More than 600 governance, risk compliance and audit professionals gathered in Atlanta for Elevate 2026. Diligent President & CEO Brian Stafford opened Elevate with a bold vision: “Budgets are flat. How are you able to do more with the same resources or less?” The answer, he explained, is a new wave of AI-powered innovation that’s already helping over 3,000 Diligent clients transform how they govern, manage risk and drive compliance.
Across the conference, the emphasis was on how AI has moved from experimentation to changing the day‑to‑day realities of governance, risk and compliance work.
Stafford’s headline announcement was the release of AI Board Member, a secure digital boardroom expert that acts as a trusted advisor, instantly surfacing insights, stress-testing decisions and flagging risks based on board materials, industry trends and other trusted data. Yet without the risks inherent in using general-purpose AI tools. “Picture someone who’s read every single word in your board papers for the last 5 years or 10 years,” Stafford said.
Alongside AI Board Member, the keynote expanded on the role of agentic AI across governance, risk, compliance and audit, introducing Diligent’s new suite of agentic GRC capabilities. These autonomous agents automate and orchestrate work that is often fragmented across teams and systems, giving organizations the impact of a “GRC manager” without adding headcount. That shift depends on connected data. As Adam Bailey, General Manager of Platform, explained, “Your data has to be connected. If you have your data in five or six different systems, AI will struggle to help you. That’s why The Diligent One Platform exists. It’s a single place for your data to live so it can cascade to all the places it needs to go.”
The need for that shift is becoming increasingly urgent. As Scott Bridgen, General Manager of Risk and Audit at Diligent, warned during the keynote, “Risk doesn’t pause for governance. We are approaching the limits of our capacity. Eventually the ball will drop. Things will get missed.”
Speakers were clear that the stakes are already high. Amanda Carty, General Manager of Compliance, pointed to the $8.2 billion in financial remedies recovered in 2024, noting how often enforcement outcomes stem from small oversights. “It’s the transaction you overlooked. The flag that got missed. The process you didn’t have in place.”
Nithya Das, General Manager of Legal and Governance, framed AI’s role in those moments plainly. “The legal and governance team is often the last line of defense. It’s our job to make sure what reaches the boardroom and the leadership team is coherent, is complete and most importantly, is defensible. If you give AI context, ask it to do the right job and define the role you want it to play, it can become a trusted partner.”
“AI is going to flag the risk you didn’t see coming, surface the decision that needs to be made before you knew you needed to make it, and give you back the hours you’ve been spending on work that should never have required a human in the first place.”
— Brian Stafford, President and CEO, Diligent
Headlining this year’s conference, AI leader Noelle Russell addressed a familiar tension many organizations face: Strong enthusiasm for AI’s potential paired with uncertainty around risk, governance and real business impact.
Rather than positioning responsible AI as a compliance exercise, Russell reframed it as a leadership and board-level decision. One that determines whether AI initiatives stall at pilot stage or scale in ways that are accountable, secure and durable. Across the broader set of AI-focused sessions, that theme held: responsible AI enables speed when ownership, risk tolerance and oversight are defined early — not bolted on later.
In a fireside conversation, Kathryn Henry, independent director and audit and compensation committee member at lululemon, joined Dottie Schindlinger, executive director of the Diligent Institute, to explore what authentic leadership looks like in today’s boardroom.
Their discussion connected personal presence and effective governance, particularly as directors operate under mounting scrutiny, complex regulatory expectations and increasing performance pressure. Drawing on themes from Henry’s memoir, the conversation emphasized that credibility in the boardroom is built through clarity, courage and integrity — especially in moments that call for difficult judgment rather than comfortable consensus.
Darian Rodriguez Heyman, Founder and CEO of Helping People Help, challenged boards to rethink what risk really means for mission‑driven organizations. With funding pressure, rising demand for services, and growing scrutiny from funders, regulators, and the public, he argued that nonprofits have moved “from the era of planning into the era of navigation,” where uncertainty is constant and shaped by cyber risk, AI, financial volatility, and heightened expectations of accountability.
Heyman urged boards to step beyond risk avoidance and engage with uncertainty more deliberately:
Integrated, board‑ready insight — supported by clear ownership and the right tools — helps boards move from fragmented spreadsheets toward more confident, informed oversight.
“Risk is no longer optional, it’s a key part of nonprofit governance.”
