Julia Stoyanov

Communications Director

Elevate day 2 highlights

Governance is increasingly becoming an exercise in risk management. Achieving effective governance, risk, and compliance (GRC) requires leveraging the right technology to provide leaders with clear insights. At Elevate 2024, over 650 attendees are diving into how cutting-edge solutions can empower their organizations to thrive in an escalating risk landscape.

Here are the top highlights from day two of the event, including strategies for upholding good governance, leveraging innovative technology to navigate evolving risks, and key trends shaping governance practices for 2025 and beyond.

See highlights from day one and day three of Elevate.

Wirecard: A tale of fraud, whistleblowing, scandal and lessons learned

Presented by:

• Dr. Anastassia Lauterbach Lang, CEO AI Edutainment, Professor of AI and Cybersecurity, AI Edutainment GmbH
• Pav Gill, Founder & CEO, Confide Platform
• Moderated by Felix Salmon, Chief financial correspondent at Axios

How does a global payments company go from outpacing industry growth trends to becoming the center of one of the largest financial scandals in history? This panel gave firsthand accounts from the two insiders, including a whistleblower who exposed Wirecard's massive fraud while facing intense retaliation, legal threats and personal risks. The session highlighted systemic failures, the resilience of whistleblowers, and the broader lessons on governance and accountability.

Key takeaways:

• Early warnings were ignored: Short sellers flagged irregularities as early as 2010, but Wirecard continued to conceal the fraud. Pav Gill, a key whistleblower, discovered more red flags when he joined in 2017, such as manipulated financial results and shady transfers.
• Whistleblower faced hostility: Pav reported issues internally but faced significant pushback and was subjected to threats and personal attacks, ultimately being forced out of the company for refusing to cover up fraudulent activities.
• Board-level failures: Dr. Anastassia Lauterbach joined Wirecard’s board in 2018 and immediately noticed governance issues, such as missing minutes from critical meetings and insufficient oversight. She emphasized the importance of having board members capable of handling a crisis, which Wirecard lacked.
• Press involvement led to action: After internal escalation failed, Pav took the information to the Financial Times. This external exposure led to regulatory action in Singapore, including raids on Wirecard’s offices, highlighting the vital role of the press in bringing accountability.
• Lessons on governance and integrity: Both Pav and Anastassia emphasized the need for individuals in control positions to act on their suspicions and maintain confidence in doing the right thing. For board members, crisis competency and ethical integrity are crucial to preventing future scandals.

Product innovations: Navigate through evolving risk

Presented by Adam Bailey, SVP & Global Head of Product, Diligent

Managing risk in silos with point solutions delivers information that's fragmented, complicated and outdated by the time it reaches leadership. A more comprehensive risk management strategy is needed that helps you gather and organize information faster, so you can establish a view of risk that's timely, clear and complete. Joined by industry luminaries in cybersecurity and AI, Adam discussed the risks facing every organization, and how Diligent is innovating to keep its customers a step ahead of an expanding and accelerating risk landscape.

Key takeaways:

• Holistic risk management is essential: Successful organizations need a comprehensive, unified approach to risk management. Point solutions are no longer sufficient. A single platform, powered by AI, is critical to navigating today’s complex risk landscape.
• AI's role in risk and governance: AI is transformative in governance, risk, and compliance (GRC). Through Diligent AI, Diligent has introduced AI tools to help organizations enhance stakeholder communication and better understand risk, such as AI Inspector, which flags risk areas in board materials, and the AI Meeting Minutes tool, which automates meeting documentation.
• Transparency and AI ethics: As AI becomes more integrated, organizations must implement ethical frameworks for its use. Establishing an AI council or framework ensures responsible AI usage and helps mitigate associated risks.
• Cybersecurity needs modernization: Cyber threats, especially with attackers using AI, are evolving. Phil Venables, Chief Information Security Officer at Google Cloud, joined Adam onstage to emphasize that investing in technology modernization, not just cybersecurity, is key to building resilience and managing interconnected risks.
• Innovations for efficiency: Diligent’s AI-driven tools are designed to streamline workflows and drive efficiency. For example, Diligent’sBoard Book Summary tool summarizes board materials with the click of a button, compares and highlights changes to previous reports and categorizes parts of the document relevant to your background. As another example, Diligent’s CFO Experience Dashboard streamlines workflows by summarizing complex documents and pulling relevant financial data, helping leaders focus on strategic decision-making.

