← Back to all briefings
Governance 5 min read Published Updated Credibility 96/100

Governance Briefing — ASX Corporate Governance Principles 5th edition

The ASX Corporate Governance Principles 5th Edition apply from 1 July 2025, demanding evidence-backed board oversight of culture, sustainability, cyber risk, and disclosure controls under the refreshed ‘if not, why not’ regime.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: The ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations (5th Edition) apply to reporting periods commencing on or after 1 July 2025. While the framework remains “if not, why not,” investors and the ASX will expect robust evidence that listed entities are governing culture, sustainability, and technology risk with greater formality. This note outlines the governance enhancements, documentation packs, and reporting workflows directors need to demonstrate compliance from day one.

Board accountability and governance map

Confirm a governance map that allocates responsibility for each of the refreshed eight Principles to board committees and accountable executives. Principle 1 now expects the board to define and monitor company purpose, values, and desired culture through measurable indicators. Principle 3 expands stakeholder expectations on sustainability, human rights, and modern slavery. Principle 7 brings cyber resilience and data ethics explicitly into the risk oversight remit. Boards should evidence formal delegations, reporting lines, and committee charters that reflect these updates, endorsed in minutes prior to the FY2026 reporting cycle.

Policies and control framework updates

Update the suite of corporate governance policies—code of conduct, whistleblowing, securities trading, anti-bribery, diversity, sustainability, and climate governance—to align with the 5th Edition emphasis on integrity and accountability. For each policy, maintain approval records, review cadence, and links to supporting procedures. Document how the entity implements Principle 8 on remuneration fairness, including clawback mechanisms, malus triggers, and ESG-linked metrics. Ensure policies cross-reference regulatory requirements such as the Australian Climate Reporting regime, privacy laws, and modern slavery reporting so disclosures remain consistent.

Culture measurement and reporting

Principle 1 requires the board to monitor the alignment between stated values and employee behaviour. Build a culture dashboard that aggregates insights from engagement surveys, conduct investigations, whistleblower data, exit interviews, and audit findings. Define thresholds for escalation and integrate culture metrics into board risk reports each quarter. Document actions taken to address culture risks, such as targeted training, leadership changes, or incentive adjustments. Capture evidence of board challenge—minutes should note questions asked, scenarios explored, and decisions about remediation or further assurance.

Sustainability and stakeholder governance

Principles 3 and 7 reinforce expectations that companies identify and manage material environmental and social risks. Integrate climate risk scenario analysis, nature-related risk assessments, and supply chain due diligence into the risk management framework. Maintain registers that show key sustainability risks, controls, and performance metrics with clear data ownership. Evidence board oversight of sustainability targets, transition plans, and stakeholder engagement strategies. Where the company claims alignment with standards such as TCFD, ISSB, or the Australian Climate Reporting regime, keep cross-reference matrices in the evidence pack demonstrating mapping between disclosures and board deliberations.

Cyber, data, and technology governance

Principle 7 explicitly references technology and cyber resilience. Boards should confirm that the risk appetite statement contains quantified cyber risk tolerances, such as acceptable downtime, data loss thresholds, and ransom payment policies. Ensure there is a cyber oversight protocol detailing frequency of briefings, incident escalation steps, and independent assurance. Maintain evidence of penetration tests, tabletop exercises, and remediation tracking. Where the company relies on artificial intelligence or advanced analytics, document ethical use frameworks, model risk controls, and board education sessions to support transparent disclosure.

Internal control and assurance coordination

Principle 4 emphasises the integrity of corporate reports. Map financial and non-financial reporting controls, highlighting key controls over ESG metrics, climate data, and sustainability narrative statements. Ensure management attestation processes include sub-certifications from data owners and clear sign-off workflows. Coordinate internal audit, risk, and compliance coverage plans to test these controls ahead of FY2026 reporting. Maintain an assurance map in the evidence room so directors can demonstrate the breadth of testing performed and how issues are remediated.

Disclosure controls and ASX engagement

Refresh the continuous disclosure policy to account for the new focus areas, specifying triggers for sustainability or cyber-related disclosures. Implement a disclosure committee schedule that includes pre-board briefings on material announcements, evidence of decision making, and records of ASX engagement. Ensure investor relations scripts and Q&A documents align with board-approved messaging. Build a disclosure log capturing announcement rationale, authorisations, and post-event reviews to show control effectiveness.

Evidence pack architecture

Create a central governance evidence room structured around the eight Principles. For each Principle, include: policy documents; board and committee papers; dashboards; assurance reports; stakeholder engagement summaries; and case studies illustrating application of the “if not, why not” approach. Tag documents with metadata for creation date, owner, and review cycle. Maintain linkage between evidence items and disclosure statements in the annual report to prove completeness and accuracy during ASX or investor reviews.

Reporting workflows and cadences

Align management reporting with board cycles. Monthly executive committees should review culture and conduct metrics, ESG performance, and risk dashboards to prepare for quarterly board discussions. Provide the board with integrated reports combining financial, operational, sustainability, and cyber metrics. Implement workflow tools that track paper preparation, executive sign-offs, legal review, and distribution timelines to directors. After each board meeting, log action items, responsible owners, and due dates in a governance tracker that feeds back into the evidence pack.

Stakeholder engagement and communications

Document how the company engages shareholders, employees, suppliers, and communities on governance matters. Maintain records of investor briefings on sustainability strategy, employee town halls on culture, and stakeholder consultations on human rights impacts. Summaries should capture questions asked, commitments made, and follow-up status. Boards should review these insights to inform governance decisions and ensure disclosure consistency.

Board capability and evaluation

Assess whether the board collectively possesses expertise in sustainability, digital risk, remuneration, and stakeholder governance. Update the board skills matrix, referencing development plans and recruitment actions to address gaps. Schedule continuing education sessions with external experts on the 5th Edition expectations, Australian reporting reforms, and global investor priorities. Incorporate questions about governance effectiveness, culture oversight, and risk reporting into the annual board evaluation process, capturing resulting action plans in the evidence room.

Next steps before FY2026 reporting

Before 30 June 2025, finalise policy updates, approve revised committee charters, and complete dry runs of enhanced dashboards. Conduct an assurance review of sustainability and cyber reporting controls, documenting remediation commitments. Prepare a mock “if not, why not” disclosure pack demonstrating how evidence supports each recommendation. Brief the board on outstanding gaps, resource needs, and investor messaging to ensure a confident, transparent first year under the 5th Edition framework.

Timeline plotting source publication cadence sized by credibility.
2 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Governance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • ASX Corporate Governance Council
  • 5th edition principles
  • Board oversight
  • Culture and sustainability
Back to curated briefings