Are You Prepared for Provision 29?
Unify risk-to-control mapping, testing, and evidence in one platform, built for the UK Corporate Governance Code.
Make a Confident, Evidence-Backed Declaration
Aryza Unite helps leadership and control owners maintain oversight of all material controls (financial, operational, reporting, and compliance), reduce manual workload, and deliver board‑ready assurance for Provision 29.
- Map principal risks to material controls
- Prioritise proportionate testing with clear materiality criteria
- Monitor control health continuously (KRIs, incidents, exceptions)
- Orchestrate remediation with ownership and SLAs
- Produce concise management information and a declaration support pack
What is Provision 29?
Provision 29 (UK Corporate Governance Code, 2024) asks boards to monitor and review the company’s risk management and internal control framework. An annual declaration must be made, as at the balance‑sheet date, on the effectiveness of material controls. Where effectiveness isn’t achieved, the board should disclose the issue and the actions taken or planned.
At a glance
Scope: material controls across financial, operational, reporting, and compliance areas
Deadline: applies to financial years beginning on/after 1 January 2026
Clarification: broader than financial reporting, requires evidence of effective processes; no external auditor attestation is mandated; “comply or explain”
Built for Provision 29 Leaders and Teams
Aryza Unite brings risk, controls, testing, and assurance into one secure platform. It is designed to support the London Stock Exchange (LSE) listed companies and financial institutions preparing for Provision 29.
✓ 15+ years delivering GRC in regulated industries
✓ Rapid‑to‑deploy, modular rollout
✓ Trusted by banks, insurers, lenders, and wealth managers
✓ Clear oversight of material controls across functions and geographies
✓ Structured evidence for boards, auditors, and regulators
Modular GRC Tools for Provision 29
Choose what you need now. Expand as your control framework matures.
Risk and Control Mapping
Create a defensible lineage from principal risks to material controls. Distinguish primary vs. secondary mitigants and document owners, dependencies, and evidence sources.
Control Effectiveness and Testing
Plan proportionate testing based on materiality and exposure. Capture design vs. operating effectiveness, sample results, exceptions, and management responses.
Continuous Monitoring and KRIs
Stream indicators, incidents, and exceptions into a live view of control health. Trigger alerts and workflows when thresholds are breached.
Issues, Actions, and Remediation
Standardise exceptions and findings. Assign owners and due dates, track status, and ensure durable fixes with verification.
Board Reporting and Declaration Support
Deliver concise MI, trend analysis, and an evidence‑backed declaration support pack – ready for the annual report and external stakeholders.
GRC Digital Twin
Maintain a live model of processes, risks, controls, indicators, and evidence. Run what‑if scenarios and use RTRA to surface emerging issues and prioritise testing and remediation.
Audit and Three‑Lines Coordination
Align first‑line self‑assessments, second‑line oversight, and internal audit activity to reduce duplication and audit fatigue.
Framework and Jurisdiction Mapping
Operate a UK Provision 29 view while mapping to other frameworks (e.g., SOX/CSOX, DORA, ISO, SM&CR) for global consistency.
Are you ready for Provision 29? Speak to us today!
GRC Digital Twin for Provision 29
Aryza Unite can maintain a live digital twin of your GRC landscape – processes, risks, controls, indicators, and dependencies – so you can see how the environment actually operates and how changes ripple across it. This is powered by Unite’s modelling tools and Real‑Time Risk Analytics (RTRA).
What it enables
- A single, risk‑to‑control‑to‑evidence lineage with clear ownership and audit trail — the foundation for a confident, board‑ready declaration.
- What‑if scenarios and control failure modelling to quantify residual exposure and the value of controls, informing materiality and proportionate testing.
- A live model that stays current by integrating KRIs, incidents, and test results, enabling continuous monitoring rather than point‑in‑time reviews.
- Clear, visual MI for boards and executives that connects principal risks to material controls and their performance over time.
Integrated Control Intelligence for Provision 29
Aryza Unite links risks, controls, indicators, test results, issues, and responsibilities into one connected view. This enables:
✔️ Real‑time visibility of material controls
✔️ Consistent materiality criteria and prioritisation
✔️ Streamlined testing and remediation workflows
✔️ Clear ownership and auditable evidence
✔️ BI reporting for boards, auditors, and regulators
Why Aryza Unite for Provision 29?
- Digital twin of your GRC landscape
- Proven in regulated industries
- Modular and fast to deploy
- Trusted by leading institutions
- Supports the full control lifecycle
- Built for integrated, scalable oversight
Aryza’s integrated Practice Suite empowers financial institutions to build resilience and maintain full regulatory confidence across every stage of the client lifecycle. By uniting digital onboarding, perpetual compliance, risk modelling, and comprehensive Governance, Risk and Compliance (GRC) capabilities in a single platform, it delivers the visibility, structure, and control organisations need to manage complexity, reduce operational effort, and embed compliance at the heart of strategy.
Modular, fast to implement, and trusted by leading firms, the suite comprises Aryza Unite, which unifies governance, risk, and compliance; Aryza Validate, offering frictionless, scalable KYC/AML across clients and counterparties; and Aryza Evaluate, which applies IFRS 9 impairment modeling with flexible risk parameter generation.
Ready to Deliver a Confident Provision 29 Declaration?
Talk to a Specialist
"*" indicates required fields