Tech architecture swirl

Why technology implementations call for proactive risk assessments

Edward Campbell

EY Americas Technology Risk Expanded Assurance Leader

Contributors

4 minute read 18 Aug 2025
Related topics
Assurance
Audit
Technology risk

In brief

  • Technology changes without appropriate risk assessments can lead to delays, disruptions and challenges with internal controls over financial reporting.
  • Tech changes, cloud migrations, application implementations and enterprise resource planning (ERP) software upgrades affect audit and business functions.
  • Proactive technology risk assessments — including control, security and privacy evaluations — identify risks, compliance gaps and enhancement opportunities.

How EY can help

Organizations are exploring technological changes to reinvent business processes, offer new customer products and enhance or streamline financial processes, such as consolidation and reporting.


As organizations undertake IT transformations, proactive IT risk assessments are strongly encouraged.

 

New technology introductions have implications for the audit, financial reporting and other essential business functions. When companies adopt those technologies without sufficient planning, it can lead to a delayed realization of benefits, increased risks and potential loss of customer and investor confidence.

 

Technology implementation failures often stem from insufficient testing, underestimated costs and challenges integrating legacy and new systems. Risk assessments, pre-implementation assessments and IT risk assessments examine the project, compliance obligations, system architecture and the effects on internal controls and the business to identify potential risks and inefficiencies.

 

Recently, a large US-based regulated power and utility company used this proactive approach as it sought to enhance its financial processes and reporting accuracy by upgrading its ERP software.

 

The benefits of an upgrade were clear. It is well-known that centralized data management can facilitate real-time decision-making and that poorly structured data often leads to inaccurate results and moving data between systems can increase risks. However, this organization’s leaders also knew that their multiyear ERP system implementation had the potential to cause short-term disruptions, impact multiple classes of transactions and affect how audits and financial reporting would be conducted in the future.

 

The power and utilities company established an integrated team and worked with EY Tech Risk to assess the inherent risks of the implementation.

 

“We understood the specific risks and challenges of this transformation and tailored our strategy to match the client’s needs,” said Edward Campbell, EY Americas Technology Risk Expanded Assurance Leader. “This early involvement of advisors experienced in technology integrations and risk management led to a seamless transformation for management to upgrade their financial systems.”

 

As a direct result of this pre-emptive approach, this organization was able to maintain operational continuity, mitigate internal control risk, reduce audit risks and set a new standard for efficiency and transparency in the process.

 

Technology implementations and transformation programs are on the rise

 

Many organizations, regardless of sector, will find themselves in the same situation as the power and utilities company.

Software and system upgrades
1.4 million companies are expected to spend $183b on ERP software in 2025, according to market researchers.

Source: The ERP Market Forecast for 20251

A leading ERP software provider has recently announced plans to discontinue support for older versions of their software by 2027, pushing companies to transition to the latest versions. The shift is more than just a routine technical upgrade. It involves changes in how the IT environment is hosted and managed and requires new considerations for user access, security and overall management. It will impact how businesses operate and manage their data.

At the same time these upgrades are being considered, organizations are also pushing toward more automation, using tools such as process automation to streamline manual tasks. The inclusion of artificial intelligence (AI) tools and generative AI (GenAI) is a natural next step in this evolution. However, before integrating AI, companies must prioritize governance and establish robust policies and procedures and strong security measures to safeguard their data.

ERP and technology implementation on the rise

June 2024
May 2025

Source: EY pre-implementation surveys and analysis

When organizations implement ERP system upgrades, they are often using the opportunity to conduct wholesale technology changes. The percentage of companies upgrading or changing their ERP while also implementing other technologies rose from 28% in 2024 to 66% in 2025.

Take action ahead of a technology change

Before implementing a technology change, audit committees and project stakeholders should thoroughly evaluate the potential impacts on business controls, operations and IT infrastructure.

  • Establish and follow a strategic planning process that guides technology adoption.
  • Examine how the IT implementation aligns to business strategy.
  • Assess the potential risks associated with new technology implementations.
  • Institute governance frameworks to protect data and regulatory compliance.

Five essential steps to a successful IT system implementation assessment

  1. Consider which customer, financial and operational data will be impacted.
  2. Identify processes that will be changed and incorporate plans to test them prior to going live.
  3. Decide how user access to systems, data and resources will be granted, monitored and updated.
  4. Determine if the new system requires modifications and plan for the transition of existing controls.
  5. Follow a defined process with approvals for each phase. Determine the organization’s readiness for the new system cutover.

A post-implementation risk assessment of the tech system migration can also serve as an important tool in determining residual gaps and to measure the ongoing effectiveness of the processes and controls.


Summary

Rapid technology adoption without strategic planning can introduce risks, delay change and lead to inaccurate data and reporting. When considering adopting new technology or when upgrading existing tech systems, companies should conduct a risk assessment prior to implementation and develop an integrated plan with cross-functional teams. By prioritizing planning and governance, companies can confidently navigate technology changes more effectively and position themselves for success.

About this article

Edward Campbell
EY Americas Technology Risk Expanded Assurance Leader
Experienced IT risk professional. Avid traveler. Enjoys skiing in the winter and summers at the beach.

Contributors

Related topics
Assurance
Audit
Technology risk

Related article

How AI assessments can enhance confidence in AI

Well-designed AI assessments can help evaluate whether investments in the technology meet business and society’s expectations. Read more.

Anne McCormick + 1

Technology assurance: assess risk, build trust and create resilience

Three actions to build confidence, transparency and resiliency while managing technology risk now and into the future. Read more.

Daryl Box + 2

    EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.