UK Corporate Governance Code by Design, LONDON

A Blueprint for Risk & Internal Control Effectiveness Under Provision 29

The implementation of Provision 29 marks the most significant shift in UK risk and control expectations in over a decade. For the first time, boards of UK-listed companies must affirm and disclose the ongoing effectiveness of their risk management and internal control frameworks — continuously, in practice and in principle.

In this hands-on workshop, globally recognised GRC analyst and thought leader Michael Rasmussen delivers a structured, practical blueprint for designing and sustaining a modern risk and internal control framework that meets the expectations of boards, regulators, and investors.

WHAT YOU WILL LEARN

• Demonstrate ongoing effectiveness with data, context, and clarity
• Interpret the strategic implications of Provision 29 in the broader governance landscape
• Integrate risk and internal control with strategy, performance, and culture
• Clarify roles and responsibilities across the Three Lines Model
• Design risk and control lifecycles aligned with materiality and business change
• Leverage GRC technology for real-time monitoring and board-level reporting

---

GRC 20/20 Presenter . . .

Michael Rasmussen is an internationally recognized authority, thought leader, and pioneer in the disciplines of governance, risk management, and compliance (GRC). With over 30 years of experience, he is globally known for defining and shaping GRC strategy, processes, and technology. In February 2002, while at Forrester Research, Michael developed the concept of GRC — establishing the foundation for how organizations approach strategy, process, and technology in today’s complex business environment. For this, he is widely acknowledged as the “Father of GRC.”

A trusted advisor to boards, executives, and professionals around the world, Michael has dedicated his career to helping organizations design and implement effective GRC strategies that are aligned with business objectives. His work empowers organizations to be more effective, efficient, resilient, and agile. He is a sought-after keynote speaker, author, and advisor, with his thought leadership influencing legislation, regulatory frameworks, and corporate best practices globally.

Michael is the host of the Risk is Our Business and the Hitchhiker’s Guide to the GRC Technology podcasts, where he leads conversations with global experts exploring the evolving frontiers of risk, resilience, and corporate integrity.

Workshop Host . . .

MetricStream simplifies Governance, Risk, and Compliance (GRC) with purpose-built AI-first Risk, Compliance, Audit, CyberGRC, Third-party Risk, and Resilience products on a single low-code / no-code GRC cloud platform. Trusted by over 1 million GRC professionals across 35+ countries, our industry-specific products and AI agents help businesses successfully manage audits, avoid compliance violations and fines, reduce risk exposure, and strengthen resilience. MetricStream is headquartered in San Jose, California, with operations and offices around the globe. More information is available at www.metricstream.com