Shaping AI governance and controls

Q When using artificial intelligence (AI), how can companies maintain strong controls, governance, and human oversight?

A When implementing AI, broad controls and strong governance across the end-to-end AI program are important — not only for unlocking value but for addressing evolving risk domains including privacy, accountability, and security. Without human oversight, risks include blind trust in AI outputs and AI inadvertently — authorized or unauthorized —accessing and sharing sensitive information, internally or externally. Strong protocols safeguard sensitive data. Treat AI as a responsive, intelligent assistant — capable of processing and highlighting data but always requiring human validation. Leading practices include thorough review processes, identifying where AI is deployed, and maintaining a “human in the loop.” Companies can establish centers of excellence reporting to audit, risk committees, or the board for oversight. As AI reliance increases, detailed review and governance help safeguard operations and reputation.

Q How is AI driving transformation and efficiency in finance?

A AI automates finance tasks, shifting manual work like documentation, control mapping, and gap analysis, which can result in faster and efficient real-time, time-saving processes. Advanced AI systems objectively capture process details, identify missing controls or process owners, and align findings with compliance requirements and technical standards. This automation can reduce the risk of human error and frees finance teams to focus on strategic analysis and decision-making. Traditionally, most effort went into preparing data, with less spent on review. With AI, this pattern has reversed: Preparation now requires less effort, allowing more focus on thorough review and analysis.

Q What key controls are needed when integrating AI with ERP and cloud?

A Integrating AI within cloud ERP depends on precise controls at each intersection. Start by identifying AI touchpoints within the technology landscape. Strong data governance can support reliable AI inputs and reduce error risk. Review protocols should match each process, as universal standards are still evolving. Ongoing human oversight remains important to validate results and address exceptions. Strong change management and access controls are needed to prevent unauthorized actions or configurations. Organizations should be proactive with controlled pilots, evaluate outcomes, and strengthen their controls. A vigilant, responsive approach maximizes AI’s potential while managing risk and compliance.

Sponsored by:

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States, and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see deloitte.com/about to learn more about our global network of member firms.

This publication contains general information only, and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional
advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business.
Before making any decision or taking any action that may affect your business, you should consult a qualified professional adviser.

Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.