With the arrival of the updated UK Corporate Governance Code 2024, the CEO of RiskSmart, Ryan Swann, takes us through exactly what Provision 29 of the updated guidelines demands and how to comply with it without losing sleep.
Let’s break it down.
Key changes
The UK’s updated Corporate Governance Code 2024 introduces several key changes, with Provision 29 being one of the most significant. This provision places an increased emphasis on internal controls, requiring boards to formally declare the effectiveness of their risk management and internal control systems. But what does this mean in practice, and how should firms respond?
Looking for a better way to tackle new governance, risk and compliance challenges? Learn more about RiskSmart, the GRC platform that helps you get an overview of your controls and their effectiveness in less time than it takes to make a coffee.
What does Provision 29 require?
Provision 29 requires boards to confirm, in their annual report, the effectiveness of internal controls over financial reporting, operational processes, and compliance. This aligns the UK’s governance framework more closely with Sarbanes-Oxley (SOX)-style requirements seen in the US, placing greater accountability on directors for ensuring robust internal controls.
Key points of Provision 29 include:
- A board-level declaration on the effectiveness of internal controls.
- Regular review and evaluation of risk management frameworks.
- Enhanced transparency in reporting on risk and control deficiencies.
- Greater accountability for boards to identify and mitigate emerging risks.
Practical steps for firms to take
With these new requirements, firms must proactively strengthen their internal controls. Here are some practical steps:
1. Conduct a comprehensive review of internal controls
Boards should assess existing control frameworks, ensuring they cover all key risks, including financial reporting, cyber security, operational resilience, and compliance. Regular audits and assessments will help identify gaps before they become material issues.
2. Enhance risk management and reporting processes
- Establish clear reporting mechanisms for control failures.
- Implement real-time monitoring of risks.
- Ensure board members receive regular updates on key control issues.
When do you know it's time to upgrade or switch your risk management and reporting tools? Every company's GRC needs are unique, but if you've experienced some of these 7 signs of needing better software, it might be time to upgrade.
3. Increase board oversight and training
Directors should undergo ongoing training on risk management best practices and governance expectations. Consider establishing an Internal Controls Subcommittee to focus on compliance with Provision 29.
4. Strengthen documentation and assurance processes
Implement formal control testing to validate effectiveness.
Maintain clear audit trails and documentation for regulatory scrutiny.
Engage external auditors to provide independent assurance where necessary.
5. Leverage technology for better risk management
Investing in governance, risk, and compliance (GRC) technology can streamline control monitoring and reporting, helping firms to quickly identify and mitigate risks.
To learn more about finding the right GRC tool for you, check out our Buyers Guide to Risk Management Software or get in touch to speak to one of our experts.
Get in touch with RiskSmart's experts
Provision 29 marks a significant shift in UK corporate governance, placing a greater onus on boards to ensure internal control effectiveness. RiskSmart's platform can help firms achieve compliance by providing real-time risk monitoring, automated reporting, and seamless documentation to support board-level declarations.
With RiskSmart, organisations can identify and mitigate risks efficiently, ensure robust internal controls, and simplify compliance processes. By leveraging cutting-edge technology, firms can confidently navigate evolving governance expectations while enhancing overall risk resilience.
.jpg?width=50&height=50&name=1659990224578%20(1).jpg)
Comments