Skip to content

The industry-trusted risk and compliance platform

Prove your internal controls are effective – with confidence under Provision 29.

From 1 January 2026, UK boards must publicly declare that their internal controls are effective. Provision 29 of the UK Corporate Governance Code marks a decisive shift from annual sign-offs to continuous, evidence-based assurance — and many organisations are still unprepared.

With Protecht, you can:

  • Automate control monitoring and testing across risk, compliance, and audit workflows
  • Centralise risk, control, and assurance data in one platform for complete oversight
  • Deliver board-ready dashboards and reports that evidence control effectiveness
  • Embed accountability and transparency across the three lines of defence

Protecht helps boards move from compliance effort to confident assurance, building trust, transparency, and clarity in control effectiveness.

Speak to our Provision 29 specialists today.

About the UK Corporate Governance Code

A governance reform that redefines accountability for UK boards.

Provision 29 of the revised UK Corporate Governance Code (2024) introduces one of the most significant shifts in corporate governance in years. For the first time, boards must not only review internal controls - they must formally declare their effectiveness in the annual report.

This marks a move from static, annual sign-offs to continuous, evidence-based oversight across risk, control, and assurance functions.

Protecht gives boards and executives the tools to make that shift smoothly - providing continuous visibility, testing, and reporting to support a confident declaration of effectiveness.

  • Control assurance: Automate monitoring, testing, and remediation across all material controls

  • Risk visibility: Connect risks, controls, and assurance for a single line of sight

  • Reporting: Generate real-time, board-ready dashboards and declaration evidence

  • Governance: Demonstrate accountability and transparency across all three lines of defence

 

Book Provision 29 consultation

Corp_gov_rounded

How we can help

Meet Protecht. Your assurance partner for Provision 29.

Centralise your risk, control, and assurance management to deliver real-time visibility, evidence, and board-level confidence - everything you need to make your Provision 29 declaration with certainty.

Automated control testing that proves effectiveness year-round.

Replace manual checklists with continuous, data-driven control monitoring. Protecht automates testing schedules, tracks evidence, and flags control exceptions in real time - ensuring your board’s assurance doesn’t stop at year-end.

 

Book Provision 29 consultation

A single source of truth linking risk, controls, and assurance.

Map risks directly to controls and assurance activities across all three lines of defence.
Protecht helps you visualise assurance coverage, identify gaps, and demonstrate how governance, risk, and compliance connect across the enterprise.

 

Book Provision 29 consultation

Board-ready dashboards that turn data into assurance.

Give executives and directors a live view of control status, test results, and emerging issues.

Protecht translates complex assurance data into clear, visual insights that support informed board discussions and confident Provision 29 declarations.

 

Book Provision 29 consultation

Embed accountability and strengthen governance culture.

Provision 29 demands transparency across the three lines of defence.

Protecht embeds ownership at every level, aligning first-line action with board-level oversight, ensuring governance is active, not passive.

 

Book Provision 29 consultation

Be declaration-ready when regulators or auditors arrive.

Consolidate documentation, evidence logs, and remediation plans in one auditable system.

Protecht ensures your evidence trail is complete, consistent, and instantly accessible for external assurance or board verification.

 

Book Provision 29 consultation

Why Protecht

Simplify governance. Strengthen board confidence. 

Protecht empowers boards and executives to meet the UK Corporate Governance Code’s Provision 29 with clarity, evidence, and assurance - all from a single, integrated platform.  

Real-time board-ready visibility

Protecht empowers boards and executives to meet the UK Corporate Governance Code’s Provision 29 with clarity, evidence, and assurance - all from a single, integrated platform.

Purpose-built for Governance Assurance.

Protecht’s risk and control framework is designed for compliance with COSO and ISO 31000 standards - giving you an auditable, structured foundation for internal control effectiveness and board assurance.

Fast, seamless implementation.

Get up and running quickly with proven templates, control libraries, and automated testing workflows built for Provision 29. Protecht’s intuitive setup means you can start capturing evidence and generating reports in weeks, not months.