- Darian Rodriguez Heyman, Founder & CEO of Helping People Help
In a practical session on AI fundamentals, the focus was less on possibility and more on what it takes to use AI safely in legal and governance workflows. Speakers returned to a common set of risks legal teams can’t ignore (confidentiality and privilege, data sovereignty, hallucinations, bias and accountability) and emphasized that AI can still be useful if safeguards and review processes are explicit.
Warren Allen, General Counsel at Diligent, emphasized vendor transparency: “Vendors should be able to articulate to you what they’re doing to prevent hallucinations, defects and errors.” Lavonne Burke, Global Vice President, AI, Security, Resiliency & IT Legal at Dell Technologies, highlighted contracting and retention policies, including pushing for “zero-day retention” where appropriate.
“Human oversight can’t be overstated. This will get more complex as agentic AI and automation take off. Having failsafes embedded, ensuring you can stop the clock on some processes, having human oversight, are all things legal teams need to be on top of.”
- Lavonne Burke, Global Vice President, AI, Security, Resiliency & IT Legal at Dell Technologies.
For many organizations, the general counsel’s role now extends well beyond legal advice. In this Elevate session, Andrew Colvin, Vice President, General Counsel & Corporate Secretary at Canal Financial Group, shared how he came to take on ownership of enterprise risk management — and why governance had to come first. “Governance is the foundation of good risk management,” Colvin said, explaining that without a clear ERM charter, defined authority, and committee structure, risk programs struggle to gain traction.
At Canal, that governance shows up in deliberate, practical ways:
That discipline, Colvin noted, is what allows risk conversations to move beyond opinion and intuition, giving boards clearer visibility into risk trends and more confidence in the decisions they’re being asked to make as conditions change.
Directors are being given more information, but less clarity. Research shared at Elevate showed that while AI is now one of the most challenging topics facing boards, satisfaction with how cyber risk is communicated remains low. The problem, speakers argued, isn’t a lack of data — it’s how risk is framed. As Chris Arrendale, Founder and CISO at CyberData Pros, put it, cyber is often “last on the agenda,” leaving no room for dense, technical reporting.
What boards need instead is translation. Effective risk storytelling means:
Speakers also stressed the importance of candour. Being open about weaknesses builds trust, while benchmarking against peers gives boards essential context for decision‑making. As Maurice L. Crescenzi Jr., Industry Practice Leader at Moody’s, noted, the goal isn’t perfect control, but shared understanding — so boards can see how AI and cyber risk connect to strategy, resilience and long‑term value.
“Being able to show how your organization is performing against peers gives the board essential context and makes risk real.”
— Maurice L. Crescenzi Jr., Industry Practice Leader at Moody’s
For many compliance teams, the move from constant firefighting to something leaders can rely on starts with structure. Ashley Dubriwny, Head of Culture and Conduct at DocuSign, Debbie Dewar, Vice President, General Counsel and Chief Compliance Officer at SAS Institute Inc., and Patrick Henz, Compliance Advisor Latin America at Mitsubishi Heavy Industries America, shared what that shift looks like in practice. Dewar described the tipping point as realizing there was no process at all, just “death by 1000 meetings,” and how putting an investigations protocol in place helped her team move from reactive response to proactive control.
Across the conversation, trust emerged as the through‑line. Henz put it plainly: “You have to be perceived as a trusted employee by every level of the organization.” Dubriwny connected that trust to mindset, arguing that compliance programs work best when they move beyond enforcement and toward partnership. Being business‑centric and building relationship capital helps guidance land as support from the compliance and ethics team, not as an edict from Compliance.
The panel also addressed the pressure to adopt AI alongside the urgency to govern it. Dewar summed up the moment as “building the bridge as you walk over it,” while Dubriwny noted that teams cannot set rules for tools they do not use. She shared how her team is rewriting policies to be more accessible not just for employees but for AI, so when people ask a chatbot about a policy, it can return accurate, governed answers.
Transaction readiness looks very different depending on which side of the deal you are on — and this Elevate session brought both into the room. Nithya Das, General Manager, Governance and Chief Legal Officer at Diligent, was joined by Kristy Grant‑Hart, Head of Compliance Advisory Services at Spark Compliance, Robert Williams, Senior Director of Customer Success at Oracle NetSuite and Valentina Baldini, Executive Counsel and Leader Corporate Governance at Baker Hughes to compare how organizations prepare for, evaluate and execute transactions across the full lifecycle.
