Skip to content

Downloadable checklist

Provision 29 internal controls maturity checklist.

Provision 29 of the UK Corporate Governance Code requires boards to declare the effectiveness of internal controls. Understanding your organisation’s readiness is the first step.

Protecht's Provision 29 internal controls maturity checklist provides a structured, practical assessment to help you evaluate your control environment.

Whether you're a premium-listed company preparing for the new declaration requirements, or part of a group adopting UK governance best practices, this checklist enables you to:

  • Assess gaps in your internal control environment
  • Strengthen governance and board-level oversight
  • Build confidence in your Provision 29 readiness


The checklist is your starting point. When you’re ready to simplify control management, Protecht ERM provides the integrated solution.

What this checklist covers

This structured self-assessment helps you evaluate your organisation’s internal control maturity and Provision 29 readiness:

  • Benchmark your organisation’s internal control maturity
  • Identify gaps across risk identification, control design, and assurance processes
  • Strengthen board oversight, reporting, and governance culture
  • Align your internal control environment to Provision 29 expectations
  • Build confidence ahead of your board’s internal control effectiveness declaration

Who should use this checklist

This checklist is designed for key stakeholders responsible for governance, risk management, and board accountability:

  • Board members and executives: Gain visibility into your organisation’s internal control readiness
  • Risk, audit, and compliance leaders: Identify gaps and strengthen control design, assurance, and reporting
  • Governance and company secretariat teams: Ensure board-level governance meets Provision 29 expectations
  • Internal control and assurance functions: Benchmark current practices and plan targeted improvements

How Protecht helps

The checklist is your starting point. Protecht ERM helps you manage internal controls more effectively and meet Provision 29 requirements with:

  • A structured control library aligned to COSO and ISO 31000
  • Risk-control mapping to demonstrate top-down alignment
  • Automated testing workflows and structured assurance templates
  • Real-time dashboards to monitor control effectiveness, issues, and remediation progress
  • Clear, auditable evidence to support your board’s Provision 29 declaration

Find out more about Protecht and Provision 29 of the UK Corporate Governance Code.