Skip to content

Exclusive workshop with Michael Rasmussen

Risk and control by design: Navigating Provision 29 of the UK Corporate Governance Code.

Thursday, 4 September 2025 | 10:00am-4:00pm BST

The Clubhouse, 8 St James's Square, London SW1Y 4JU

The upcoming implementation of Provision 29 in the UK Corporate Governance Code marks the most significant regulatory change in over a decade.

Boards of UK-listed companies must now affirm the ongoing effectiveness of both their risk management and internal control frameworks, and report on them with clarity, confidence, and accountability starting in 2026. 

Protecht invites you to a special session with internationally renowned GRC expert Michael Rasmussen, designed to help you cut through the complexity and understand what these changes mean in practice.

We will explore how to create an agile, business-integrated approach to risk and control management that aligns with corporate objectives, empowers decision-makers, and withstands scrutiny from boards, regulators, and investors alike.

You'll leave with a clear understanding of Provision 29 and how to embed it in your organisation’s risk and control frameworks.

Spaces are going quickly: don’t miss your chance to join us.

Presenters

Michael Rasmussen

GRC Pundit, GRC 2020 Research

What you will learn

Through expert-led sessions, peer collaboration, and hands-on activities, attendees will:

  • Understand the strategic implications of Provision 29, and how it differs from other global frameworks (e.g., SOX), focusing on ongoing effectiveness not point-in-time compliance.
  • Build a risk-informed internal control framework that supports strategy, performance, and operational resilience.
  • Explore how to embed risk management into business operations, not just within risk or compliance functions.
  • Learn to identify and assess material risks and controls, clarify ownership, and establish meaningful accountability across the three lines of defence.
  • Evaluate how to architect the information and technology infrastructure to enable continuous monitoring, real-time insights, and integrated assurance.

Who will benefit?


This workshop is essential for senior leaders, board advisors, GRC professionals, internal control managers, risk and compliance officers, and audit personnel seeking to proactively respond to the updated UK Corporate Governance Code.

Agenda overview

Session 1: What is Risk & Control by Design?

  • Understanding risk and internal control in the context of business strategy and operations
  • Unpacking Provision 29: board accountability, assurance requirements, and risk/control effectiveness
  • How risk and control intersect across governance, compliance, and performance
  • Workshop exercise: Mapping Provision 29 into your organisation

 

Session 2: Breaking Down Silos – Building a Federated Model

  • Creating an integrated view of risk and internal control across the enterprise
  • Designing collaborative risk/control governance structures (e.g., Risk & Control Committees)
  • Aligning risk and control functions across the three lines of defence
  • Workshop exercise: Creating your federated risk and control blueprint

 

Session 3: The Risk & Control Lifecycle – From Identification to Assurance

  • Risk-informed control design: top-down strategic risks and bottom-up operational insights
  • Control rationalisation: reducing duplication and aligning controls with material risks
  • Assurance strategies for Provision 29: continuous monitoring, independent validation, and reporting
  • Workshop exercise: Designing a control lifecycle aligned to risk

 

Session 4: Architecting for Visibility, Agility, and Accountability

  • Information and technology architecture for risk and control management
  • Defining a risk and control taxonomy with business relevance
  • Reporting on effectiveness: dashboards, metrics, and board-level insights
  • Workshop exercise: Developing an integrated risk and control information architecture
Return to top

About the presenters

GRC Pundit, GRC 2020 Research

Michael Rasmussen is an internationally recognised pundit on governance, risk management, and compliance (GRC) – with specific expertise on the topics of GRC strategy, process, information, and technology architectures and solutions. With 30+ years of experience, Michael helps organisations improve GRC processes, design and implement GRC architectures and select solutions that are effective, efficient, and agile.
Connect with Speaker on Linkedin