From the sell‑side, the message was clear: readiness starts long before a deal is on the table. Grant‑Hart urged teams to know their numbers and pressure‑test their organizations ahead of diligence, assuming scrutiny is coming and preparing accordingly. Her advice was simple: “figure out where the acquirer will poke holes,” rather than scrambling once the process is already underway.
On the buy‑side, Baldini was equally direct. “The data is the most important thing,” she said, underscoring how clean, well‑governed entity data determines how quickly teams can respond to diligence requests, especially in fast‑moving acquisitions and divestitures. Williams echoed that view from a finance perspective, noting that transactions often stall not on strategy but on execution when teams lack shared timelines, standard processes or clarity on where critical information lives. As he put it, “culture eats strategy for breakfast.”
Across the discussion, speakers returned to a few consistent markers of readiness: clear ownership across legal, compliance, finance and governance, disciplined data management and treating integration as part of the transaction lifecycle. From early post-acquisition risk assessments and DOJ safe harbor considerations to Day 1 governance actions and culture integration, readiness was framed not as a moment in time but an operating mindset built to hold up when scrutiny is highest.
Third‑party risk no longer sits neatly within procurement or compliance. As vendor and partner ecosystems expand, risk has become inherently cross‑functional, spanning cyber, legal, finance and operations. This session explored why traditional third‑party risk approaches are breaking down — and what it takes to move from point‑in‑time checks to more proactive oversight. A few recurring friction points surfaced in how programs operate today:
The conversation then turned to how AI can help close these gaps in practice. Rather than replacing human judgment, AI was positioned as a way to support smarter intake, surface early warning signals and route potential issues to the right risk owners. Used well, it frees teams from chasing information and allows them to focus on analysis, prioritization and decision‑making.
The takeaway was clear: proactive third‑party risk management is less about adding more checks and more about better alignment, purpose‑built tools and a willingness to rethink how risk is identified as ecosystems continue to evolve
Running an effective public meeting is a balancing act between transparency, fairness and momentum. In this session, attorney and certified parliamentarian Sarah Merkle of Civility, LLC unpacked how Robert’s Rules of Order help boards manage that balance, providing a structured framework for discussion, decision making and compliance with open meeting requirements.
Merkle emphasized that the starting point is knowing what applies. “Check with your state law. Check with your lawyer. Make sure you know what applies,” she advised, noting that clear procedural rules do more than keep meetings orderly — they help build trust by ensuring consistency and fairness. At their core, Robert’s Rules are designed to protect both process and people, grounded in the principle that everyone in the room has an equal right to information, discussion and a vote.
Strong parliamentary procedure also plays a practical role in keeping meetings moving. By clarifying how motions are introduced, debated and decided, chairs are better equipped to manage discussion, recognize speakers and prevent meetings from stalling or veering off track. As Merkle reinforced, the goal isn’t rigid formality, but creating the conditions for productive deliberation and defensible decision making in the public eye.
AI isn’t just another tool. It’s a force multiplier for good governance, helping teams surface risks sooner, make better decisions faster, and focus their expertise where it matters most. With the right guardrails, AI can turn oversight into advantage and help leaders build organizations that are more resilient, more accountable, and more prepared for what’s next. And Diligent is here to help you every step of the way.
From AI talk to real impact: How today’s public leaders do more without adding headcount
Unlock the potential of AI in public governance with our comprehensive guide designed for clerks, city administrators, and governance teams. Learn to streamline agenda preparation, enhance compliance, and create a transparent workflow that aligns elected officials and staff on responsible AI use. Download now to transform your public sector operations in just 90 days.
Announcing the 2026 Diligent Elevate Award Winners
Celebrate the groundbreaking leaders transforming governance, risk, and compliance at the 2026 Diligent Elevate Awards. Discover how nine exceptional winners and over 50 finalists are leveraging AI-powered innovation to redefine oversight, enhance decision-making, and inspire lasting impact in their organizations.
AI action plan worksheet for GRC leaders
Unlock the potential of AI in governance, risk, and compliance with this practical 90-day action plan worksheet designed for GRC leaders. This guide helps you assess AI maturity, prioritize use cases, and establish essential guardrails, ensuring a structured and accountable approach to AI implementation in your organization. Download now to transform AI discussions into a clear, actionable strategy.
