For audit and compliance teams, the pressure to keep up with regulatory change is relentless. New mandates, evolving standards, and expanding global operations mean a constant influx of information. But the real challenge often lies in what comes next: translating those changes into actionable, audit-ready controls.

That’s where the process breaks down. Drafting new controls is time-consuming, manual, and often inconsistent — especially when teams are already stretched thin. This creates critical control gaps, leaving organizations vulnerable to non-compliance and increased risk exposure.

Diligent’s AI Control Generation uses artificial intelligence to automatically draft new controls when gaps are identified — saving time, reducing manual work, and helping teams stay ahead of change. Below, we’ll break down how it works, what makes it different, and how it supports audit and compliance professionals in their day-to-day work.

AI Control Generation automatically drafts new controls when gaps are identified in your compliance framework. It’s the third AI feature in our Compliance Maps suite, following:

AI Regulatory Comparison: This feature highlights key changes between different versions of a regulation, ensuring you understand precisely what's new or modified.

AI Control Mapping: This capability intelligently maps regulations to your existing controls, providing a clear overview of your current coverage and identifying potential overlaps or missing links.

Now, with AI Control Generation, you can instantly fill the identified gaps without the laborious process of starting from scratch. It’s about moving from identification to remediation — and doing it quickly.

Why it matters for audit and compliance leaders

Whether you're a Chief Compliance Officer or a Director of Internal Audit, this feature helps you:

Close compliance gaps instantly: Automatically generate controls aligned to new or updated regulations.

Accelerate compliance readiness: Eliminate the bottlenecks of manual drafting and reduce time-to-compliance.

Ensure consistency and audit defensibility: Use AI-generated language that aligns with regulatory intent and supports a strong audit trail.

Scale without adding headcount: Empower your team to manage more with less, even as regulatory complexity grows.

When a regulation is mapped and a gap is detected, meaning no existing control covers it, AI Control Generation steps in. It drafts a suggested control tailored to the regulation’s requirements, ready for your review and implementation. And because it’s integrated directly into Compliance Maps, it works seamlessly with your existing control library, avoiding duplication and ensuring full coverage.

Now, let’s take a closer look at how this works in real-world scenarios offering practical strategies for you and your team:

1. Instantly generate audit-ready controls for internal auditors

Imagine you’re preparing for a quarterly audit and discover a newly enacted data privacy regulation that isn’t yet covered in your control library. Traditionally, this would mean hours of research, drafting, and internal review. With AI Control Generation, you simply identify the gap, and the system drafts a new control instantly, perfectly aligned to your existing framework and ready for your review. This dramatically cuts down on prep-time and ensures your audits are always based on the most current controls.

2. Ensure comprehensive coverage across jurisdictions for compliance officers

Imagine you’re tasked with rolling out a new policy or business initiative across multiple international jurisdictions, each with its own unique regulatory nuances. Manually ensuring every regulatory requirement is covered, without duplicating existing controls or missing critical local mandates, is a monumental task. AI Control Generation ensures every regulatory requirement is addressed, intelligently suggesting controls that complement your existing library, providing a truly global and consistent compliance posture.

Before vs. after: The compliance transformation

Scalable compliance without added headcount

Purpose-built for compliance professionals

Unlike generic AI tools or large language models, Diligent’s AI Control Generation is purpose-built. It’s specifically trained on regulatory language and designed to integrate seamlessly into compliance workflows. This isn't just smart technology; it’s strategic intelligence tailored for the unique demands of governance, risk, and compliance. It understands the nuances of regulatory text and the requirements of an audit-ready control environment.

AI Control Generation is the final piece in a powerful trio of AI capabilities:

Together, they deliver end-to-end automation—from regulatory analysis to control creation.

AI Control Generation is available now for all customers using Compliance Maps – 

From regulation to remediation: Close control gaps faster with AI

The NextGen Board Leaders program, sponsored by Wilson Sonsini and Meridian Compensation Partners, brings together experts and new public company board members under Chatham House Rule to discuss critical topics in corporate governance.

At a recent Summit, held at the New York Stock Exchange (NYSE), leading experts shared timely insights on the rapidly evolving landscape of executive compensation. Several critical themes emerged that are shaping boardroom conversations and governance practices today.

Boards are sharpening their focus on the structure and competitiveness of executive compensation, especially CEO pay. The goal: ensuring that compensation both attracts and retains top talent while maintaining a clear alignment with the company’s long-term strategy.

Executive transitions have also gained renewed importance, with robust succession planning and carefully structured separation packages rising to the top of committee agendas. These priorities reflect a growing expectation—from investors and other stakeholders alike—for transparent links between pay and performance.

The executive compensation environment is more complicated than ever—particularly for companies outside the S&P 500, including those in the Russell 3000 or recently public companies still maturing their governance frameworks.

The U.S. Securities and Exchange Commission’s (SEC) pay versus performance disclosure rules require companies to explain in detail how executive compensation ties to both financial and non-financial results. This has increased the demand for greater rigor in plan design and heightened pressure to clearly articulate the rationale behind every element of pay.