Purpose built solution

Prove control effectiveness with the platform built for Provision 29.

Protecht ERM enables organisations to meet the new UK Corporate Governance Code
requirements with confidence.

Our integrated risk and control platform helps you automate assurance, streamline
reporting, and provide boards with clear, auditable evidence - all year round.

What’s included:

  • Control monitoring: Automated workflows and evidence logs for continuous testing
  • Governance & reporting: Board-ready dashboards aligned to Provision 29 declarations
  • Assurance coverage: Three Lines of Defence mapping for total visibility
  • Deployment & support: Expert-led implementation, templates, and ongoing advisory
  • Scalability: Designed for listed and regulated organisations of any size

 

Book Provision 29 consultation

 

Dashboard_graphic_2025
Frequently asked questions

Provision 29 made clear.

If you’re preparing for the UK Corporate Governance Code’s new requirements, these are the questions we’re hearing most often from boards, audit, and risk leaders.

Provision 29 is part of the revised UK Corporate Governance Code (2024) and applies to premium-listed companies on the London Stock Exchange. It requires boards to make a formal declaration each year confirming the effectiveness of their internal controls. Many non-listed and regulated firms are also aligning with Provision 29 as best practice for governance maturity.


The new requirement takes effect for financial years beginning 1 January 2026, with the first board declarations expected in 2027 annual reports. That means 2025 is the year to build your control framework, automate testing, and establish evidence collection.

Boards must provide documented evidence that material controls have been monitored, tested, and found effective throughout the year - not just at year-end. Protecht helps you create that assurance record automatically through linked risks, controls, and testing workflows.

Protecht automates control monitoring, testing, and evidence collection, giving boards real-time visibility into control effectiveness. It consolidates risk, compliance, and assurance data into one system - helping boards prepare accurate, auditable declarations that stand up to scrutiny.

You can begin with a readiness consultation to assess your current internal control environment and identify key gaps. Or, if you’re still exploring, download our free eBook How to Prove Control Effectiveness with Provision 29 to understand the steps toward compliance.

 

Comparing your options

Move from reactive, spreadsheet-based compliance to a connected, automated governance system - ready for the Aged Care Act 2024.

 

Capabilities   Manual approach using spreadsheets   Protecht

Incident & SIRS management

 

   Incidents tracked manually, inconsistent categorisation, limited visibility, and no automated escalation.   Real-time logging and automated escalation aligned to SIRS, with full audit trails and reporting.

Compliance & governance reporting

 

   Separate spreadsheets per site; time-consuming updates; high audit risk.   Centralised dashboards and reports showing compliance across all facilities, in real time.

Risk & quality oversight

 

   Disconnected risk registers make trend analysis and board reporting difficult.   Integrated risk framework connecting controls, incidents, and actions to deliver organisation-wide visibility.

Audit readiness

 

   Manual evidence gathering across documents and emails - error-prone and stressful.   Pre-configured, auditable registers with one-click reporting and timestamped compliance evidence.

Workflow & accountability

 

   No clear ownership or task tracking; actions often lost in email.   Automated workflows with defined responsibilities, due dates, and escalation paths.

Data security & integrity

 

   Version control issues and risk of accidental data loss or breaches.   Secure, cloud-hosted platform with role-based access, encryption, and complete audit logs.

Featured eBook

Understand what Provision 29 means for your board.

This eBook breaks down the new UK Corporate Governance Code (2024) Provision 29 and what it means for boards, executives, and assurance leaders.

You’ll learn how to move from annual, paper-based control reviews to continuous, evidence - based oversight that builds trust with investors and regulators.

Download the eBook todayand discover how to strengthen control assurance and prepare your organisation for 2026 with confidence.

 


Download the free ebook

Get started today

Speak to our Provision 29 specialists today.

With Protecht, you get a trusted solution that brings risk, control, and assurance management together in one place - helping boards stay ready for the UK Corporate Governance Code (2024), strengthen oversight, and deliver confidence in every Provision 29 declaration.