data across a growing number of platforms.
• Navigating evolving regulatory compliance standards (e.g., General Data Protection Regulation [GDPR], National Institute of Standards and Technology [NIST], Service Organization Control 2 (SOC 2), and Accounting Standards Codification 606 [ASC 606]).
• Generating real-time insights and reports for more agile business decisions.
• Safeguarding confidential data and intellectual property from increasingly sophisticated threats.

ERP cloud migration risks

To meet these rising challenges, TMT companies are opting to transform their ERP systems and migrate to cloud platforms to access needed performance enhancements. But they’re facing a new set of risks and challenges that come with cloud migrations—from audit documentation retention and access security management to segregation of duties, data migration management, and legacy system rearchitecting to fit the cloud.

Embedding modern, robust controls—controls built with automation such as AI—into the cloud migration workstream can mitigate these risks and streamline the transition of data and processes into the cloud. These embedded, automated controls can also address ongoing post-migration risks within financial reporting, audit, and compliance workstreams, including Sarbanes-Oxley (SOX). 

Consequences of inadequate controls

What happens when controls fall short? During cloud migration, inadequate controls, which are often manual or outdated, increase the risk of issues such as data loss, corruption, and unauthorized access. Post-migration, they can create ongoing financial reporting and operational risks, such as reconciliation discrepancies and regulatory compliance issues. The consequences can be severe, ranging from financial misstatements and regulatory penalties to data breaches, intellectual property theft, operational disruptions, and diminished stakeholder trust.

Enhancing ERP controls with game-changing technology

Leveraging system accelerators and AI in ERP systems to automate controls increases confidence that risks are identified and mitigated. These modern controls enhance operational efficiency, data integrity, and system security. Generative AI, autonomous AI agents, robotic process automation (RPA), and machine learning technology can be strategically applied to streamline critical accounting, IT, governance, and operational control processes, including:

• Audit and SOX readiness and beyond, including evaluation of interfaces; compliance with standards, policies, and procedures; easing and streamlining auditability; and providing remediation feedback on observations found.
• Intelligent access controls and user analytics for data protection, accurate revenue recognition and forecasting, and continuous improvement.
• Compliance monitoring, mapping, and framework alignment for evolving regulations (e.g., GDPR, Payment Card Industry [PCI]).
• Real-time integration monitoring to determine system reliability.
• Anomaly detection for fraud and error prevention.

Leading practices for implementing AI-powered internal controls

AI and other accelerators alone won’t provide the internal controls benefits discussed here. Effective control design and implementation are also essential. Deloitte’s internal controls framework includes these leading practices for designing and implementing a robust control-ready framework during your system transformation: 

• Proactively design and embed controls early in the ERP project. 
• Conduct a risk and controls assessment tailored to your TMT complexities.
• Integrate AI and automation into control frameworks to reduce manual processes.
• Facilitate cross-functional collaboration between IT, finance, and compliance teams.
• Assist in designing audit documentation by defining retention requirements and developing compliance checklists, so required materials are retained throughout the project and remain available for external audit review after go-live.
• Regularly update and test controls as technology and regulations evolve.
• Invest in user training and change management. 

What role can Deloitte play? 

Deloitte’s dedicated risk and controls practice helps enable TMT companies to identify efficiencies, automate processes, manage AI risks, and streamline cloud migrations. We can advise you on how to embed robust, compliance-ready, AI-powered ERP internal controls throughout the design and development of your ERP system. To learn more, read our new ERP transformation and controls article. You can also contact your Deloitte representative or reach out to us for more information. 

Endnotes

¹ Gartner, “Gartner forecasts worldwide public cloud end-user spending to total $723 billion in 2025,” press release, November 19, 2024.

The services described herein are illustrative in nature and are intended to demonstrate our experience and capabilities in these areas; however, due to independence restrictions that may apply to audit clients (including affiliates) of Deloitte & Touche LLP, we may be unable to provide certain services based on individual facts and circumstances.

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.

Copyright © 2025 Deloitte Development LLC. All rights reserved.