Ready for Provision 29? Why Internal Controls Are Now a Boardroom Priority

Revisions to Provision 29 of the UK Corporate Governance Code bring a new level of scrutiny. The change requires directors of premium listed companies (and those that want to be) to issue a public statement on the effectiveness of their internal controls and risk management framework. It raises expectations on transparency and demands a clearer picture of how organisations manage their most significant risks.

Provision 29 comes hard on the heels of the UK’s Economic Crime & Corporate Transparency Act (ECCTA). In 2025, ECCTA enacted new changes; an offence for failure to prevent fraud, demand for improved verification of directors and greater analysis of company information. This also builds on the UK’s Bribery Act and the Criminal Finances Act of the last decade, showing an ongoing focus on company behaviour and responsibilities in the UK.

The revised Code raises expectations on Board accountability. They will now need to demonstrate they understand which controls are material, how those controls operate and how they map to the organisation’s top risks. While the Code operates on a ‘comply or explain’ basis, the market expectation is clear; change is happening. A recent ICAEW report also highlights the importance of assurance and clarity. ICAEW Corporate Governance and Stewardship Manager, Victoria Geroe, commented that companies need to step up: “techniques that might have worked even five years ago are already outdated” she says.

Companies can comply or explain, but explanations must be meaningful. A well-reasoned explanation might include a start-up with still-maturing controls, but with a credible timeline to meet Provision 29. Boilerplate language will not cut it, and open-ended exceptions are not likely to be allowed, as a decision to depart from the Code must be reassessed and justified every year.

Common activities to meet the requirements include:

• defining what qualifies as a material control
• mapping controls to the company’s principal risks
• running trial declarations to identify gaps

These adjustments reflect a wider realisation that Boards are now expected to stand behind their statements with confidence. To do that, they need reliable data, a clear view of control performance and well-documented assurance activities.

Behind the changes to the Corporate Governance Code is a desire for improved oversight. At Sixthfin, we believe that improved controls are an investment that will drive long term security and stability. Without sound governance, companies face increased exposure to management fraud, breaches of regulatory obligations and decisions that can damage the organisation’s reputation, as well as the bottom line.

It is aimed at Listed companies, but the Corporate Code of Governance is good practice for all organisations. It represents a call for clarity, consistency and evidence at the top of the business, and is an administrative requirement that can support the company’s strategic growth.

For organisations with complex structures or global operations, consistency can be difficult to maintain. Sixthfin provides a common framework for accounting control management, which reduces duplication and improves the quality of reporting to the board. We also support structured assurance. Workflows clarify roles across the first three lines of defence and ensure complete coverage of control testing. Evidence, documentation and remediation activity are recorded in one place, which simplifies internal and external audit work.

Provision 29 will require boards to make a clear, defensible statement about internal controls. At Sixthfin, we give you the tools and visibility to do so. The shift to a more transparent model of governance is significant, but with the right systems in place, companies can meet the requirement with confidence and turn good governance into a strategic advantage.

Sixthfin helps organisations with the accounting data expectations that are required to meet Provision 29. We provide an integrated technology platform that strengthens control oversight, assurance and reporting. Our platform brings risk, control and audit information into a single environment. This replaces fragmented spreadsheets and manual processes with a consolidated view that supports more reliable decision making. Real-time dashboards highlight control performance, identify anomalies and give leadership teams the information they need to assess risk exposure with confidence.

If you’re in need of accurate accounting data, Sixthfin can help. Our technology will improve accuracy, reduce manual effort and build stronger assurance processes.