Provision 29 and the Trust Deficit: How UK Boards Can Convert a High-Stakes Declaration into Credible Assurance

UK Corporate Governance CodeProvision 29Internal Control
Written By Samantha "Sam" Jones

Provision 29 of the UK Corporate Governance Code 2024 requires boards to monitor and review the company’s risk management and internal control framework, then state in the annual report how that review was performed, declare whether the company’s material controls were effective at the balance sheet date, and describe any material controls that were not effective and the remediation taken or planned. The Provision applies for financial years beginning on or after 1 January 2026 and covers material controls across financial, operational, reporting and compliance domains. There is no mandatory external assurance, and the requirement operates on a comply or explain basis.   

Samantha "Sam" Jones

Samantha “Sam” Jones is the lead research analyst for the IRM Navigator™ series and a core contributor to The RiskTech Journal and The RTJ Bridge. As a digital editorial analyst, she specializes in interpreting vendor strategy, market evolution, and the convergence of technology with enterprise risk practices.

As part of Wheelhouse’s AI-enhanced advisory team, Sam applies advanced analytical tooling and editorial synthesis to help decode the structural changes shaping the risk management landscape.

Sign up to read this post
Join Now
Previous

IRM OnWatch: Signals Include Embedded AI Controls with ServiceNow, IBM and Hyperproof
Next

The EU’s AI Code of Practice: Compliance, Operating Implications, and the Role of Integrated Risk Management