The future of risk management: Cyber, AI and GRC governance

Presented by:

• Phil Venables, Chief Information Security Officer, Google Cloud
• Tom Faraday, Senior Director, Product Management, Diligent
• Charlie Lewis, Partner, McKinsey

This session covered the latest trends, challenges and best practices in cyber risk management, AI applications and GRC software vendor consolidation. Panelists discussed strategies for navigating the evolving cyberthreat landscape, harnessing AI for risk prediction and mitigation, and optimizing GRC software to streamline compliance efforts amidst vendor consolidation.

Key takeaways:

• Risk is increasing globally and security breaches happen all the time – it’s not a question of when or if anymore, it’s how often.
• Silos are breaking down as business leaders see the benefit of a cohesive and all company risk management strategy.
• As a starting point, organizations should identify the core services that makes their business operate and ensure their risk management strategy protects these services up to the most extreme security events.
• Continuous control monitoring is key - review your systems and processes to prevent gaps in your defence.
• AI and large language models are transforming risk management and the stacked productivity benefits from the technology is removing the mundane work for risk management teams.
• As more organizations embrace AI, understanding the inherent risks is important. For example, adopting AI within an organization brings with it potential data governance risk and operational risk and leaders need to think about these broad implications.

Trust through transparency: Harnessing the power of Diligent Community

Presented by:

• Dr. R.J. Gravel, Deputy Superintendent, Glenbrook High School District 225
• Jeff Schaefer, Senior Director, Continuity Brands, Diligent

This session underscored the critical role of transparency in building stakeholder trust. Key insights from the session stressed the importance of enhancing transparency in decision-making processes by providing open access to meetings, information and policy development. Glenbrook High School District 225 have used key transparency features on Diligent Community to support their journey, from their public website with live streamed meetings to policy lifecycle management to goal tracking for strategic plans. The results have been greater feedback, higher participation and increased engagement in their community.

Key takeaways:

• To enhance transparency in decision making, open doors and provide access to information. Open access to how decisions are made, where budgets are being spent and how policy is being developed, builds trust and clarity with stakeholders.
• Reach the community where they are through your public website. This is a one-stop-shop, through a single pane of glass, for stakeholders seeking to develop their awareness of school district activities and engage with their elected officials and administrators. Increase participation and involvement by making it easy for community members to access information, agendas and supporting documents.
• Structured agendas, rich in detail, organized in a manner that makes sense for community members help with transparency and trust. Use of consistent naming conventions to make it easy for the community to find things, they don’t have to go digging for it.
• Streaming your meetings also helps build trust with the public. They can go to your website and see exactly what the board was saying when they discussed an item and made a decision. With Diligent Community and Livestream Manager, the split screen view allows community members to participate in a virtual meeting while simultaneously reviewing related documents and agenda items, enabling active and informed discussions.

Achieving holistic risk management through audit and risk collaboration

Presented by:

• Tom Keaton, Director of Internal Audit, Crown Castle
• Michael Rasmussen, GRC Analyst & Pundit, GRC 20/20 Research
• Sumit Pal, Senior Manager, IT Compliance, Ooma
• Katja Freeman, Solutions Sale Director, Diligent

This session explored the transformative power of collaboration between audit and risk professionals in identifying, assessing and mitigating strategic and operational risks effectively. The panel discussed successful collaboration models, best practices for aligning objectives and working together to enhance risk visibility and strategic decision-making. The benefits of collaboration are enormous: Multiple eyes across risk and audit looking at things delivers greater awareness. Then, with the constant regulatory and legal change organizations face, audit and risk teams can become more aligned and more responsive to changing risks. Organizations can achieve better resilience, as audit will find small issues before they become large-scale risk incidents.

Key takeaways:

• Audit and risk are complementary services. Risk creates the risk framework, and audit tests the framework. Risk implements it and then audit evaluates it. Look at ways to make the whole process efficient and effective so that they are not competing but complementing each other.
• Make sure both audit and risk teams understand that everyone is working toward similar but different goals. Sit down and get everyone marching the same direction. It can be challenging—everyone has different viewpoints and uses different technologies. Showing common ground and how everyone can come together helps deliver holistic risk management and even drive strategic value.
• There needs to be collaboration between risk and the business, vertically up and down but then also horizontally across the organization. Risk and audit are interconnected and interdependent. Collaboration helps provide audit’s perspective, and their insight across company policies and procedures help improve risk’s function.
• Collaboration results in a more resilient organization and better risk intelligence. Solutions such as Diligent also help deliver better risk intelligence and better resilience as a result.