Julia Hanbury

Senior Marketing Communications Manager

Modern Governance Summit 2023 day 2 highlights

Effective governance, risk and compliance (GRC) increasingly relies on having the right technology to deliver clarity to an organization’s leaders. More than 600 attendees of Diligent’s Modern Governance Summit 2023 are exploring what this means in practice and how they can help their organizations accelerate success with best-in-class GRC and ESG programs.

Below are key highlights and takeaways coming out of day two of the conference, including best practices for navigating today’s rapidly evolving risk landscape, how to harness the power of AI, preparing your ESG program for disclosure mandates, and what the 2023 proxy season tells us about 2024 and beyond.

In case you missed it, here are our highlights from day one. 

Risk evolution: What’s next and how do you respond?

Presented by:

• David Metcalfe, CEO, Verdantix
• Anthony Pugliese, President & CEO, IIA
• Dominique Shelton Leipzig, Partner, Mayer Brown
• Renee Wynn, Former CIO, NASA & Deputy CIO, EPA

Risk is evolving rapidly and unabating. This engaging session, moderated by Renee Murphy, featured valuable stories from leading industry experts and thought leaders on how to manage risk to elevate purpose. Metcalfe shared insights on how to avoid an ESG crisis, while Shelton Leipzig explained the critical need for governance of AI and preserving digital trust. Pugliese explored the top emerging risks of AI, and Wynn shared stories on the final frontier for cybersecurity and lessons for planet Earth.

Key takeaways:

On AI:

• Trust is vital to how we operate every day. AI needs to be risk ranked and leaders and their boards should be educated and aware of high-risk AI. Human oversight is critical — organizations will need dedicated teams to manage and have oversight over AI, including test monitoring and auditing AI for factors like disparate impact and bias.

- Dominique Shelton Leipzig, Partner, Mayer Brown

• AI is the fastest deployed technology in human history, and it has incredible potential. For example, using it to understand what animals are saying when they communicate, the use of AI in cancer research, or in the James Webb telescope. But it has a lot of errors and bias because humans touch it — it is still a proverbial black box. The three highest risks of AI are inaccuracy, cyber implications and the threat of regulation.

- Anthony Pugliese, President & CEO, IIA

On cyber risk:

• Every capability that we have for innovation can be used for both good and bad. By understanding that you are vulnerable, you can take actions to protect yourself as well as your business. In particular, cyber security mitigation is critical. Building resiliency requires training your teams, identifying critical IT assets and protecting them, fully understanding all operations, patching your systems, watching what your organization buys, and using multi-factor authentication to minimize user name and password vulnerabilities.

- Renee Wynn, Former CIO, NASA and Deputy CIO, EPA

On ESG and sustainability:

• Sustainability and ESG risks are the biggest risk category for many organizations. Climate crises are inevitable for nearly every organization, regardless of where they are located. GRC professionals need to take the initiative in mitigating these risks, because there are so few people in their organization thinking about how to build and maintain resiliency. Think of the value of using digital technologies, like ESG risk management software, to support your ESG program.

- David Metcalfe, CEO, Verdantix

Unleashing the power of AI: Harnessing language models for local government, schools & nonprofits

Presented by:

• Richard Barber, CEO and Board Director, Mind Tech Group
• Dominique Shelton Leipzig, Partner, Mayer Brown
• Ari Ioannides, Board Member, Park City Institute
• Nonie Dalton, VP, Product Management, Diligent

With the rapid advancements in language models like ChatGPT, leaders and administrators now have access to powerful tools that can streamline their daily tasks and improve overall efficiency. In this session, Allen, Dalton and Ioannides explored the untapped potential of AI specifically for K-12, local government and nonprofit organizations and provided actionable insights for how administrators can leverage these technologies to transform their day-to-day operations.

Key takeaways:

• There are numerous benefits to using AI in the public and nonprofit sector. Providing summaries of long form documents, marking tests, drafting policies — even creating plans for events. AI can act as a virtual assistant, creating first drafts and answering queries.

• Two main challenges of AI pertain to governance and risk. Ultimately, the board and leadership are accountable to the risks of using AI. Lack of direction from management and the board can create problems when it comes to knowing what security measures to set around AI. Meanwhile, protecting data and privacy (particularly when children are involved), inevitable regulations and bias are all risks organizations need to look out for. The board should put an AI framework in place that includes strategy and policy, to use as a starting point when considering potential risks and benefits.

• To start using AI as safely as possible, boards need to be given a technical briefing based on the AI use cases an organization is considering. They then need to decide if any of these use cases are in a prohibited bucket. Are any of them high risk, and if so, what is the mitigation strategy? Discuss this both at the operational level and the board level.

