← Back to all briefings

Compliance · Credibility 87/100 · · 2 min read

Compliance Briefing — January 22, 2024

The UK Corporate Governance Code 2024 introduces an internal controls declaration that boards must prepare for financial years beginning on or after January 1, 2026, demanding US SOx-style assurance planning across finance and operational systems.

Executive briefing: The Financial Reporting Council’s 2024 UK Corporate Governance Code, published on January 22, 2024, rewrites Provision 29 so premium-listed company boards must provide a declaration covering the effectiveness of material controls for financial years commencing on or after January 1, 2026. Audit committees, finance, risk, and technology teams now have under two years to map control owners, evidence testing, and align reporting packs with Listing Rule disclosures.

Key compliance checkpoints

  • Board declarations. Provision 29 requires directors to state annually that material controls—including operational, reporting, and compliance systems—were effective throughout the year, with identified weaknesses and remediation disclosed.
  • Assurance frameworks. The Code emphasises using external assurance proportionately; boards must document why they selected internal audit, co-sourced testing, or third-party attestation.
  • Audit committee oversight. Revised Guidance on Audit Committees expects formalised reporting from management on controls scope, testing cadence, deficiency grading, and remediation timelines.

Control alignment

  • Map to UK SOx expectations. Align Provision 29 scoping with BEIS/FRC internal controls consultation responses so finance, IT, and operational systems receive risk-based testing akin to U.S. Sarbanes-Oxley Sections 302/404.
  • Integrate ESG data flows. Where climate and sustainability metrics feed annual reporting, incorporate them into the control inventory ahead of CSRD and TCFD-aligned disclosures.
  • Coordinate with auditors. Engage external auditors early on documentation formats, testing evidence, and reliance on internal audit to avoid last-minute scope disputes.

Enablement moves

  • Stand up a cross-functional steering group linking finance, risk, internal audit, IT, and sustainability to govern the controls programme.
  • Deploy controls management tooling (GRC platforms or enhanced spreadsheets) with workflow, attestation, and evidence attachment to withstand FRC enforcement reviews.
  • Run dry-run board reporting packs in FY2024–2025 so directors can rehearse declaration wording, deficiency escalation, and investor communications.

Sources

Zeph Tech operationalises UK internal controls programmes by unifying control inventories, evidence capture, and assurance workflows so boards can sign Provision 29 declarations with confidence.

  • UK Corporate Governance Code
  • Internal controls
  • Audit committees
  • Provision 29
Back to curated briefings