The widening gap between U.S. and international compensation practices shows little sign of narrowing. Meanwhile, periods of economic uncertainty caused by market volatility, global events like COVID, or shifting trade conditions, continue to complicate the selection and calibration of performance metrics and targets for leadership.

Boards must strike a balance: maintaining credibility with executives while guarding against potential corporate waste claims. Practical strategies include:

Maintaining consistency in financial metrics: Avoid shifting targets unless clearly warranted by changes in business conditions.

Scoping discretion tightly: Where discretion is needed, plan documents should include specific language for “extraordinary events” (e.g., leadership effectiveness during crises), paired with clear documentation of rationale.

Using relative performance metrics where appropriate: Comparing performance to peers, rather than absolute targets, can help isolate executive performance from broader market disruption.

While 'say-on-pay' voting outcomes remain largely steady, with low failure rates, scrutiny continues. Boards face ongoing pressure around:

Responsiveness to prior shareholder concerns

Transparency and discipline remain essential.

Best practices in compensation governance

Excellence in compensation governance hinges on strong processes. Boards are encouraged to maintain clear annual calendars for their compensation committees, ensuring all decisions align with committee charters and mandates.

This proactive approach enables early engagement with investors and proxy advisors, particularly on potentially controversial changes, helping to mitigate concerns before they become significant issues.

As the executive compensation landscape continues to evolve, boards that prioritize clarity, disciplined processes, and stakeholder engagement will be best positioned to navigate future challenges.

The Latest in Executive Compensation Trends: Insights from the NextGen Board Leaders East Coast Summit

This article originally appeared in our July 3rd edition of the Diligent Minute Newsletter. For more insights like these, delivered straight to your inbox, subscribe

Board members have a lot on their minds right now. They currently rank the level of risk U.S. businesses face just below 7 on a scale from 1 (lowest) to 10 (highest), according to the latest 

 by Diligent Institute and Corporate Board Member. Top issues include supply chain and inflation/currency risk, geopolitical fluctuations and changes in the regulatory environment along with widespread concern about the economic risk of tariffs.

These issues add to an already-long list of evergreen threats to a company’s business and bottom line — like a product failure, cyber attack, executive scandal or high-profile lawsuit — along with the aftermath. Too often, a negative headline triggers customer flight, investor panic or both, causing a ripple effect of legal, business and reputational challenges.

With the threat of crisis escalating and evolving by the day, Megan Baier’s session at the 

 was perfectly timed. A partner with Wilson Sonsini Goodrich & Rosati, she shared tips and best practices for crisis management.

The steps shared reflect common sense: Identify the issue, mitigate it and manage the communications. But they’re deceptively difficult to execute well under pressure — which is why boards need to be crisis-ready long before a negative incident breaks out.

Here are five top takeaways shared at the Summit on making that happen.

Key players include legal, audit, PR/IR, and bankers. But don’t get too carried away. Smaller groups typically make faster decisions.

It’s also important to equip team members with clear roles, responsibilities and lines of reporting.

A pre-built playbook should cover likely scenarios and the latest best practices, along with guidelines for reporting, disclosures and getting the word out via social media and other channels.

According to the latest Corporate Director Index, nearly half (47%) of boards are engaging in scenario planning to navigate the current crisis environment. In my opinion, this number should be much higher.

 are an excellent way for crisis team members to master their roles, share feedback and build their muscle memory for an effective response — all in a low-stress environment where mistakes are still learning experiences.

Takeaway 4: Find the line between transparency and protection

When something negative happens, investors, customers, employees and other stakeholders want to know. Competitors, activists, and regulators seek this information as well — but for very different reasons.

For boards, this means conflicting pressures to announce bad news quickly versus waiting to gather more facts.

Also note that different crises trigger different legal obligations, such as:

State notification laws and SEC disclosure requirements for cybersecurity incidents

CPSC or FDA reporting for product safety issues

Restatement requirements for financial irregularities

Whistleblower complaints, insider trading investigations and issues related to stock prices in particular require careful coordination between communication and legal teams.

Each scenario requires tailored legal strategies alongside communications planning, she emphasized.

Finally, an important reminder to directors:

 is a board fiduciary duty, requiring enterprise-wide attention.

Are boards receiving regular reports from management about the risks departments are seeing and actions they’re taking to mitigate these issues?

Do board members know enough about the issues to ask the right questions — and are discussions being captured in board minutes for future reference and guidance?

Are committees receiving regular reports as well in their specialized areas like cybersecurity and audit?

Do committee charters clearly define who’s responsible for overseeing what, to avoid overlap and gaps?

The overarching takeaway is this: Knowing what to expect — and how to respond — when the unexpected happens can keep a board in good standing with investors, customers, regulators and more, even in a year when crisis feels more like business as usual.

Curious about how U.S. boards are navigating today’s business landscape? Delve deeper into the latest 

Want regular access to original research in the field of GRC? Bookmark our 

 for the latest surveys, podcasts and reports.

Diligent

Blog

From regulation to remediation: Close control gaps faster with AI

The Latest in Executive Compensation Trends: Insights from the NextGen Board Leaders East Coast Summit

Your Data Matters