Learn more about how Diligent is utilizing AI to empower organizations to gain insights while accelerating workflows, increasing efficiency and ensuring a higher level of accuracy here.

ESG & audit: Is your program audit-ready?

Presented by:

• Joyce Cacho, CEO & President, Adinura Advisory Services Inc.
• Kate Wiese, Senior Manager, ESG & Sustainability, Deloitte
• Renee Murphy, Distinguished Evangelist, Diligent

Non-financial disclosures are becoming just as important as financial disclosures, with their quality and accuracy requiring similar levels of oversight. This session, moderated by Murphy, outlined how organizations can best ensure their climate disclosures are audit-ready.

Key takeaways:

• Many organizations consider ESG from a compliance perspective, not a risk perspective. But lately, ESG has gone from an “alphabet soup” to ISSB standards, and now it needs to be tied to international financial reporting. The board of directors needs to see that not only has ESG data been assured, but that it has been connected to the organization’s strategy and to its financial numbers. Winning companies do not operate at the minimum level of ESG compliance. They’re keeping an eye on ESG financials and creating their own data.

• Board members have a legal mandate due to their fiduciary duties, so they rely on collaboration between operational teams to connect the dots and provide answers backed by data. For example, where are social issues showing up in your organization’s impact statement, in your balance sheet? If the board can’t make that connection, they are putting themselves at risk, and that means there is more work to be done.

• Where the transformation happens is when ESG becomes, simply, the way of doing business. For it to become the way of business, organizations must recognize that the boardroom is the last safe space for the intersection of those three letters, “environmental,” “social” and “governance,” and to have discussions with management on how they plan to operationalize ESG.

Make an impact: Compliance reporting to the board

Presented by:

• Cindy Moehring, Former COO of Walmart, Current Founder & Executive Chair, Pyxus Inc.
• Kim Yapchai, Chief ESG Officer, Tennoco
• Tom Fox, Founder of the Compliance Podcast Network

Fox, Yapchai and Moehring provided an in-depth look at best-in-class compliance metrics and key performance indicators (KPIs) for effective board reporting. Their discussion provided valuable insights on presenting and articulating these metrics during board meetings to provide decision-makers with timely and contextual information.

Key takeaways:

• The number of regulatory requirements impacting the board is growing. If you are just getting started on setting a compliance program, it's important to focus on the framework and to partner with front-line leaders to make sure compliance is baked into operations. It's no longer enough to “have a program on paper." Organizations need to use software to get better and more efficient at monitoring and reporting.

• When it comes to reporting to the board, they don’t need all the data and metrics. They need to understand the risk assessment and the story behind the numbers. The story isn’t a one-time event, either. It’s a book with multiple chapters, and it is the job of the compliance practitioner to update the board on how the story develops.

• There should be a direct line of communication between the board and the person running your organization’s compliance program. Otherwise, the board may question the maturity of the program and how it relates to peers. Using a platform like Diligent to communicate easily with the board when risks or issues arise is important – it provides a secure way to communicate and helps eliminate multiple phone calls.

Proxy season recap: Retrospective on 2023 & what to look for in 2024

Presented by:

• Shaun Mathew, Partner, Kirkland and Ellis
• Bob Marese, President, MacKenzie Partners
• Steven Balet, Partner, Strategic Governance Advisors
• Dimitri Zagoroff, Senior Editor, Global Content, Glass Lewis
• Josh Black, Editor in Chief, Diligent Market Intelligence

Activist investors gained strong momentum in the 2023 proxy season, with 403 U.S. companies subjected to activist demands in 2023, compared to 362 in the same period in 2021. This panel explored the key trends coming out of the 2023 proxy season, the impact the new universal proxy and executive compensation disclosures mandates are having on organizations, and how boards and leadership can align, not only with shareholders but also with market sentiment, on the risks and opportunities that present themselves.

Key takeaways:

• It’s important for boards to ensure they are not overreacting to changes ahead of the next proxy season. The changes around proxy voting in 2023 weren’t revolutionary. The new guidelines merely shifted the focus away from “which shareholder should be on the board?” to “who is right?” To preempt activist concerns, some boards had put too many restrictions on making voting requests which did not work out in their favor.

• When an activist is on the board, the longevity of the CEO drops by half. Making sure you are getting feedback from your shareholders is critical, as it often mirrors that of activists. Ensure you can communicate to your shareholders what actions you are taking to correct those criticisms: for example, how ESG initiatives connect to your organization’s risk management strategy.

• Leadership should view proxy statement documents as marketing materials for shareholders — these should communicate exactly what your shareholders need to know about the initiatives the organization is working toward.