error
Subscriptions are not available for this site while you are logged into your current account.
close
Skip to main content
Submit RFP

      What challenges are you facing right now?

      Following the FRC’s revision of the UK Corporate Governance Code in 2024, there is a greater need than ever for boards to demonstrate the strength of their material controls. Provision 29 enhances the board’s responsibilities over the internal controls framework and demands transparent and high-quality reporting to support decision-makers, focusing on:

      • Board responsibility for internal controls, including monitoring of the risk management and internal control framework and reviewing its effectiveness
      • All material controls being covered by monitoring and review, including financial, operational, reporting and compliance controls
      • Annual reporting which clearly describes how the monitoring and effectiveness have been reviewed, attesting to the effectiveness of material controls and reporting on material control weaknesses

      We are helping firms understand what these requirements mean in reality, and accelerating their programmes to drive their transformation.

      Our advisory insights

      Regulatory reporting is not simply a box that needs to be ticked
      Read more

      Often overlooked, controls culture is the key to unlock effective risk management
      Read more

      Innovative thinking about controls in your Finance systems transformation will drive benefits and give you a competitive advantage.
      Read more

      With some clever thinking you can take your control environment into the future.
      Read more

      What is Provision 29?

      In UK law, Provision 29 refers not to statutory legislation but to a specific provision of the UK Corporate Governance Code – the set of principals and standards for good boardroom practice in listed companies. In it’s updated form, Provision 29 introduces enhanced expectations regarding internal controls and board-level reporting.

      FAQ's

      • Provision 28 of the 2024 Code explicitly calls out emerging risks when compared to its previous version in 2018. The change here calls for enhanced review and reporting of emerging risks and corresponding controls to mitigate those risks.
      • The changes to controls also signal the Board to include within it’s annual reporting, a description of - (a) how the Board has monitored and reviewed the effectiveness of the control framework, (b) declare the effectiveness of the material controls, and (c) disclose any material controls considered not to be operating effectively, with the actions taken or proposed to improve them and any actions taken to address previously reported material control lapses/gaps.

      The Code states “the Code is applicable to all companies with a premium listing, whether incorporated in the UK or elsewhere. The 2024 Code applies to accounting periods beginning on or after 1 January 2025, with the exception of Provision 29. This provision is applicable for accounting periods beginning on or after 1 January 2026”.

      • Controls are processes, policies, procedures, practices, or mechanisms (whether entity level, manual/management review, automated, and IT dependent) implemented by a company to ensure that set business objectives are met. This is the entirety of controls in a company.
      • Whereas key controls, which is a subset of controls, are deemed critical to the sustenance of the company’s core operations and long-term business objectives and model.
      • While the FRC does not provided a specific definition, in general material controls are a chosen set of key controls that are designed to address material risks that impact the long-term sustainability of company’s business model and is approved by the Board. A material control may consist of one or more key controls (i.e., they operate in aggregate to avert the material risk) and in control nature could be an ELC, MRC, or set of controls which are manual and IT dependent or automated.
      • Note that the “effectiveness declaration” required in the revised Provision 29 of the Code is for weaknesses noted in material controls. 

      • The FRC does not dictate a single definition of material controls, instead it provides views on material controls across multiple publications.
      • KPMG recommends that Boards consider views published by the FRC and establish their own definition of material controls, which will consequently set out the actions necessary to make the declarations of effectiveness.

      Three key steps will provide the Board comfort over the “effectiveness declaration” –

      1. A sound enterprise risk management process which continuously surveys and  identifies internal and external risks.
      2. A sound internal control.
      3. A Board approved industry standardised internal control framework to provide the Board confidence on control coverage and optimisation.

      View pages related to UK Corporate Governance Reform

      The UK has an updated version of its Corporate Governance Code which, under Principle 29, introduced a new board level declaration on material controls effectiveness.

      Our latest thinking is shown below:

      Our people

      Nathan Patten
      Nathan Patten

      Partner, Advisory

      KPMG in the UK

      Nehal Jilka
      Nehal Jilka

      Partner - Controls & Technology Risk Leader

      KPMG in the UK

      Sarah Ward
      Sarah Ward

      Partner - Risk & Regulatory

      KPMG in the UK

      Marina Krumbholz
      Marina Krumbholz

      Partner, Technology Risk

      KPMG in the UK

      Welcome to the KPMG Board Leadership Centre

      Supporting your non-executive career
      Read more
      MTD TEST

      Get in touch

      Discover why organisations across the UK trust KPMG to make the difference and how we can help you to do the same.

      Contact us