Corporate Risk Management by Design: Navigating Provision 29 of the UK Corporate Governance Code

Designing Business-Integrated Risk and Control Frameworks

Provision 29 places new requirements on boards to attest to the effectiveness of risk management and internal controls while providing evidence of that assurance. This full-day program brings together internationally recognized GRC authority Michael Rasmussen, CRISAM GRC practitioners, and real-world case insights from Nordex to demonstrate how to design governance, risk, and control systems that are practical, auditable, and embedded in day-to-day decision-making. Participants will leave with a clear, actionable understanding of what Provision 29 requires in practice and how to operationalize it across organizations.

Why Attend

The introduction of Provision 29 fundamentally changes expectations for how boards demonstrate risk and internal control effectiveness. Organizations need practical frameworks for evidencing assurance while integrating risk and control processes into business operations. This comprehensive workshop provides structured blueprints, templates, and implementation lessons from large-scale deployments, enabling participants to translate regulatory requirements into operational reality while building board confidence and stakeholder trust.

Key Learning Outcomes

Participants will gain practical strategies for Provision 29 implementation:

• Regulatory Requirements: Understanding how Provision 29 changes expectations for risk and internal control effectiveness statements

• Design Principles: Learning design principles for business-integrated risk and control frameworks that support operational decision-making

• Evidence and Assurance: Developing practical approaches to evidence gathering, assurance mapping, and board reporting

• Strategic Alignment: Aligning risk and control processes with strategy execution, performance management, and accountability structures

• Implementation Insights: Gaining lessons from global rollout of CRISAM GRC at scale, including practical challenges and solutions

Practical Outcomes

Participants will take back immediately applicable resources:

• Implementation Blueprint: A structured framework for embedding Provision 29 requirements in existing risk and control architectures

• Effectiveness Templates: Draft effectiveness statement template and example assurance map for board attestation

• Reporting Checklist: Practical checklist for board reporting and evidence readiness verification

• Rollout Lessons: Implementation insights from large-scale CRISAM GRC deployment experiences

Who Should Attend

This workshop is designed for board members and company secretaries, Chief Risk Officers, Chief Financial Officers, Chief Operating Officers, Heads of Risk, Internal Audit, Compliance, and Internal Control, Enterprise Architects, Transformation Leaders, and Risk and Control Owners responsible for implementing and operating governance frameworks.